As others have pointed out, a Perl solution is complicated, because you have to stop Outlook from doing something. Perl can do plenty of stuff, but stopping another app (that you want to leave open) from doing something is hard. You could put the PC behind an IP-Masquerading firewall and prevent outgoing access to port 80, then run your browser through a proxy, which you could write in Perl (or just use Squid, whatever), but for that you need to run a second system all the time (though it could be an old cheap one).

The other possibility is to run the mail itself through a filter. This means changing Outlook's idea of where to get mail so that it looks on localhost and finds your proxy, which must retrieve the mail from the real server and wash it, removing objectionable content, before providing it to the real client; as a start, you could do something like s/<img.*?\/img>//gi; on all HTML parts. (That probably means your proxy has to grok MIME. I think there's a module for that, though. I think there's also a POP3 module that you could use for retrieving the mail from the real server. Not sure about the other side of POP3 where you have to respond to Outlook.) While you're at it you might want to s/<script.*?\/script>//gi; also, but that still leaves onfoo="somescript()" stuff, and you want to consider images loaded by stylesheets, plus background image attributes, and I wouldn't put money on that being enough either. You're going to end up doing a lot of processing and never knowing quite when you're going to be surprised with a new sort of thing that slips through.

So, how to stop Outlook from doing stuff it oughtn't? That's the rub, because Outlook is exacerbating your problem. (Some might even say Outlook is your problem, but that might be hyperbole; spam is annoying regardless of what software you use.) Not loading remote images in mail messages is such a basic privacy feature that Outlook's getting this wrong should be a red flag, even if you haven't been paying attention the last couple of years to the various other security and privacy flaws that have been uncovered in Outlook at a rate of about one a month. If there is any way you can get her to use a different mail reader... you should. There are a number of choices; "better than Outlook" is not a tough criterion to meet.

If you want a specific suggestion, I usually recommend Pegasus Mail to people who don't mind if it only runs on Windows. It has a very low learning curve, advanced filtering with both simple substring matching and also with regular expression capabilities (though not with the power of Perl regexps) with flow control and a lot of possible actions, and all the basic features, and as an added bonus trying to launch any executable attachment results in a scary warning with the word "virus" in the dialog title and "Cancel" as the default button -- and it doesn't even think about retrieving images from the web. But if you don't like Pegasus, there are lots of other options.

If you do go forward with the proxy thing, it's probably best to proxy the mail (rather than the web). You can do dual action, then: besides dropping entire messages if you are certain they're spam, you also wash possibly-partly-okay messages to remove dangerous items (scripts, image tags, object tags, applet tags, and so on -- I would be tempted to remove HTML parts altogether. Of course, you can also have a whitelist of From: fields that cause the whole message to be passed through unaltered).

 --jonadab