Simplistic but wouldn't just only accepting text based emails as opposed to html based be easiest? Especially in regards to users with more access. No more risk of open/preview emails executing anything.
The main thing people don't seem to realize how vulnerable any system is due to stupid people. Back in the days of AOL being a juggernaut, they had many security systems in place. I remember they had a 6 digit numerical code that changed every minute or so on certain accounts for security at one point for logins. Sounds pretty secure right? Still didn't stop social hackers from getting in.
Mass password crackers would find these specific accounts that required them, loading it as the master account would give a break down of every other sub account under it. Same security measure used on dad's work account as his kids and wife's under him. That was just one flaw but you can imagine it wasn't hard to overcome even something like this with a little work.