@mjg59 But if nobody can supply a client that manages to circumvent it, they'll look for a client that runs the app on a server and forwards the UI to the client device.
And if that also doesn't work, then that app or service will just not be used.
If a client wants to have his messages saved to an insecure cloudservice they'll do it either way...
@agowa338 If the app or service isn't used then that's fine! I want to reduce the risk of me sending something to someone over a channel that presents itself as secure but which actually isn't
@mjg59 And I'm not sure how you would ensure that given how enterprises tend to work around exactly that. I mean I've seen how they strip E2E encryption before forwarding the emails to O365 so that they can use the filtering of O365 and forward mails to different mailboxes.
I'd expect them (if they want to use it) to just Citrix-style forward it to devices and record the session server side with OCR...
