Thats when you reach out to your insurer and ask them their requirements as per the policy and/or if there are any contractual obligations associated with the requirements which might touch indemnity/SLAs. If it does, then it is critical, if not, then its the classic conversation of cost vs risk mitigate/tolerance.

They just are not going to provide insurance to companies who use AI because the liability costs are not worth it to them since they cannot actual calculate risks, it is already happening [0]. Its the one thing that a lot of the evangelists of using AI for entire products have come to realize or they aren't actually dealing with B2B scenarios where indemnity comes into play. That or they are lying to insurance companies and their customers, which is a... choice.

[0] https://futurism.com/future-society/insurance-cyber-risk-ai

Its not a device/MTA issue, SMTP just is not a secure protocol and there is not much you can do in order to 'secure' human communication. Things like spoofing or social engineering are near impossible to address within SMTP without external systems doing some sort of analysis on the messages or in combination with other protocols like DNS.

Sigh... this is real life and I hate it as an American. The Danes had over 50 [1] Danish lives wasted in the NATO mission in Afghanistan and Iraq and this is how we pay the Danes back when they had America's back, paid in blood.

Its so disappointing and tragic.

[1] https://www.bbc.com/news/articles/crmjewpkje9o