Securing suspicious attachments

Note: Securing suspicious attachments is a limited-availability feature, and may not be available in your account.

Even when analysis does not find malicious content in an attachment, some attributes of an attachment can make it suspicious. Such attributes include sender and domain reputation, attachment file type, attachment size, the spam score of the message, and other attributes.

When a suspicious attachment is identified, you can choose to place the attachment in a password protected zip file that is delivered to the recipient along with a report that includes the message details, a preview of the attachment content, and a link to retrieve the password to the secured zip file. When the Retrieve Password link is clicked, a separate email is sent to the recipient that includes the password. Note that only an original recipient can receive the password. If a message with secured file attachments is forwarded, recipients of the forwarded message must ask the original recipient for the password.

If you choose to secure suspicious file attachments, it’s very important that you prepare users to receive them and to take appropriate action. Users should know that:

  1. The email security service analyzes email attachments for malicious content. When found, the attachment is not delivered.
  2. The email security service also looks for suspicious file attachments. An attachment can be suspicious for several reasons including the reputation of the sender or sending domain, attachment file type, attachment size, the spam score of the message, and other attributes.
  3. When a suspicious attachment is found:
    • The attachment is placed in a password protected zip file and delivered, along with the original message, to the intended recipients.
    • A Secured Attachment Report is also attached to the original message. The report includes the message details, a preview of the attachment content, and support for retrieving the password for the secured zip file.
  4. Recipients should carefully examine the Secured Attachment Report to help determine if the attachment is safe.
  5. Opening a suspicious attachment could lead to the computer being compromised or infected. Recipients should open the attachment only if they’re sure that it’s safe. If in doubt, contact the IT team for assistance.
  6. If a user receives a forwarded copy of a message with the secured zip file, they need to ask to original recipient for the password. Only the original recipients can retrieve the password.