As a followup to our previous incident, we are still preventing the download of certain attachment file types originating from inbound email but we have made a change to allow the .docx format through our filters.
However, the following file types are still temporarily prevented.
_doc, xlsx, docm, xlsm, img, exe, html, htm, php, js, zip, gz, 7z, rar, z, zls, tar_
We have also introduced a change to only block attachments if they are attached to the first inbound email message, instead of all replies, this way customers will be able to see attachments in replies to conversations, but not if they are included in the first inbound email message.
The files are still stored, but we have blocked access. We are currently looking into ways to safely restore access to these file types without causing reputation issues with major inbox providers such as Google.
Posted May 27, 2019 - 12:29 UTC