Google to ban JavaScript attachments in Gmail

Highlight Story

The company explains that, if you need to send a.js file for legitimate reasons, you can use Google Drive, Google Could Storage, or any other cloud storage platform to do so.

Once you try to attach a.js file to a Gmail message, the email platform will immediately show a message in bold red letters on the lower tab saying the attachment was "blocked for security reasons!"

Google announced Gmail will begin automatically blocking JavaScript (.js) file attachments starting February 13, 2017, according to a Google blog. This information will also be accompanied by other expandable dropdown links which inform the user of why certain email messages with or without attachments get blocked, so they can brush up on other reasons why an email not be allowed to go through if they care to know. In April of previous year, Microsoft also noticed that many spam campaigns were using.js attachments.

In JavaScript's case, the reason is simple: It has become just too unsafe for its right, or at least enough to be a persistent issue noticeable by Google engineers and consumers alike. Trying to put the.js file inside an archive, e.g. file, will also be detected and blocked.

Other scripting files like.VBS (VBScript),.VBE (VBScript Encoded),.WSH (Windows Script Host Settings File) and.WSF (Windows Script File) - all of which Gmail already blocks - can be used in a similar way. Other file extensions that are prohibited include.exe, .jse, .ade and.adp. As this attachment is commonly used to distribute malware, the blocking of JS files will only increase the security of user's Gmail account.

How can you send JavaScript files then?