
I haven’t looked into email in a while, but I’m pretty sure this is like saying TCP is insecure. Like yeah, if you communicate using plaintext over TCP you are vulnerable but most out of the box solutions nowadays don’t even function that way. You’d have to go write your own application that communicates using plaintext over TCP.
In the same vein, the boxes out there that just run SMTP without any security would be the same way, but most boxes won’t be susceptible to this attack because very few people are running just SMTP.
Disclaimer: I have not read up on SMTP in awhile but iirc, SMTP works with very little verification and is very susceptible to a lot of different attacks by itself.
This is the only real way to do it, the other solutions involve “standards” which more often than not aren’t all encompassing. Make sure that any user input of a country is just them uploading the jpg of their home country without any sort of validationbecausee everyone is loyal to their home country.