How do attachments affect spam filtering?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
If you've ever sent a perfectly legitimate email with a PDF attached and watched it vanish into spam, you're not imagining things. Attachments are one of the fastest ways to trigger extra scrutiny from spam filters, and for good reason. They're a common delivery vehicle for malware, phishing documents, and scripts that cause real damage.
The short version is that not all attachments are treated equally. Filters look at file type, file size, and what's actually inside the file before making a call.
File types that get blocked outright
Executables (.exe, .bat, .cmd), scripts (.js, .vbs, .ps1), and certain archive formats (.zip or .rar files that contain executables) are often blocked regardless of what you wrote in the email body. It doesn't matter how clean your sender reputation is. The file type alone trips the filter. Microsoft 365 and Google Workspace both maintain lists of blocked attachment types, and enterprise security gateways can be even stricter.
Office files with macros
Microsoft Office attachments (.doc, .xls, .ppt and their macro-enabled counterparts like .docm, .xlsm) get extra scrutiny because macro-based malware spread widely for years. Many filters will sandbox these documents, strip macro functionality, or reject them entirely before delivery.
PDFs
PDFs are generally safer than executable formats, but they're not immune. Filters still scan them for embedded links, JavaScript, and scripts. A clean PDF from a trusted sender usually passes. A PDF full of redirect links from a cold email campaign probably won't.
Size limits
Large attachments can trigger rejection for reasons that have nothing to do with spam scoring. Many mail servers impose size limits (often 10MB to 25MB) and will bounce or silently drop messages that exceed them. This is a delivery failure, not necessarily a spam flag, but the result is the same: your email doesn't arrive.
Should you use a link instead of an attachment?
For most marketing and business emails, yes. Hosting your file in Google Drive or Dropbox and sharing a link means the recipient navigates to the file intentionally. That sidesteps attachment scanning entirely and keeps your email body clean. It also means you can update the file without resending the email.
The one exception worth noting is transactional email. Sending a PDF invoice or a booking confirmation as an attachment is genuinely expected by recipients, and filters account for that context. A well-authenticated transactional sender with a clean reputation sending a single PDF to a confirmed subscriber is very different from a bulk campaign blast with a zip file.
And if you're not sure whether your emails are getting flagged at the content level, our Email Header Analyzer can show you exactly what happened to a message in transit. And if attachments are only part of a bigger deliverability puzzle, the SOS hotline is free to use.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.