I lectured about this a few years ago to MBA students.

Email is inherently insecure. You can’t really prove where an email came from.

If your ecommerce, with customers or suppliers, relies on email exchange then you are open to abuse. If someone intercedes a fake email, in with your real emails, how is your customer supposed to know.

One of my customers got embroiled in just such an email scam. They ended up putting an alert on their homepage.

The lesson from this is, don’t rely on email in the first place.

If you want to notify customers, send them a link the a https link, that can be used for authentication of both parties. You’ll see this is how banks do it, a good lesson for us all.