Is it wise to loosen Entourage's attachment security policy?

Entourage 2008 is very strict in its blocking of attachments and some users may find its security rules restrictive. However, with a bit of effort, users can tell Entourage to loosen up on various Mac OS X files, Mime content and certain file name extensions. Should they?

Is it wise to loosen Entourage’s attachment security policy?
Entourage 2008 is very strict in its blocking of attachments and some users may find its security rules restrictive. However, with a bit of effort, users can tell Entourage to loosen up on various Mac OS X files, Mime content and certain file name extensions.

However, whether to change those settings is a debatable point. Take the poll below.

I noted a discussion in Apple's Client Management mailing list about the issue. Poster Adam Gerson railed against the strict attachment blocking. He called the rules "presumptive."

So, I tried to email myself a .sh script I wrote and Entourage 2008 refused to show me the attachment. There is no way to disable this feature according to the help. "If you trust the message sender and want to receive the attachment, ask the sender to compress the file and then send it to you again.". This strikes me as a little presumptuous for power users.

By default Entourage 2008 blocks 15 Mac OS X file types, including APPL (executable app), dImg (disk image), mpkg and pkg1 (flavors of installer packages), oneb (self-mounting image), and osas (compiled AppleScript). It won't accept a ilht file either, a Safari Web location file.

Of course, it won't accept a range of scripts either, such as -chs and -sh shell scripts (like the one Gerson was complaining about), Javascripts and VBScripts.

Finally, there are over 100 file types it won't allow based on extension. Many of these are Windows types.

The default rules are located in the Attachment Policy property list (.plist) file found in Entourage.pkg/Contents/Resources/.

However, Microsoft offers a way for IT managers and users to tweak this list. Users can create a supplementary .plist file that trims the list or extends it. The process is described in a note on the company's IT Manager support site.

This process does require a plist editor, which come free as part of Apple's XCode toolset on your installer DVD. If you installed it, you will find it in /Developer/Applications/Utilities/Property List Editor.

However, many Mac sys admins and developers may want the convenience of a commercial tool, such as the $34.95 PlistEdit Pro. It supports drag and drop and helps users make sense of the many, many items that often are packed into a .plist file.

After removing individual string entries, you will modify the UnsafeAttachments list and the AllowedAttachments list. Microsoft says that it's "not necessary to specify file types that are already blocked in the default .plist file."

At the bottom is an important note to remember:

When specifying the file extensions, do not precede the extension with a dot (.). For example, if you want to include the extension asp to your AllowedAttachments list, just specify asp instead of .asp.

But what do you think? Did Microsoft go overboard over email attachments?

[poll id=117]