Gmail blocks some emails because of the attachment file types

1 year ago
sorb
2 minutes

Problem Statement

Some emails going to Gmail Business or Personal mailboxes are not received. In the log it shows the message is bounced with the error message below,

to=<EMAIL>, relay=LOADBALANCE-|aspmx.l.google.com,|alt1.aspmx.l.google.com[172.17.0.6]:25, delay=11, delays=1.5/0.02/0.69/8.4, dsn=5.7.0, status=bounced (host LOADBALANCE-|aspmx.l.google.com,|alt1.aspmx.l.google.com[172.17.0.6] said: 552-5.7.0 This message was blocked because its content presents a potential 552-5.7.0 security issue. Please visit 552-5.7.0  https://support.google.com/mail/?p=BlockedMessage to review our 552 5.7.0 message content and attachment content guidelines. lp14-20020a17090b4a8e00b00232dd9ab146si136673860pjb.13 - gsmtp (in reply to end of DATA command)

Root Cause Analysis

Gmail takes an aggressive approach to reject any attachments matching these conditions,

  • Certain types of files, including their compressed form (like .gz or .bz2 files) or when found within archives (like .zip or .tgz files)
  • Documents with malicious macros
  • Password-protected archives with archived content

File types blocked by Gmail are:

.ade, .adp, .apk, .appx, .appxbundle, .bat, .cab, .chm, .cmd, .com, .cpl, .diagcab, .diagcfg, .diagpack, .dll, .dmg, .ex, .ex_, .exe, .hta, .img, .ins, .iso, .isp, .jar, .jnlp, .js, .jse, .lib, .lnk, .mde, .msc, .msi, .msix, .msixbundle, .msp, .mst, .nsh, .pif, .ps1, .scr, .sct, .shb, .sys, .vb, .vbe, .vbs, .vhd, .vxd, .wsc, .wsf, .wsh, .xll

The details are documented by Gmail at here, File types blocked in Gmail.

Troubleshooting

  1. Open SCES Admin Portal
  2. Go to Message Trace -> Mail Query, find your email by putting the filter. Seeing if the status shows Bounced.
  3. If so, hover the mouse over 3-lines icon and click Lifecyle
  4. Scroll down to the bottom to get the details of the bounce reason from Gmail

Screenshots for the reference,

Resolution

  1. As what Gmail asks, upload the attachment to somewhere else and email the recipients the location
  2. Contact sales@sorbsecurity.com to activate the attachment protection feature.

High level of the attachment protection feature,

SCES will replace the attachment with a HTML wrapper in the email which will comply to the Gmail regulation.