Oh neat... so i just have to own the system by sending a bad attachment (containing the malware), and having exfiltration happen via mail attachments. Got it.
I've seen actual near-airgapped systems that communicate by fax as risk reduction. Email-to-fax gateways rendered attachments and such in the DMZ, then dialed into the secure side, the theory being that owning a T1 fax card over the PSTN is much harder than sending a malicious email.