Email Protection features depend on your plan. If your account interface and settings differ from the ones described below, upgrade from Email Protection Lite to Email Protection.

To manage or view Email Protection settings for Attachments, navigate to CONTROL PANEL > Services > Email Protection > Inbound Policies > Default policy > Attachments:

Email Protection Lite

To reject messages with dangerous attachments checkbox for Reject messages with dangerous attachments.
Note: regardless of these settings, all file attachments will still be scanned for viruses and other malware.

Reject messages with dangerous attachments

You can see the full list of attachments which are considered as dangerous in the Knowledge Base article on Email Protection: List Of Dangerous Attachments

To allow dangerous attachments sent from safe senders, navigate to Services > Email Protection > Inbound Policies > Default policy > Safe senders, click Manage and check the box Dangerous attachment in the Bypassed checks list.

Email Protection

With Advanced Email Protection package you can manage what action will be applied to the message with dangerous attachments:

  • Will it be dropped
  • Will it be delivered without attachment
  • Will be moved to Admin quarantine

Attachment management for Advanced Package

Dangerous attachments

Dangerous attachments settings

  1. You can specify file types which should be considered as dangerous even their file type group is NOT selected in Dangerous attachments section. Press space bar after you entered file type to finish editing.
    Note: due to recent increases in phishing attacks following a similar pattern, we recommend adding .htm and .html file types to the dangerous attachments.
    For example, MS PowerPoint group is not selected, but if we add .ppt file type, it will be blocked, though other MS PowerPoint file types such as .pps, .ppsx etc. won't be blocked.
  2. You can specify file types that should be considered as safe even their file type group IS selected in Dangerous attachments section. Press space bar after you entered file type to finish editing. 
    For example, Executables group is selected, but if we add .reg file type here, it won't be blocked, though other executable files such as .exe, .scr etc. will be blocked.

Note: while scanning attachments, Email Protection checks a file extension and a file MIME type.

  • If a file has no extension, only a file MIME type is checked
  • If a file has no MIME type,  only a file extension is checked
  • If a file extension and MIME type does not match and fall into different categories, the following logic is used:
    File extension MIME type Attachment 
    Safe Dangerous  Dangerous 
    Dangerous  Safe Dangerous 
    Dangerous  Dangerous  Dangerous 
    Safe Safe Safe

Email Protection + DLP

With Email Protection + DLP package Attachment sandboxing can be used for additional attachments scan.

All attachment types that have not been classified as dangerous will be sent to third-party service for checking in the sandbox environment if they are dangerous.

Attachment delivery can be delayed up to 20 minutes.

Sandbox

If the attachment has been sent for an additional check to sandboxing, user would receive an email where the attachment is replaced with .txt file that says the attachment is potentially dangerous and has been sent for an additional check.
Copy of the original email is sent to the Admin quarantine

If the attachment is considered as safe after the sandbox check, it would be delivered in a second email.