If I download a binary from the GMail web interface, the enterprise Outlook web interface, etc., how does Windows know the difference between that binary and a legitimate download received from my web browser? Sure, you get the "This program was downloaded from the Internet" popup (just like OSX), and group policy could dictate that no binaries from the Internet may run, but how is Windows supposed to tell the difference between an email web client and any other file downloaded from the web?

I just saved an attachment from GMail. When I go into the Get Info box (OSX), I can see what URL it came from. I'm sure that Windows attaches similar metadata when it saves attachments.

Maybe something like this could serve as a basis for what you propose. The attachment I saved came from https:///mail-attachment.googleusercontent.com. Maybe the solution is as simple as webmail providers putting some standard hostname in their attachment URL that identifies it as an email attachment.

Unfortunately though, there are legitimate reasons to circumvent this (have you ever emailed yourself something so you could run it on another computer?), so it would only be a matter of time for attackers to figure out the social engineering required to convince people to jump through those hoops.