I might be a day late and a dollar short on this one, but... If you create a custom compliance dictionary that applies to everything and contains the strings "<script" and/or "</script>", and then add that dictionary to the "Spam Terms" component of the anti-spam settings for your inbound mail rule, wouldn't that help stop these? That should block anything inbound that appears to contain a script. (Unless you actually do need to receive some messages containing scripts.)
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.
Community Help Hub
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.