When SpaMP3 hit the airwaves, some experts recommended blocking MP3 attachments, for example Sophos, and even SC Magazine. A spokesperson for GFI was quoted as saying “How many companies do you know that use MP3 files for business use?”
I agree, MP3 isn’t the most broadly used file-type in most businesses, however there are some businesses for whom MP3s are a critical file type, and blocking them in one fell swoop would create many more problems than it solves. And the slippery slope is not far behind – what happens if spammers start sending out MS Powerpoint files? Should we block those as well? Of course not – most businesses today could not adopt such a restrictive policy (although perhaps we would spend less time in meetings, or more time actually talking to each other instead of reading bullet points, but that’s a different subject.
So the answer is not to block by file type, but by spam classification, or virus threat level. Customers need to demand that their solutions be able to distinguish between legitimate mail and spam or viruses, regardless of the attachment type.