[bob1029]

I struggle with how the secure email solutions are inherently more secure than just dumping the pdf or ticket details in the email body.

Every vendor's secure email portal I have ever used was ultimately authenticated using my email account. Any one-time passcodes are sent to the same email. Password recovery? Email. If a malicious user is on my PC or otherwise intercepting my mail, they could access 100% of the solutions I've got access to right now.

[bigthymer]

I always understood it as, the email with link notification thing started as soon as email providers began regularly scanning users' emails. Before then, an email included all the information you needed without having to login to another site.

[Numerlor]

You usually keep old mails around that malware can then silently forward, this is a problem for unencrypted data. To authenticate through email, even if possible, there are hoops the attacker would need to go through and you'd likely be notified of e.g. a password reset mail

[philistine]

We could integrate expiry dates for emails after which they get deleted. That's feasible.

[dvdkon]

I don't think that's true for my bank or Czech government services. Plenty others do practice "security by email", though.