They have. For example, many organizations prohibit links in emails that are sent by non-authenticated users, or they create lists of link URLs and block them from being accessed from the corporate network, or add them to the malicious email list.

Ultimately though it’s a cat and mouse game IF you want to be able to send and receive emails, and you want to allow people to link to things in said email. The vector here is always going to have a Person-layer since a sender of email is presumed neutral (or neutral with caution) until proven safe or unsafe, otherwise you take the knees out of the utility of email communication entirely.