We have a company that sends us fake phishing attacks every month, logs who clicks on the bad link, and publishes the results of the survey to the CTO.
Seems like a position as important as MP should have something similar set up for their governmental email accounts.
I mean, that all depends on what the MPL allows.