It goes without saying if you are using outlook for you email disable all scripting.

This can be checked / configured in outlook as follows

Tools -> Options

Under the "Security" Tab

Under Secuirty zones section

Click on the zone settings button next to the zone you have selected

Then click customer level. Scroll down the list of radio buttons and check that you have all ActiveX / Scripting options set to disable.