I use a cyber security or anti-virus product that would scan the email during download and prevent execution. If you don't want to rely on something like that, another option is to read emails in text only.

>>Is there a first line of defence that would prevent the email ever arriving?

first line = set up adequate protection and scanning on the mail server perhaps using SpamAssassin, MailScanner and ClamAV (i'm sure there's other options)
second line = anti-virus software on client computer and anti spam plugin for the email client

>>another option is to read emails in text only.

we do this here, every windows computer on the (small) network uses 'the bat' as an email client - which used to be text only, now it can show html emails although text only is the default, it is easy to see a specific email in html if you chose to ... however i must say, text only emails are great so much less cluttered! (and if spam does get through and you do read it, then the sender can't track that you opened it and thus send even more spam!)

First defense is never open anything you don't know.

The only thing that defeats computer based defenses is the nut behind the keyboard.

In my setup all emails first go to a Linux server and stay there until manually examined using a basic email client. Only when the manual inspection approves the email, it is moved to an outgoing folder where it is automatically forwarded to Outlook 365.

The second line of defense is write-only backups. One of the things the ransomware hackers try to do is delete all backups before they start asking for their ransom. I use Amazon S3 for backups and rights have been tailored in such a way that the account used for the backup script is able to write new files, but it is not possible through that account to list them or delete them. The only way to do that is through the AWS console. And that console is protected with 2FA and a chipcard which is in the top drawer of my desk.

@not2easy text reader sounds interesting. ATM my outlook is set up with a preview pane which perhaps isn't wise. In my last place the preview pane was disabled. We have MS Defender which actually has a ransomware section that I have just been looking at.

@topr8 our email comes though office365 - I don't know what they scan with though.

@tangor yes I suppose on the don't open front - but it only takes one person in a company to open and then you are all byorked.

@lammert manual inspection seems - well - thorough, but also time consuming and delaying no?

Incidentally, I see MS Defender has a section on Ransomware Protection.