What difference does that make? Just curious since I thought of this as a viable safe idea to generate presigned s3 URL’s and send them by email to customers for a project..
rcme is right though, DANE and MTA-STS are still opportunistic, the sending party must support DANE/MTA-STS to use it. And even still, with both DANE and MTA-STS, you are merely "asking nicely" to use TLS, the sender may still ignore it and use plain text delivery anyway.
The reality is that email is not, and never will be a secure communication channel.
Disclaimer: I have a career in consulting on email hardening.
Feels disingenuous to blame email because a sever is configured to allow any sender to transmit plaintext data. If you're transmitting data you should protect with encryption, and don't use encryption, that's not emails fault. The same could be said about http. If you allow users to submit passwords in cleartext, you're the problem, not HTTP
That is kind of the point of this whole conversation. The products mentioned are sending information over a protocol which does not protect it, which is much like if their password form was HTTP. I don't see anyone blaming email, I see people blaming onedrive and (potentially) openAI.
In terms of communication protocols, "secure" typically it means unauthorized third-parties can't read or modify communication data. Some examples include Hypertext Transfer Protocol Secure (HTTPS), Transport Layer Security (TLS), and Secure Sockets Layer (SSL).
emails are readable by any of the servers in between the sender and the receiver (which generally neither the sender or the receiver has much control over), and if any of those servers don't support encryption of the link between the servers, so can anyone who can read the network traffic between those servers. Emails also cannot generally be verified, and they can usually be tampered with. Really, any security property you might want is absent from email.
