Protecting our users from dangerous email attachments

Image

One of the ways that bad guys distribute malicious software (malware) is by sending you unsolicited email attachments. Often, those attachments are in the form of container files, like .zip. They do this in an attempt to evade your email provider’s malware scanning system, because many systems do not scan the files inside a container file.

This is especially dangerous for Windows users when the attachment is a .zip file, because when you open the attachment, Windows “helpfully” displays it as a simple folder like any other. The user doesn’t have to know how to manually extract the contents of container files. The user then double-clicks what appears to be a document, image, or video in the folder, and the malware takes over.

In our opinion, this happens way too easily and too often, and, unlike the vast majority of other email providers, we have taken steps to combat it. Our email servers are configured to reject all container files in addition to the usual script, macro, and executable files that everyone blocks.

Our reasoning is as follows:

  • A large majority of users do not send or receive container files by email. Email attachments are usually individual documents or images.
  • Email is a slow and inefficient method of transferring files; it was not designed for this purpose.
  • Email attachment sizes are limited and often insufficient for today’s large media files, whether they are in containers or not. Gmail’s attachment size limit is 25MB, and Gmail owns such a large share of the world’s email addresses that this is the de facto limit across the internet.
  • Everyone these days has easy access to large online file storage and sharing services like Dropbox, Google Drive, Microsoft OneDrive, and Keen Mouse’s equivalent private services. By design, this is a much faster and far more efficient method of sharing files.

When someone attempts to email you a container file as an attachment, they receive an informative error message from our server:

DISALLOWED ATTACHMENT FILE TYPE: Make alternate arrangements with recipient, e.g. Dropbox, Google Drive, Microsoft OneDrive, or other file sharing portal.

An additional benefit of this approach is that malware spammers often automatically drop email addresses from their mailing lists when their message is rejected. Because these mailing lists are constantly bought and sold on darknet markets, your email address may be removed from other spammers’ and scammers’ lists due to our blocking of such messages on your behalf.