The move, which will come into force on 13 February, is the latest in a long line of attempts to out-manoeuvre hackers and other ne'er-do-wells using attachments in phishing attacks and other sorts of spam.
Experts report: "Gmail currently restricts certain file attachments (e.g. .exe, .msc, and .bat) for security reasons, and starting on February 13, 2017, we will not allow .js file attachments as well. Similar to other restricted file attachments, you will not be able to attach a .js file and an in-product warning will appear, explaining the reason why. If you still need to send .js files for legitimate reasons, you can use Google Drive, Google Cloud Storage, or other storage solutions to share or send your files."
The full list of file extensions not sendable via Gmail includes: .ADE, .ADP, .BAT, .CHM, .CMD, .COM, .CPL, .EXE, .HTA, .INS, .ISP, .JAR, .JSE, .LIB, .LNK, .MDE, .MSC, .MSP, .MST, .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF, .WSH - including compressed versions and files with the extensions within a .ZIP or .RAR archive.
Gmail also blocks password protected files and archives as these, too, can be used to send malicious payloads. In reality, however, the age of instant messaging, cloud storage and collaboration features means that there isn't really any need for sending attachments by mail in the first place, and given that even with legitimate intent, they create multiple copies which clog up servers, businesses still operating this way need to rethink their approach anyway.