Re: Windows only; Infection due to continued bad security policy - nothing new
Do NOT allow untrusted executable content
Welcome to Windows. You will like it here.
Only allow plain-text email
That train has already left the station and pretending it's still boarding is disingenious
Strip and quarantine attachments
Do NOT use Adobe Flash
I would but "internal communications" sometimes demands it be used
Sandbox any HTML user-agent in an unprivileged account, that is NOT the same account the users routinely use, and does NOT have access to their user profile
Good idea but no-one is gonna follow that either.