That means that GMail users can’t send or receive emails with .js file attachments. Anyone sending a .js file to a GMail user will find their email bouncing back to them with an explanation of why it wasn’t delivered.
Regardless of the operating system you run, we strongly recommend enabling the view of file extensions (so often hidden by default!) so you can see exactly what kind of file type you’re dealing with, mitigating the risk of running a malicious file by accident.
If you try to send an email with a .js attachment, Gmail will give you an error message letting you know that your file type isn’t allowed and was “blocked for security reasons”. As an alternative, Google will suggest using outside storage, like Google Drive or Dropbox, and linking to the file from within the email. (There’s no getting around this by zipping up your file either, as Google will take a look inside the compressed file to check.)
Don’t fall for malicious email tricks
With GMail users unable to receive malicious .js files attackers may switch tactics again so it’s important to stay wary of both emails with attachments and those without.
Remember that attackers cam control or fake almost every detail of an email so you can’t rely on any of the information you’ve been sent, whether it’s a link, a phone number or who the email’s from.
Some attackers will help you out by raising red flags with poor spelling, a sense of urgency (your account has been locked, your bill is overdue!), dodgy domains or suspiciously shortened links but some won’t. The crooks know that keeping it simple works and they how to copy and paste from legitimate emails.
If an email purports to come from an organization or person you know verify the email’s legitimacy by contacting the (apparent) sender directly.
If they want to talk to you find a number in your address book or on their website that you can call. If the email contains links that appear to go to their website, especially if it’s asking you to log in, don’t click on them. Ignore the links in the email and go directly to their website by typing their address in your browser or searching for them.
What about renaming of the file extension? Will that make it past Google’s inspection?
Good question, and here’s another: What does Google do with a password-protected .zip file?
They reject it.
“To prevent against potential viruses, Gmail doesn’t allow you to attach certain types of files, including: … Archives whose listed file content is password protected; Archives whose content includes a password protected archive”
Try it. Should work. I rename zip of code files to png then tell the recipient to rename it back. Renaming it makes it inert–it won’t execute.
I’d assume a mime-type detection will find the real extension, regardless of name….
What about encrypting a .js file? Can developers get them through gmail?
A .js isn’t a mime-type since it’s plain-text. it’s not encoded like a picture file, etc.
Who needs Gmail – I’ll just telnet that sucker!
People whose ISPs won’t let them run a server perhaps….
This completely ruins my Support process for my business (Simulation Software). Is there anyway GSUIT users can reject this change? My model files contain .js files, and now my customers can no longer send me their model files when asking for help/support. This is a deal breaker for our use of gmail otherwise.