We’re not talking about rejecting all attachments, just executable ones. Well, I’m not.
Thats a entirely different thing. I tought you were talking about any potentially harmful attachment, eg blocking all attachments except a couple of 100% "safe" ones like TXT, PNG and such. Some providers just block EXE's, COM's and such "directly"/"natively" executeable formats, which is fine because executeable files are rarely sent by mail, unless its a virus.
Other block just everything that CAN happen to contain executeable code, even via security holes, like doc/docx (macros), rtf (explots), zip (even if the zip does not contain executeable files itself), pdf (exploits), jpg (can contain exploits). A good thing however, is to block everything ending in .xxx.xxx, where x is any char [a-z 0-9], and . is a literal dot, not "any char". Those are always, in 100% of cases, virus.
Since when a email provider or email administrator has set up their system to always add a attachment, and the end user has no way to stop it, if your system then blocks that attachment with a bounce, then the end user on the sending side will impossibility to send a email to you. The user cannot even make initial contact with a user to perhaps contact him via a another way like phone or snail-mail. Thats is why its better to strip the attachment, and possibilty add a notice in the email body or headers, that a nonpermitted attachment was stripped. Then the, in many cases, worthless attachment (like a company logo signature) is simply stripped away, and then the message is still reaching the end user. If the attachment was good and useful, the end user which received the mail could simply ask the user to send the attachment like via dropbox or similiar. I actually asked that company why they were attaching a TOS/AUP in every mail making the mail like ~100kB. They said that it was to avoid legal trouble, because if their support personell would forgot to add the TOS/AUP when a customer places a order, they could face legal problems later. Thus they put a non-bypassable forced add-attach in their outgoing MTA, thus they could prove to a court that the TOS/AUP was always added, even if the receiving email system stripped it, thus the customer would be bound by agreement anyway.
This is propably why the OP wants to selectively block attachments for certain users, so he could either blacklist those reckless users that always clicks on "greeting cards" they get in email, or whitelist those good users which does maintain a good computer hygiene, thus not inflicting normal email communication.
Best regards, Sebastian Nielsen
smime.p7s
Description: S/MIME Cryptographic Signature
