[10 minutes mail] Microsoft Bans 38 File Extensions in Outlook
Microsoft is expanding the list of file extensions that will be banned in Outlook for the web (previously known as Outlook Web Access – OWA).
The list, which previously included 104 file extensions, will be expanded with 38 new entries. These new entries are file types that are regularly used to deliver malware to Outlook inboxes.
Once added to the list of blocked file extensions, users won’t be able to download any of these types of files from their inboxes. Unless the Outlook/Exchange admins have whitelisted a particular file extension on purpose, using a special configuration.
According to Microsoft Exchange, ‘the newly blocked file types are rarely used, so most organisations will not be affected by the change’. However, if users are attempting to send and/or receive affected attachments, they will be notified they are no longer able to download them.
For all of you, curious which are the new types of banned extensions, here is a list:
- Java files: “.jar”, “.jnlp”
- Python files: “.py”, “.pyc”, “.pyo”, “.pyw”, “.pyz”, “.pyzw”
- PowerShell files: “.ps1”, “.ps1xml”, “.ps2”, “.ps2xml”, “.psc1”, “.psc2”, “.psd1”, “.psdm1”, “.psd1”, “.psdm1”
- Digital certificates: “.cer”, “.crt”, “.der”
- Files used to exploit vulnerabilities in third-party software: “.appcontent-ms”, “.settingcontent-ms”, “.cnt”, “.hpj”, “.website”, “.webpnp”, “.mcf”, “.printerexport”, “.pl”, “.theme”, “.vbp”, “.xbap”, “.xll”, “.xnk”, “.msu”, “.diagcab”, “.grp”
The list of 104 file types Microsoft is currently blocking in Outlook for the web can be found here.
The company have not yet confirmed when these 38 new file types will be added to Outlook’s banned list. We only know that the change is coming soon.
Why are they making these changes? To quote Microsoft, “we’re always evaluating ways to improve security for our customers, and so we took the time to audit the existing blocked file list and update it to better reflect the file types we see as risks today.”
As technical, and slightly geeky, as this news might be, we feel obligated to inform you as security is very high on our list of priorities. As it should be on yours, too. So, be careful of the attachments you are opening (and sending) to your clients/subscribers/leads.
An Online Tool Calculating The Risk Of Suffering Email-Based Data Breaches
Egress, a leading provider of people-centric data security solutions, announced they are launching a new online tool – Insider Breach Calculator – which is aimed at helping businesses determine the probability of potentially suffering email-based insider data breaches.
What is it exactly? This unique tool is based on an algorithm which takes into consideration the employee mailboxes within an organisation, the market sector and the perceived level of stress (and tiredness) that the employees experience to calculate the figure. This data is sourced from insights from sample organisations to determine the average number of emails sent on a daily basis; and, the overall security posture of the sector in which they operate.
The online tool analyses the data further by breaking down whether a breach is likely to be the result of either accidental or malicious email behaviour.
Why should you care? The Insider Breach Calculator is giving businesses an indication of the chance of suffering email-based data breaches happening to their organisation. It’s also helping companies identify the areas specific to email that require their attention to decrease such risk.
An Email Signature Is As Legally Binding As A Real One
Beware of what you say in your emails and any promises you might make as, apparently, people can accept them as legally binding. Especially, if you have an email signature block at the end of it.
Why? Well, it was argued in a case circulating in the news that your email signature can be as legally binding as sending tons of paperwork and physically signing them all.
Your work email signature can be used to form a binding and legal contract; the Manchester County Court ruled – which cost an unfortunate land seller £25,000 from her hoped-for sale price.
A brief overview of the case. A lawyer sent a client an email confirming the sale of their land for £175,000 (instead of the £200,000 the seller hoped for) by email with an auto-generated signature block. Later, he tried to back out of the deal claiming no contracts had been signed by both parties as demanded in law. However, in Court, the Judge ruled the electronic signature was as good as a handwritten version, making the contract legally binding. The Judge also declared that the email sender had shown “an intention” to connect their name with the contents of the email.
Why should you care? If email signatures can be considered legally binding, businesses must be very, very careful as to what they put in their emails as it can cause serious ramifications. So, beware of what you add your email signature to.
Do you have any suggestions or ideas what email industry news topics you’d like us to look out for in the future? Write your requests below. We’ll keep an eye out (or two) so you don’t have to – and all for FREE, of course.
In the meantime, you can take a look at our email marketing blog for useful email advice, tips and tricks. Last, but certainly not least, we’ll keep you up-to-date with the most recent social media news, search engine news, PPC & Ads news as well as other digital marketing news we found interesting.