Part of miniating high email security is teaching your users to identity and properly react to malicious emails, while other companies practice a more policy-based approach, by completely blacklisting the malicious group.
This means that you need a strategy that is suitable for your situation, in order to avoid a user to instantly end up in the group, in a totally unpredictable way.
Microsoft’s email service, Exchange, has its own whitelist of accounts that are known as privileged, and those are the accounts that have certain level of administrator rights that must be allowed access to all other privileged accounts. Other, less privileged accounts have a token that can be used for access to other privileged accounts.