Manage Attachment Restrictions
The Attachment restrictions page allows you to configure which email attachments to allow and which to block.
In the Domain Level Control Panel, select Incoming - Protection Settings > Attachment restrictions the Attachment restrictions page is displayed:
The following restrictions can be configured:
Restriction | Description |
---|---|
Blocked Extensions |
Messages that have an attachment with any of the selected extensions will be rejected. You can add new extensions to those listed using the Add new extension feature. |
Disallowed release extensions |
Email users will not be allowed to release messages that contain attachments with the selected extensions. You can add extensions to this list using the Add new extension feature. |
Restriction options |
These settings are configurable at the Admin level for all domains owned by the Admin or Sub-Admin user from the Customer Management page.
|
Additional restrictions |
Message link size limit (in bytes) - This option restricts the amount of data that is downloaded per message. Links in messages to executable files that would be blocked as attachments are followed and the content is checked against an anti-virus database. Maximum MIME defects - Messages that are sent with standard email clients have no defects, whereas spam messages are often generated with poorly developed software and have many defects. Normally we reject messages with defects but if you have a need to receive defective messages, you may set a limit or disable this check. If the defective messages come from a single sender, it would generally be better to either convince the sender to fix their software or allow that sender using Manage Incoming Sender Allow list. |
Scanned link extensions |
If the Message link size limit is set (above), then links in messages to files with the selected extensions will be scanned for viruses and other malware. You can add extensions to this list using the Add new extension feature. |
Default (inherited) Blocked Extensions | Default (inherited) Scanned Link Extensions |
---|---|
.ade |
.bat |
.adp | .btm |
.bat | .cmd |
.btm | .cpl |
.chm |
.dll |
.cmd | .exe |
.com | .lnk |
.cpl | .msi |
.dll | .pif |
.docm | .prf |
.exe | .reg |
.hta | .scr |
.ins | .url |
.isp | .vbs |
.jar | |
.js | |
.jse | |
.lib | |
.lnk | |
.mde | |
.msc | |
.msi | |
.msp | |
.mst | |
.nsh | |
.pif | |
.prf | |
.reg | |
.scr | |
.sct | |
.shb | |
.url | |
.vb | |
.vbe | |
.vbs | |
.vxd | |
.wsc | |
.wsf | |
.wsh |
Block Specific Extension Types
You can also block messages based on their attachment type. You can add more attachment types to the list of default ones already set up in the system.
- In the Blocked extensions panel, place a tick in the checkbox alongside the extension type you want to block
- To add more extension types, use the Add new extensions field
- Click Save
Block Password-Protected Archive Attachments
Spammers often use the trick of sending password encrypted archives in the hope to bypass some filters, and saying the “password” in the body of the spam message. These messages can be blocked by enabling the “Block Password Protected Attachments” feature.
- In the Restriction Options panel, place a tick in the Block password-protected archive attachments checkbox
- Click Save
This setting is configurable at the Admin level for all domains owned by the Admin or Sub-Admin user from the Customer Management page.
Block Attachments Containing Hidden Executables at Domain Level
To block dangerous attachments for a specific domain only:
- In the Restriction Options panel, place a tick in the Block attachments that contain hidden executables checkbox
- Click Save
This setting is configurable at the Admin level for all domains owned by the Admin or Sub-Admin user from the Customer Management page.
Block Attachments with Macros
This option (which is disabled by default) allows you to reject all incoming emails received with document based attachments (.doc, .xls, .ppt etc) containing macros. This can be enabled per domain by:
- In the Restriction Options panel, place a tick in the Block attachments with macros checkbox
- Click Save
This setting is configurable at the Admin level for all domains owned by the Admin or Sub-Admin user from the Customer Management page.
Enable Scanned Link Extensions
This option (which is disabled by default) allows you to configure your domain(s) to allow the download of files of a specific extension type from links within an email. The system scans the files for any viruses or malware.
- In the Additional Restrictions panel, enter 2000000 in the Message link size limit (in bytes) field
- In the Scanned Link Extensions panel, add the following extension types to the existing list using the Add new extensions field: zip, rar, jar, js, java, aspx, doc, docm, xls, xlsm
- Click Save
For redirect links (commonly seen in invoice related spam), an extra link-follow option is needed. This currently needs to be enabled by our Support team. If required, please contact support so that they can set this up for you.