We‘ve been using S/MIME-based end-to-end email encryption at work for a long time now. It’s a bit of a hassle whenever new employees start, and every two years after that, but it’s manageable. Apart from that, it just works. Why is it never even considered by so many people?

Do you use a private CA or public one? And how do you handle malware and URL scanning? These are the biggest problems from my POV