Most rich email clients (Outlook, Apple, Office 365, Gmail or Mozilla Thunderbird) allow users and developers to automate tasks based on incoming or outgoing emails. Actions allowed by some of the email clients are far more sophistication than others, although almost all email clients allow automatic email forwarding or blocking/deleting future incoming emails based on something in the targeted email. The most functional clients allow any action or coding to be performed that the computer is programmatically capable of.
For example, in Microsoft Outlook, I can tell an incoming email from a particular email address or containing a particular keyword to kick off another program or script (see below):
Outlook on Microsoft Windows is a target-rich environment for hackers, but they can do the same thing to Apple OS X and Linux computers depending on the email client.
For over a decade, hackers have routinely broken into people’s computers (or email clients) and set up malicious rules. These rules forward incoming email to the hacker, block certain types of emails (such as legitimate warnings and confirmations), replace legitimate information on-the-fly, and other dastardly actions. They can create a rule that says to format the device’s hard drive to cover up their tracks if needed in an emergency. In most cases the user doesn’t even have to open up the email; it only needs to arrive in the user’s inbox to activate the rule.