That should be the default behavior, not a special lock down option that also disables other features.
Why can't they just make it like most email clients? No preview by default, give a banner with an option to explicitly allow a preview for that specific message or conversation?
I tend to agree.
But how does that prevent one from receiving and opening a malicious message?
Because many people know not trust unknown senders.