Re: Preview pane?
"why would you want to automatically open an email before checking it"
an intelligently designed mail reader will allow you to 'preview' a mail rather than open it, and you'll see all of the TEXT content without activating any HTML-related things, embedded content, external content, nor any kind of SCRIPT.
An unintelligently designed (in need of some real world natural selection) mail reader will display (in the preview) all attached and "rich" content, via the program assigned to EDIT it if it's external to the mail program. You know, like Outlook. This would include things known to have had major problems and vulnerabilities in the past, like MS Office documents, PDF files, Flash, and even certain kinds of images and media (other than flash).
In Thunderbird, use 'View' 'Message body as' 'plain text' to BLOCK that crap. It's not the default setting. But it SHOULD be.
other mail readers, YMMV but preview as plain text ONLY to avoid problems. And no inline images in the preview. And no downloaded content in the preview.
/me points out that a faked-up URL in a phishing e-mail will show up as the ACTUAL link (not what they WANT you to think it is) in a plain-text e-mail. So instead of seeing "yourbank.com" and being fooled into clicking on it, it's "malware.phishing.site/alphabetsoup/whatever/clone-of-your-bank" and rather obviously malicious.