What file types are risky to send as attachments?

Certain file types are blocked or heavily filtered because they're commonly used to deliver malware. Avoid these in email attachments:

Executable files:

• .exe, .com, .bat, .cmd, .msi (Windows executables)
• .app, .dmg (macOS applications)
• .sh, .bin (Linux/Unix)
• Most providers block these entirely.

Script files:

• .js, .jse (JavaScript)
• .vbs, .vbe (VBScript)
• .ps1 (PowerShell)
• .py (Python)
• Commonly used in phishing attacks.

Office files with macros:

• .docm, .xlsm, .pptm (macro-enabled Office documents)
• Macros can execute malicious code when opened.

Archives:

• .zip, .rar, .7z containing any of the above
• Password-protected archives (can't be scanned)
• Nested archives (archives within archives)

Other risky types:

• .iso, .img (disk images)
• .hta (HTML applications)
• .scr (screensavers)

Safe alternatives:

• PDF (universally accepted, can be scanned)
• Standard Office docs without macros (.docx, .xlsx, .pptx)
• Images (.jpg, .png, .gif)
• Plain text (.txt, .csv)

Even safe types should be used sparingly in marketing email. When in doubt, link to hosted files instead of attaching.