What file types are risky to send as attachments?

Certain file types are blocked or heavily filtered because they're commonly used to deliver malware. Avoid these in email attachments:

Executable files:

.exe, .com, .bat, .cmd, .msi (Windows executables)

.app, .dmg (macOS applications)

.sh, .bin (Linux/Unix)

Most providers block these entirely.

Script files:

.js, .jse (JavaScript)

.vbs, .vbe (VBScript)

.ps1 (PowerShell)

.py (Python)

Commonly used in phishing attacks.

Office files with macros:

.docm, .xlsm, .pptm (macro-enabled Office documents)

Macros can execute malicious code when opened.

Archives:

.zip, .rar, .7z containing any of the above

Password-protected archives (can't be scanned)

Nested archives (archives within archives)

Other risky types:

.iso, .img (disk images)

.hta (HTML applications)

.scr (screensavers)

Safe alternatives:

PDF (universally accepted, can be scanned)

Standard Office docs without macros (.docx, .xlsx, .pptx)

Images (.jpg, .png, .gif)

Plain text (.txt, .csv)

Even safe types should be used sparingly in marketing email. When in doubt, link to hosted files instead of attaching.