Working in this space, I'm convinced that email will eventually evolve from a default "blacklist" model to "whitelist" in the next 3-5 years.<p>There's simply too many bad actors and too many uneducated or uninterested end-users.<p>Microsoft is developing an interim step for this now ('Composite Auth') as part of Office 365 ATP: <a href="https://docs.microsoft.com/en-us/office365/securitycompliance/anti-spoofing-protection" rel="nofollow">https://docs.microsoft.com/en-us/office365/securitycomplianc...</a><p>I hope it helps, at least in the Enterprise space, because I'm tired of playing 'Whack-A-Mole' with business communications.