An email attachment is a computer file sent along with an email message. One or more files can be attached to any email message, and be sent along with it to the recipient. This is typically used as a simple method to share documents and images. A paper clip image is the standard image for an attachment in an email client.
Email standards such as MIME don't specify any file size limits, but in practice email users will find that they can't successfully send very large files across the Internet.
This is because of a number of potential limits:
The result is that while large attachments may succeed internally within a company or organization, they may not when sending across the Internet.
As an example, when Google's Gmail service increased its arbitrary limit to 25MB it warned that: "you may not be able to send larger attachments to contacts who use other email services with smaller attachment limits".
Note that all these size limits are based, not on the original file size, but the MIME-encoded copy. The common Base64 encoding adds about 37% to the original file size, meaning that an original 20MB file could exceed a 25MB file attachment limit. A 10MB email size limit would require that the size of the attachment files is actually limited to about 7MB.
A lot of malware is distributed via email attachments with some even considering such to be the main vector for cyberattacks on businesses. Users are advised to be extremely cautious with attachments and to not open any attachments that aren't from a trusted source and expected − even if the sender is in their address book as their account might have been taken over or misused. While many email servers scan attachments for malware and block dangerous filetypes this shouldn't be relied upon − especially as such can't detect zero-day exploits. However, in 2005 a mechanism for also detecting zero-day exploits in attachment-scans has been proposed.
Email users are typically warned that unexpected email with attachments should always be considered suspicious and dangerous, particularly if not known to be sent by a trusted source. However, in practice this advice is not enough – "known trusted sources" were the senders of executable programs creating mischief and mayhem as early as 1987 with the mainframe-based Christmas Tree EXEC.