How do attachments affect spam filtering?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

If you've ever sent a perfectly legitimate email with a PDF attached and watched it vanish into spam, you're not imagining things. Attachments are one of the fastest ways to trigger extra scrutiny from spam filters, and for good reason. They're a common delivery vehicle for malware, phishing documents, and scripts that cause real damage.

The short version is that not all attachments are treated equally. Filters look at file type, file size, and what's actually inside the file before making a call.

File types that get blocked outright

Executables (.exe, .bat, .cmd), scripts (.js, .vbs, .ps1), and certain archive formats (.zip or .rar files that contain executables) are often blocked regardless of what you wrote in the email body. It doesn't matter how clean your sender reputation is. The file type alone trips the filter. Microsoft 365 and Google Workspace both maintain lists of blocked attachment types, and enterprise security gateways can be even stricter.

Office files with macros

Microsoft Office attachments (.doc, .xls, .ppt and their macro-enabled counterparts like .docm, .xlsm) get extra scrutiny because macro-based malware spread widely for years. Many filters will sandbox these documents, strip macro functionality, or reject them entirely before delivery.

PDFs

PDFs are generally safer than executable formats, but they're not immune. Filters still scan them for embedded links, JavaScript, and scripts. A clean PDF from a trusted sender usually passes. A PDF full of redirect links from a cold email campaign probably won't.

Size limits

Large attachments can trigger rejection for reasons that have nothing to do with spam scoring. Many mail servers impose size limits (often 10MB to 25MB) and will bounce or silently drop messages that exceed them. This is a delivery failure, not necessarily a spam flag, but the result is the same: your email doesn't arrive.

Should you use a link instead of an attachment?

For most marketing and business emails, yes. Hosting your file in Google Drive or Dropbox and sharing a link means the recipient navigates to the file intentionally. That sidesteps attachment scanning entirely and keeps your email body clean. It also means you can update the file without resending the email.

The one exception worth noting is transactional email. Sending a PDF invoice or a booking confirmation as an attachment is genuinely expected by recipients, and filters account for that context. A well-authenticated transactional sender with a clean reputation sending a single PDF to a confirmed subscriber is very different from a bulk campaign blast with a zip file.

And if you're not sure whether your emails are getting flagged at the content level, our Email Header Analyzer can show you exactly what happened to a message in transit. And if attachments are only part of a bigger deliverability puzzle, the SOS hotline is free to use.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Diagnose my attachment risks

Based on my email setup, which attachment types are most likely causing my deliverability problems? Please rank the risks by severity and suggest whether I should switch to cloud links, use a different file format, or adjust my sending setup. Include what a filter is likely seeing when it inspects my attachment.

Edit the yellow boxes, then send to the AI of your choice.