# What attachment types aren't supported?

> Attachments are capped at 25 MB per file and 40 MB total, and executable/dangerous file types are widely rejected by receiving providers. Link to large or risky files instead.

Attachments are supported on `POST /emails`, but two things commonly cause failures: **size limits** and **blocked file types**. Both matter because even an attachment MailBlastr accepts can be stripped or quarantined by the **receiving** mail provider.

## Size limits

MailBlastr enforces these caps and rejects the send if either is exceeded:

| Limit | Value |
| --- | --- |
| Per attachment (single file) | up to **25 MB** |
| Total of all attachments per email | up to **40 MB** |

These apply whether you supply the file inline as base64 `content` or as a hosted `path` URL that MailBlastr fetches. For a `path`, an oversized file is rejected up front using its `Content-Length`, and again after download if the actual size exceeds the cap.

> **Warning:** These caps are about what MailBlastr will accept. Remember that **base64 encoding inflates a file by roughly 33%**, and many receiving inboxes enforce their own total-message limit (Gmail ~25 MB, Outlook ~20 MB). A message that is technically under our cap can still bounce on the receiving end.

## Blocked / risky file types

There is no benefit to attaching an **executable or script** file — virtually every major provider (Gmail, Outlook/Microsoft 365, Yahoo, and corporate gateways) **blocks or quarantines** these regardless of what the sending platform allows. Common examples that are routinely rejected:

- Executables and installers — `.exe`, `.msi`, `.bat`, `.cmd`, `.com`, `.scr`, `.app`, `.dmg`
- Scripts — `.js`, `.vbs`, `.ps1`, `.sh`, `.jar`, `.py`
- Office documents with **macros** — `.docm`, `.xlsm`, `.pptm`
- Archives that hide the above — `.zip` / `.rar` / `.7z` containing blocked types are often stripped too

Files with no declared or recognizable MIME type fall back to `application/octet-stream`, which spam filters tend to treat with extra suspicion — so even an otherwise-fine binary can hurt deliverability.

### Full list of blocked send extensions

For completeness, the following extensions are blocked for **sending** (you can still **receive** any of them). The list is the standard set of executable, script, and dangerous types rejected across providers:

|  |  |  |  |  |
| --- | --- | --- | --- | --- |
| .adp | .app | .asp | .bas | .bat |
| .cer | .chm | .cmd | .com | .cpl |
| .crt | .csh | .der | .exe | .fxp |
| .gadget | .hlp | .hta | .inf | .ins |
| .isp | .its | .js | .jse | .ksh |
| .lib | .lnk | .mad | .maf | .mag |
| .mam | .maq | .mar | .mas | .mat |
| .mau | .mav | .maw | .mda | .mdb |
| .mde | .mdt | .mdw | .mdz | .msc |
| .msh | .msh1 | .msh2 | .mshxml | .msh1xml |
| .msh2xml | .msi | .msp | .mst | .ops |
| .pcd | .pif | .plg | .prf | .prg |
| .reg | .scf | .scr | .sct | .shb |
| .shs | .sys | .ps1 | .ps1xml | .ps2 |
| .ps2xml | .psc1 | .psc2 | .tmp | .url |
| .vb | .vbe | .vbs | .vps | .vsmacros |
| .vss | .vst | .vsw | .vxd | .ws |
| .wsc | .wsf | .wsh | .xnk |  |

> **Note:** These restrictions apply only to **sending**. Inbound/received mail can carry any of these types.

## Recommended: link, don't attach

For anything large, risky, or executable, **host the file and send a link** instead of attaching it. This keeps you under size limits, avoids type-based blocking, lets you update or revoke the file later, and improves deliverability.

1. **Host the file** — Upload to your own storage (S3, a CDN, a file-sharing service) and get a stable URL.
2. **Link in the email body** — Include a clear download link in the HTML instead of an attachment.
3. **For supported attachments, use a clean type** — PDFs, images (PNG/JPG), and CSV/plain-text files are safe to attach within the size caps.

> **Note:** For the exact request fields, base64 vs hosted-`path` handling, and per-file/total caps, see [Attachments](https://www.mailblastr.com/docs/emails/attachments).
