>>The most common malware attack vector these days is malformed HTML, either on a web page you visit or in an HTML e-mail you receive. If you have your preview pane turned on, Outlook invokes IE to render the e-mail in the preview pane.
>>So, if you so much as preview a malicious e-mail that contains a zero-day exploit, you get attacked. Much better to delete obvious spam, phishing etc. from the message list without previewing.
Have you tried Thunderbird? The preview panel does not run scripts or download images unless you click "show remote content" for the email. On my machine inline downloads are also turned off, can't remember if I did that or if it was a default. If Thunderbird decides that a post is spam it's even more restrictive- you can't review images or full html at all in the Junk folder.
"... They ne'er cared for us
yet: suffer us to famish, and their store-houses
crammed with grain; make edicts for usury, to
support usurers; repeal daily any wholesome act
established against the rich, and provide more
piercing statutes daily, to chain up and restrain
the poor. If the wars eat us not up, they will; and
there's all the love they bear us."
-- Shakespeare: Coriolanus, Act 1, scene 1
