Rejecting file attachments

Last updated: October 10, 2022
Audience: All UW

NOTICE: Due to the increase in sophisticated and destructive malware being delivered to computers through executable email attachments, UW-IT will reject all email messages that have risky types of executable files attached (such as .exe, .bat, .vbs, .py, and others). See below for more information on the types of files that will be rejected and alternative ways to share files safely.

Processing email with attachments

Most files attached to email messages are of little risk and they are delivered. However certain types of attached files trigger these special processes:

  • Messages with attachments determined to contain a virus and messages with attachments of certain risky file types are both rejected, which sends a notice to the sender that the message was not accepted.
  • Messages with an attachment with a “.zip” filename extension will be delivered unless they contain one of the risky file types (noted below), in which case they are rejected.

 

Action File Types Reason
Rejected — Messages containing one or more of the following executables, either directly attached or in a .zip file, are rejected with a notice being sent to the sender. .386, .3gr, .add, .ade, .appcontent-ms, .asp, .bas, .bat, .cer, .chm, .class, .cmd, .cnt, .com, .cpl, .crt, .dbx, .der, .diagcab, .dll, .exe, .fon, .grp, .hlp, .hpj, .hta, .inf, .ins, .isp, .jar, .jnlp, .js, .jse, .lnk, .mcf, .mdb, .mde, .msc, .msh, .msh1, .msh1xml, .msh2, .msh2xml, .mshxml, .msi, .msp, .mst, .msu, .ocx, .pcd, .pif, .pl, .printerexport, .ps1, .ps1xml, .ps2, .ps2xml, .psc1, .psc2, .psd1, .psdm1, .py, .pyc, .pyo, .pyw, .pyz, .pyzw, .reg, .scf, .scr, .sct, .settingcontent-ms, .shb, .shs, .theme, .url, .vb, .vbe, .vbp, .vbs, .vxd, .website, .ws, .wsc, .wsf, .wsh, .xbap, .xll, .xnk On many computers opening these files will cause it to execute automatically and infect the computer. These file types are seldom used for legitimate communication, but are favored by malware writers.
Delivered, except for— Email messages containing attachments that are found to contain any of the above file types will be silently rejected .zip This file type is used by virus writers to
circumvent antivirus programs, but may be used for legitimate purposes.

What email does this apply to?

All email processed by UW central email services is included in this management practice.  That includes messages to and from UW Exchange, and UW Gmail.  It also includes messages to other destinations when sent from devices which use the ‘smtp.uw.edu’ service and may include other traffic as well depending on the routing.

Why reject these attachments?

Email attachments are a common method for computer viruses to spread. Virus infections can cause serious problems both for the computer user and the UW email system.

This type of rejecting is necessary with email because anyone can send email messages to anyone. In other words, anyone who wants to send you malware can do so.

Alternative ways to share files

The way to share files safely is to place the file in a secure repository such as UW Google Drive or UW OneDrive for Business and then share the file with the specific person you want to make it available to. For example, you could place the file in a Google Drive folder and share that folder with the recipient. That way both you and the recipient have to authenticate (log in with your ID and password) to get to the file. Many such secure storage repositories are available.

More information