An email attachment is a computer file sent along with an email message. One or more files can be attached to any email message, and be sent along with it to the recipient. This is typically used as a simple method to share documents and images. A paper clip icon is the standard indicator for an attachment in an email client.
Email standards such as MIME don't specify any file size limits, but in practice email users will find that they can't successfully send very large files across the Internet.
This is because of a number of potential limits:
- Mail systems often arbitrarily limit the size their users are allowed to submit.
- A message will often pass through several mail transfer agents to reach the recipient. Each of these has to store the message before forwarding it on, and may therefore also impose size limits.
- The recipient mail system may reject incoming emails with attachments over a certain size.
The result is that while large attachments may succeed internally within a company or organization, they may not when sending across the Internet.
As an example, when Google's Gmail service increased its arbitrary limit to 25MB it warned that: "you may not be able to send larger attachments to contacts who use other email services with smaller attachment limits".
Note that all these size limits are based, not on the original file size, but the MIME-encoded copy. The common Base64 encoding adds about 37% to the original file size, meaning that an original 20MB file could exceed a 25MB file attachment limit. A 10MB email size limit would require that the size of the attachment files is actually limited to about 7MB.
A lot of malware is distributed via email attachments with some even considering such to be the main vector for cyberattacks on businesses. Users are advised to be extremely cautious with attachments and to not open any attachments that aren't from a trusted source and expected − even if the sender is in their address book as their account might have been taken over or misused. While many email servers scan attachments for malware and block dangerous filetypes this shouldn't be relied upon − especially as such can't detect zero-day exploits. However, in 2005 a mechanism for also detecting zero-day exploits in attachment-scans has been proposed.
Dangerous file types
Email users are typically warned that unexpected email with attachments should always be considered suspicious and dangerous, particularly if not known to be sent by a trusted source. However, in practice this advice is not enough – "known trusted sources" were the senders of executable programs creating mischief and mayhem as early as 1987 with the mainframe-based Christmas Tree EXEC.
Since the ILOVEYOU and Anna Kournikova worms of 2000 and 2001, email systems have increasingly added layers of protection to prevent potential malware. Now, many block certain types of attachments.
History, and technical detail
Originally Internet SMTP email was 7-bit ASCII text only. Text files were emailed by including them in the message body. In the mid 1980s text files could be grouped with UNIX tools such as bundle and shar (shell archive) and included in email message bodies, allowing them to be unpacked on remote UNIX systems with a single shell command.
Attaching non-text files was first done in 1980 by manually encoding 8-bit files using Mary Ann Horton's uuencode, and later using BinHex or xxencode and pasting the resulting text into the body of the message. When the "Attachment" user interface first appeared on PCs in cc:Mail around 1985, it used the uuencode format for SMTP transmission, as did Microsoft Mail later.
Modern email systems use the MIME standard, making email attachments more utilitarian and seamless. This was developed by Nathaniel Borenstein and collaborator Ned Freed; with the first MIME email attachment being sent by Nathaniel Borenstein on March 11, 1992 and the standard being officially released as RFC2045 in 1996.
With MIME, a message and all its attachments are encapsulated in a single multipart message, with base64 encoding used to convert binary into 7-bit ASCII text - or on some modern mail servers, optionally full 8-bit support via the 8BITMIME extension.
- "Setting Message Size Limits in Exchange 2010 and Exchange 2007";
- "Google updates file size limits for Gmail and YouTube", geek.com.
- "Maximum attachment size", mail.google,com.
- "Raw vs. Encoded Email Message Size — What's the Difference?".
- Martin, Jim. "Here's what you need to do to protect your PC from ransomware and NotPetya". Tech Advisor. Retrieved 29 June 2017.
- "Truth on zero-day attacks". PCR. Retrieved 29 June 2017.
- Aycock, John (2006). Computer Viruses and Malware. Springer. ISBN 9780387341880. Retrieved 29 June 2017.
- Miller, Michael R. (2009). Microsoft Security Essentials User Manual (Digital Short Cut). Pearson Education. ISBN 9780768695298. Retrieved 29 June 2017.
- Vermaat, Misty E. (2014). Enhanced Discovering Computers, Essentials. Cengage Learning. ISBN 9781285845531. Retrieved 29 June 2017.
- "How To Spot A Dangerous Email Attachment". MakeUseOf. Retrieved 29 June 2017.
- Deng, Robert H. (2005). Information Security Practice and Experience: First International Conference, ISPEC 2005, Singapore, April 11-14, 2005, Proceedings. Springer Science & Business Media. ISBN 9783540255840. Retrieved 29 June 2017.
- "Some file types are blocked", mail.google.com.
- "You may receive an "Outlook blocked access to the following potentially unsafe attachments" message in Outlook", microsoft.com.
- The UNIX Programming Environment, Kernighan and Pike, 1984, p.97
- "Unix tricks and traps". AUUGN. 15 (4): 87. August 1994.
- Modern versions of shar can deal with binaries, via uuencoding them, but this was not initially the case.
- "How do I use UUencode/BinHex/MIME support?", winzip.com.
- Info World, June 3, 1985. "Sharing Applications On-Line". Google Books. Retrieved 24 March 2017.
- Father of the email attachment, Patrick Kingsley, The Guardian, 26 March 2012
- "The MIME guys: How two Internet gurus changed e-mail forever ", February 01, 2011, Jon Brodkin, Network World
- "MIME & Me (nsb)". Guppylake.com. 1992-03-11. Retrieved 2013-10-31.