>As it turns out, 81% of the emails containing HTML files with JavaScript are malicious, while only 19% are legitimate.... it’s clear that straight-out blocking HTML attachments with JavaScript is not an option for most organizations, as it would impact important business communication.<p>Oh of course, how dare we suggest companies stop doing sketchy things in their ~spam~ ~marketing~ <i>notification</i> emails that are explicitly trying to get you to click on links full of gobbledygook, training normal users that an ugly and unclear link is an expected form of communication! Nah, we could never tell businesses that sending a link that asks me to click a sketchy looking button to log into my bank account is something that should be discouraged because it makes users used to clicking on phishing emails.<p>Instead, we will just pretend to do stuff while half the company fails the bi-yearly phishing screening, including most of our VPs