The document discusses why organizations are vulnerable to spoof and phishing email attacks. It notes that most organizations do not have effective defenses against these attacks and will likely experience them at some point. It also examines common misconceptions that cause the threats to be ignored, such as thinking an attack won't happen, being too busy with other issues, and believing defenses are already adequate. The document explores weaknesses that attackers exploit, such as flaws in the SMTP protocol and human factors. It outlines additional obstacles to addressing these threats, such as fears of impacting email flow or business activities. The document concludes there are no simple solutions due to the sophistication of phishing attacks and complexity of email infrastructure defenses.