File Attachments Blocked by MailChannels

Updated: September 19th 2025

1. Summary

To protect against malware, phishing, and other security risks, certain high-risk file attachment types are blocked in both inbound and outbound filtering services offered by MailChannels. These files often contain executable code or system components that could harm recipients if opened. Users should share such content using approved file-sharing tools or collaboration platforms instead of email attachments.

📌 Note: MailChannels’ blocked file attachment list is consistent with the security policies of major providers such as Gmail, Microsoft Outlook/Exchange, Yahoo, AOL, Comcast, etc.. For example, Gmail documents similar restrictions in its blocked attachments policy.

2. What’s blocked (file extension list)

The following attachment file extensions are blocked on both inbound and outbound mail:

• ade

• adp

• apk

• appx

• appxbundle

• bat

• cab

• chm

• cmd

• com

• cpl

• diagcab

• diagcfg

• diagpkg

• dll

• dmg

• ex

• ex_

• exe

• hta

• img

• ins

• iso

• isp

• jar

• jnlp

• js

• jse

• lib

• lnk

• mde

• mjs

• msc

• msi

• msix

• msixbundle

• msp

• mst

• nsh

• pif

• ps1

• scr

• sct

• shb

• sys

• vb

• vbe

• vbs

• vhd

• vxd

• wsc

• wsf

• wsh

• xll

3. Why these file types are blocked

These extensions are associated with files that can run code or change system behavior:

• Executables and installers: exe, msi, appx, apk, dmg, iso, cab – can install programs directly.

• Scripts and macros: js, vbs, ps1, jse, vb, wsf – can automate actions, often abused for malware.

• Shortcuts and control files: lnk, cpl, msc, pif – can launch programs or change system settings.

• Virtual disks and images: iso, img, vhd – can contain hidden executables.

• Java-related files: jar, jnlp – often exploited to run malicious code.

• Diagnostic/config packages: diagcab, diagcfg, diagpkg – can change system state.

• Libraries and system files: dll, sys, lib, xll, vxd – not meant to be directly shared, but used in exploits.

Security rationale: These file types are frequently abused in attacks, may bypass simple scanning, and can execute code without clear user awareness.

4. How the blocking works

When MailChannels detects a blocked file type as an attachment, the message is rejected, and the sender receives a bounce (NDR).

We may also block archives (e.g., ZIP / RAR etc.) if they contain these file types. When in doubt, contact your provider's support team.

5. What to do instead (safe alternatives)

Instead of emailing blocked file types:

• Use approved file-sharing services such as enterprise cloud storage, managed SFTP, or a secure portal.

• Best practices for links:

  • Restrict access to intended recipients only.

  • Set expiration dates for shared links.

  • Enable download notifications if available.

  • Avoid public links unless required.

• For code samples or scripts: Share as text/code snippets via developer tools, repositories, or collaboration platforms rather than sending executables.

6. What users will see

You will receive a bounce/NDR message such as:

• “550 5.7.1  [FEB] Your message could not be delivered because it contained an attachment type that is not allowed.”

7. Quick troubleshooting

If your message failed due to a blocked attachment:

• Do not attempt to bypass by renaming file extensions or zipping with weak protection.

• Use the approved file-sharing method instead.

• If you believe the file was misclassified, provide support with:

  • Original file name

  • Timestamp

  • Sender/recipient addresses

  • Bounce message text

9. FAQ

Why was my attachment blocked even though it’s legitimate?
The policy blocks file types based on risk, not individual intent. These formats are widely abused.

Will zipping or encrypting the file help?
Not reliably. Archives may still be blocked, and encryption prevents scanning. Use approved file-sharing instead.

Can Support make an exception?
No exceptions are possible