Over the years, I seem to have worried quite a bit about email security. I pioneered the practical use of email signing and blocking, back in 2007, which is what culminated in the DMARC standard a couple of years later. If you're not doing DKIM / SPF mail signing, and publishing a DMARC policy, then you're not properly protecting your email channel.
Similarly, most people these days regard strong authentication as a vital component of their overall email security strategy. Again, for entirely obvious reasons, I agree 100% with this. This is why we started FIDO back in 2012, and why its a vital piece of your overall email defenses. So, if you are not using strong authentication (perhaps using U2F) to protect your email channels, again you're not fully protecting it.
But wait, there's more! You still need to have instrumentation as to what's going on in your corporate email stream, and have the capability to reach into that stream and take quite specific actions - typically policy-based - if you see certain types of naughtiness. Open standards aren't going to help you here - rather, you're going to have to buy a tool to do this.
There are few vendors to choose from, and my absolute favorite these days is from Material Security. They raised a pretty large Series B round recently (https://lnkd.in/gAtb5MF), which would indeed lead you to suspect that I'm not the only person who has a lot of faith in them. So, again, if you don't have a tool such as Material Security's (or one of their competitors if you prefer!), you're still not doing email security right.