Why are outbound messages containing .doc/.docx attachments being blocked?
Posted by David Rutherford on 07 October 2013 12:24 PM
We have been having problems with sending email's with attachments (typically pdf and .doc/.docx). Not all of the time though and we can't seem to see a reason why they would be blocked. We can send a normal text email to the addresses and even some emails with attachments. But it seems randomly they get blocked.|
Sometimes doc/docx messages (and other Microsoft document formats) will be blocked by anti-spam/anti-virus due to the presence of macros. Some filters will reject attachments because of Company Defined Security Policies. These policies may block messages based on specific aspects of the message that may be considered dangerous or due to password protection or encryption. Document files containing macros often get caught by such security policies. The simple existence of a macro may be enough to block the message.
Company Defined Security Policies:
Content filters may be set by Company Defined Security Polices to try to prevent potentially dangerous content from entering an organization. The content filtering settings can differ from one company to another depending on the type of company, market sector, government restrictions or arbitrary IT administrator decisions. Filters may also be to prevent data loss be controlling the type of documents that can be transmitted outside an internal network; which may also prevent incoming transmission of such documents depending on the filter implementation.
Examples of such security policies include the blocking of:
- Dangerous file types including executable files, Active X and Applets;
- Zip archives, large zip archives, nested zip archives;
- Password protected zip and pdf files;
- HREF links to files outside of the document (sometimes occurring in pdf files);
- Files whose MIME type does not match its extension;
- Encrypted files;
Unfortunately, such systems may give little or no indication of what aspect of the message is triggering a content block. Further complicating diagnosis is the fact that administrators may be tweaking such rules as new threats are identified and as false positive reports are coming in.
Depending on the filter configuration these messages may be rejected outright or they may be deferred. In normal mail transmission "deferral" is meant to be a temporary measure. When deferral is used to impose security policies it will generally result in messages getting stuck in the local mail queue.
The best course of action to take when this sort of behavior appears to be happening is to contact the e-mail recipient or mail administrator for the organization and bring this problem to their attention.
Keywords: perfectmail, antispam, email, attachment, filtering, security, policy, zip, doc, pdf, files