Re: mail client
Trouble is that sometimes people demand that.
I work in a place with 100+ employees. There is a mailing list for when *everyone* needs to know something (e.g. regulation change, site closing, covid, etc.).
As such, one email "name" in Outlook - that group - expands to 100+ people instantly. Include several groups and it grows and grows.
Now, those are strictly internal, but if you're in that pattern of working, then you start to creep outside people in (we have outside-domain people on our list now, for contractors and suchlike). And eventually you get used to using it for everything and use it for outside people.
So you can put all these limits on, people will just turn them off because they stop what they want to do. And you can't whitelist "@domain email only" or whatever, because that won't work either. And you can limit the number of people in an email and then when the boss has to shut the site or send everyone out their covid info to all their outside customers, it'll get turned off because it got in the way when time was of the essence.
This isn't a technological problem. There's plenty of tech to take account of it, and controls in almost any tech capable of doing this. The problem is human, as always.
I know in my workplace, the "everyone" email address is over-used for all sorts of junk, and I've warned about the "feature-creep" of such facilities many times. As people get used to receiving them, and sending them, you'll get misuse of them, then someone will Reply-All by mistake, and you'll have a huge spam problem, then everyone will ignore/filter those emails because they're now junk, then they'll miss an important message, then everyone will get told to read ALL emails, then you'll wonder why nobody has any time, and so on...
My biggest question, for the last 20 or so years, is really: Why are you contacting customers direct by email. Why is the person behind the Send button even aware of their addresses? Under DPA and now GDPR, we've clarified that you need to have access to the information necessary to do your job and nothing more. Does the person who sends out these email *need* to know the email address of every customer? No. They need to have a database with them in, obviously, but they don't need to actually see them unless they are verifying the customer's details.
So why is it not the norm that such things are handled via a CRM, where you send an email to all customers who purchased product X in the last 5 years - you have no need to know who those people actually are, or what email address they've chosen to give you. It's somewhere in the database but you, the person sending the email, don't need to know it. So your Send button should be in the CRM, you need to know how many it's going out to. You or someone else *could* interrogate that list, if necessary, but you shouldn't ever be putting those addresses into a list and then into an email client and then into a To: field or a CC: field. It just shouldn't be done.
It's then trivial to prevent these occurrences, and as a nice side-effect you have a perfect barrier against a rogue agent stealing your customer database, against compromise of a desktop meaning that all your customers are at risk, etc.
I've always said the same about call-centres. Why do they have my full history, addresses, phone numbers, etc. just the second I phoned up? It's not necessary. And they could just have a ton of fields and then literal "request" buttons on a field if they need to see it. Then all the problems with misuse of such databases evaporates.
I'm a proponent of the idea that such workers should really never have anything more than a set text menu of options available to them, not an Excel of email addresses or whatever. Press 1 to amend customer details, Press 2 to view customer orders, etc.
There's no way that someone should be able to get a list of your customers email addresses and just throw it into Word mail-merge or screw up like this.