Blocked attachments: The Outlook feature you love to hate

William Kennedy

By William Kennedy
General Manager
Outlook Product Development

Dear Outlook customers,

By now most of you are painfully aware that Outlook does not allow you to receive attachments from certain files that have the potential to carry a virus to your computer, such as an .exe file. I am writing to acknowledge the feedback you have sent to us regarding this functionality and how it limits the way you can share files with others. Many of you have sent in comments like "How can I unblock attachments, this is a pain!" You want control over what files you can receive in e-mail. After all, you bought Outlook to do this and many of you claim "I know what I'm doing!" I would like to share my perspective with you on this issue and explain why Outlook is designed the way it is. I doubt this will change the way you feel about the design, but I feel I owe you an explanation of why we did what we did.

As you know, when Outlook 97 first came on the market, the Internet seemed like a relatively safe place and sending attachments in e-mail seemed like a great idea. Then reality hit us hard beginning in March of 1999, when the Melissa virus struck followed by the ILOVEYOU virus. These were the fastest-spreading viruses ever seen and forced a number of large companies to shut down their e-mail systems, costing them thousands of dollars. They also affected many of you. In order to spread, these attacks relied heavily on fooling people that the e-mail was coming from someone familiar, and even many computer experts fell victim and became infected. It's no secret that hackers like to attack the largest target, and the largest target is Microsoft Outlook. Currently, there are more than 300 million people using Outlook worldwide. The industry and our customers looked to us to provide protection against this sort of epidemic.

We now understand that the Internet is a wonderful tool but that it is also a dangerous neighborhood. Even people who "know what they're doing" are vulnerable. And hackers are getting more sophisticated. Following the outbreak in 1999, we decided that Outlook would no longer be the way that dangerous files spread around the Internet.

Since our change, I would like to ask you, have you heard of any attacks in which Outlook has been the vehicle of a massive virus attack? The simple answer is no. The reason? Outlook blocks potentially dangerous attachments and prevents unauthorized programs from accessing your address book. Outlook is designed for safety first, so that everyone can keep sending e-mail.

So how do we address the issue of file sharing? The vast majority of users don't have reasons to send these potentially dangerous files around, and those who do can use other methods. I would like to offer several suggestions that can facilitate file sharing in a safe manner, as follows:

  • Outlook does not block documents such as .xls, .doc, .ppt, and .txt files. These are the files most people use to get work done. However, keep in mind that these files can contain macros that have the potential to spread viruses. So whenever these come to your Inbox, be sure to save and scan them first with a third-party antivirus program. And be sure to follow the recommended directions to protect your PC.
  • You can always rename the blocked file to include a temporary file type that is not on the list of blocked file types. For example, you might rename program.exe to program.exe_ok, and then attach the file to the e-mail message. You can include instructions in the message for the recipient to save the file with the correct name, program.exe. The key point to remember here is that you should only open files that you expected from someone.
  • Use a zip program to package files before you attach them to your e-mail message. In your message, you can include instructions explaining how to extract the files from the package to make it easy for recipients to access the files.
  • Post the files to a secure network share. Most Internet service providers (ISPs) offer paying subscribers a space to post files. One example is to save files on MSN. In your message, you can include a link to the share that you have given the recipients access to.
  • If you work in an organization that uses Microsoft Exchange Server as the e-mail server, the administrator does have control over which file types are blocked or unblocked. If you are the e-mail administrator, you can learn more about configuring blocked attachment behavior in Outlook by referencing the Microsoft Office Resource Kit.

I hope this has helped to explain why Outlook is designed to be strict about which file attachments are allowed into your computer. Please keep sending us your feedback on this and any other aspect of Outlook. Your suggestions help us to continue improving Outlook.


William Kennedy

About the author    William Kennedy is general manager of the Office Communication Services team at Microsoft Corporation. He manages the product development team for Microsoft Outlook, and shares responsibility for developing and guiding the Outlook business strategy.

Applies to:
Outlook 2003