Email attachments present a hazard and growing threat to computer security for individuals, corporations and governments. Viruses and malware are often embedded in the computer code of attachments to email messages. Computer users are cautioned not to open attachments from unknown senders, but the identification of the sender of the email with an attached file can be spoofed, and social engineering helps create emails that get recipients to open attachments. Moreover, some departments in corporations routinely receive attachments from unknown individuals that have to be opened in the normal course of business, such as the HR departments receiving resumes in response to job postings.
The result of all this is many hundreds of millions of dollars in damages each year, not to mention corporate and national security espionage and security breaches.
Anti-virus programs can be set up such that all incoming attachments are scanned, but the problem with this approach is that the evolution of new virus and malware threats is so rapid that updates to malware identification software cannot keep up with the new threats, and new forms of malware can get through.
Opening certain types of particularly vulnerable attachments has been banned and users are told not to open any file that they are not specifically expecting to receive. As can be imagined, this well-deserved caution can present a drag to the efficient operation of any organization. Banning the opening of attachments impairs some of the very features that makes email such a powerful and useful tool: an easy and fast way to send documents, spreadsheets, presentations, and the like.