Email attachment best practices

Sending emails for business and personal use is part of everyday life. In 2024, it was estimated that there were nearly 361.6 billion emails sent each day. A good number of those emails also likely contained some file attachments. Whether those attachments are pictures being shared between family members or critical documents needed for business purposes, it is important that we all follow a standard when it comes to how to send, receive, and treat emails with attachments.

Email attachments - Best practices

Email attachment

1. Secure email attachments
2. Best practices for naming email attachments
3. Avoiding email ending up in spam
4. Why scan email attachments?
5. Email attachment size limits

Email attachments as a security risk

There are many reasons why we should all follow a code of conduct or a standard when it comes to email attachments. However, one of the most important reasons is that cybercriminals love to use email attachments to install malicious software on the devices of unsuspecting users. With a constant increase in the number of email users, the number of phishing emails is only expected to increase in 2025.

A phishing email is typically a well-thought-out email designed to get the user to open an attachment. For example, it could be an email disguised as an intracompany email with a PDF file pretending to be an invoice. Or maybe it’s a fake email from Amazon Customer Services telling you to review a file to confirm a potentially fraudulent purchase on your account.

Either way, once you open that attachment, you could be giving access to cybercriminals to install malicious software like malware, viruses, spyware, or ransomware. Once this software is on your device, cybercriminals can steal sensitive information, take control of your devices, and potentially further infect other devices in your network.

Let’s look at some of the best practices we all should follow regarding email attachments. From how we name our attachments to scanning all files before opening them, by following a specific code of conduct, we can better secure our devices and help prevent cyberattacks at work and home.

Best practices for naming email attachments

It may sound simple, but email attachment best practices start with how we name our files. Properly naming our files can help users decide whether or not an attachment is relevant and identify if it could be fake or malicious.

Here are some of the most common best practices that individuals should follow when naming any files they intend to send as an attachment:

  • Don’t use spaces. Use an underscore or hyphen instead. Some web applications may translate spaces as "%20", which can cause issues with indexing and identifying the contents of files.

  • Punctuation, symbols, and any special characters should be avoided. This includes periods, commas, parentheses, ampersands, and asterisks. Many of these symbols are used by operating systems to perform specific tasks.

  • Have a unique yet consistent file naming practice.

  • File names should never exceed 35 characters.

  • File names should always contain the file format extension that properly identifies the file type. For example, .jpg, .gif, .pdf, .wav, etc.

  • Always use a period to separate the file name from the file format extension.

These are just some examples of file-naming conventions you should use when sending email with attachments. Following these guidelines can help ensure your email and its attachments are received properly, as well as help recipients better sift through their inbox and identify only the emails that are relevant to their expected needs.

Emails that contain bad spelling and grammar, urgent requests, generic signature lines, unexpected requests for personal information, and attachments with mismatched visible file names can then easily be discarded before they’re opened.

Mail

The best business email experience is just one sign-up away

How to make sure your emails don’t end up in spam because of attachments

As people become more educated on identifying potential phishing emails and malicious attachments, they become more diligent at screening emails. The same diligence that the end user is implementing is also being used by artificial intelligence and machine learning to detect potential threats automatically and filter them into spam folders. This is why even something as basic as naming conventions can matter, especially when it comes to AI screening emails and email attachments.

So, what are some of the most effective ways to ensure your legitimate emails are not being filtered into spam folders? Here are three simple things you can do to make sure your emails are reaching your intended recipients:

  1. Avoid spam red flags: By avoiding some basic red flags, you can ensure your email is received properly. Avoid using all caps in the subject line or excessive exclamation points. Also, avoid putting too many images or links in an email and only attach files that are needed by the recipient.

  2. Check your emails for spelling and grammar: Too many spelling or grammatical errors can trigger spam filters. Make sure you proofread your emails or use editing software.

  3. Have contacts add you to their address book: If you send emails to specific people frequently, you can ask them to add you to their address book. By adding your email address to their address book, you can ensure your emails don’t get automatically filtered into spam folders.

Aside from these three main common spam filter triggers to avoid, you may want to consider using a spam checker software that can scan your emails and identify any potential issues in your email content that could trigger a spam filter.

Why receivers should scan email attachments

Most email users, whether through an organization or as an individual, will find that their email accounts are hosted on encrypted cloud-based email servers that contain built-in anti-virus and security tools. Cloud migration for everything from email hosting to cybersecurity SaaS is the current trend, and with cloud spending expected to hit $723 billion in 2025, cloud-based services are only going to continue to grow.

Many of these cloud-based email hosting services already scan all attachments that travel through their servers. However, that doesn’t mean you shouldn’t do additional scans with your own anti-virus software installed on your device. Sometimes malicious emails can slip through the cracks, even of the most secure cloud-based email hosting providers in the world.

In addition to scanning an email attachment with anti-virus software, you should also hover over an attachment before clicking on it to ensure it is what it says it is. For example, a file named Invoice_For_Services.pdf may be hiding a .exe file that, when opened, installs a virus.

Email attachment size limits

Finally, another way to ensure your email and file attachments are received properly and securely is to ensure the attachments do not exceed the maximum limits set by the email host provider. Here is a list of attachment size limits imposed by some of the most popular email hosting providers online:

  • Gmail: 25MB. Anything larger and Gmail will automatically create a Google Drive link in the email.

  • Outlook: 20MB

  • Zoho Mail: Three different plans with different attachment size limits. Lite 250 MB, Workplace Basic 500MB, Mail Premium and Workplace Professional 1 GB.

  • YahooMail: 25 MB

  • Hotmail: 10MB

  • Proton Mail: 25MB

If you are impressed with the attachment size limits we are offering, sign up for Zoho Mail right away and also enjoy the best secure email experience - starting from encryption at rest and at transit, to advanced threat protection.

Mail

The best business email experience is just one sign-up away

Author Bio:

Gary Stevens is the CTO of Hosting Canada, a website that provides expert reviews on hosting services and helps readers build online businesses and blogs. 

Comments

Leave a Reply

Your email address will not be published.

The comment language code.
By submitting this form, you agree to the processing of personal data according to our Privacy Policy.

Related Posts