The original title was "EU Parliament Decides That Your Private Messages Must Not Be Scanned" and it was linked to a different article, I think this comment was written before the title and the url were changed.
Laravel Airlock is my favorite thing about this release. I already started using it for one of my sites, it makes API authentication so much easier than it used to be with Passport.
It can be very difficult to detect a well-spoofed email message even when examining headers (but if you want to learn how, a web search should get you the information you want).
What I do, and strongly recommend to others, is two-fold: First, don't allow your mail reader to render HTML emails. Second, never follow any links in emails, nor trust that any other contact information is correct.
If you get an email from an entity you know, and it is asking you to follow a link or call a number, ignore contact methods/information in the email itself and contact the entity using your already established information instead.
Not OP, but I'm in a similar situation, so I though I'd share my insight, in case you're interested.
I prefer a desktop client because it's more lightweight than a web browser, I can keep it running indefinitely, I don't have to worry about accidentaly closing it and not receiving notifications afterwards. I can also have a dedicated icon in the tray that shows the number of new messages.
