Email Attachment Size Limits Every Cold Sender Should Know
An attachment feels like a small courtesy in a cold email — here's the one-pager, no extra click required. In practice it is one of the more common, least-diagnosed causes of a cold sequence landing in spam. This guide covers the actual size limits that matter, why attachments carry deliverability risk independent of size, and when a link genuinely serves the recipient better.
- Gmail, Outlook and most providers cap incoming attachments around 25 MB, but deliverability problems start well before that limit — often above 1–2 MB on a cold domain.
- Attachments increase spam-filter scrutiny on cold email specifically, because unsolicited mail with a binary payload matches a known abuse pattern.
- A hosted link (to a PDF, deck, or one-pager) almost always outperforms a native attachment in cold outreach, and it adds tracking the attachment cannot provide.
- New or low-reputation sending domains should avoid attachments entirely in the first several weeks of a campaign, regardless of file size.
- When a file truly must arrive as an attachment, keep it small, keep the filename honest, and never attach on a first cold touch.
The actual size limits, by provider
Every major mailbox provider enforces a hard cap on incoming message size, attachment included, and these numbers are consistent enough to plan around.
These are hard technical ceilings, not deliverability guidance — a message under the cap still clears the mail server, but that says nothing about whether it reaches the inbox rather than spam.
- Gmail: 25 MB incoming (and Gmail auto-converts anything larger you send into a Drive link on the sending side).
- Outlook / Microsoft 365: 20–25 MB depending on tenant configuration, often lower on enterprise accounts with tightened admin policies.
- Yahoo Mail: 25 MB.
- Corporate mail servers behind gateways like Proofpoint or Mimecast: frequently capped lower than the public providers, sometimes 10 MB or less, and often with attachment-type restrictions on top.
Why attachments hurt deliverability before they hit any size limit
Size is the least important variable. Spam filters weigh attachments on cold, unsolicited mail as a risk signal independent of how large the file is, because the combination of 'first contact from this domain' plus 'binary payload' matches a pattern used heavily in phishing and malware distribution. A 200 KB PDF from a domain with no sending history can trigger more scrutiny than a 20 MB file from a domain with years of clean reputation.
This effect compounds with domain warm-up. A new sending domain or a domain running its first cold campaign is already under closer watch by receiving servers while it builds reputation. Adding attachments during that window — even small, legitimate ones — adds friction at exactly the moment you can least afford it. The safer sequencing is: warm the domain and prove reputation with plain-text, link-free email first, then introduce attachments or links once volume and engagement look clean.
File type matters as much as size. PDFs and images are treated far more permissively than executables, archives (.zip, .rar), or Office documents with macros enabled — the latter category gets flagged aggressively regardless of actual content, because it is the most abused format in malware campaigns.
Why a hosted link usually wins anyway
Independent of deliverability risk, a hosted link is simply a better tool for the job in most cold outreach scenarios, for reasons that have nothing to do with spam filters.
A link also keeps the email itself light, which matters for mobile rendering and for the recipient's first impression — a plain-text email with one clean sentence and a link reads as a real message from a person, while an email with a visible paperclip icon reads as a mass-send template before it is even opened.
- Trackability: a hosted link tells you whether the recipient opened the document and how long they spent on it — signal an attachment cannot provide, and genuinely useful for prioritizing follow-up.
- Editability: if the deck or one-pager changes after sending, the link stays current; an attachment is frozen at send time across every recipient's inbox.
- Lower deliverability risk: no binary payload in the message body means one fewer scrutiny signal for spam filters, especially valuable during domain warm-up.
- Cleaner mobile rendering: attachments often download poorly or awkwardly on mobile mail clients; a link opens directly in a browser.
- Access control: a link can be revoked or password-protected later if needed, which is not possible once a file has been attached and delivered.
When an attachment is still the right call
None of this means attachments are always wrong — a handful of situations genuinely call for one, usually because the recipient explicitly needs an offline, portable file rather than a browser view.
In each of these cases, the same discipline still applies: keep the file small, keep the filename descriptive and honest, and avoid attaching on the very first cold touch to a new contact.
- The recipient explicitly asked for a file, e.g. a signed proposal or a document they need to forward internally.
- A formal document with legal or procurement weight, such as a signed NDA, a security questionnaire response, or a formal quote, where a link feels less appropriate than a document.
- Late in an established relationship where the sender's domain and the specific contact's engagement history are both strong, and an attachment carries essentially no deliverability risk.
- Environments where the recipient's corporate policy blocks external links more aggressively than attachments — rare, but it happens in some tightly locked-down sectors.
Practical rules for the cold sequence
A short set of defaults handles the majority of cold campaigns without requiring a size-limit lookup every time.
None of these rules are about the recipient's inbox capacity — Gmail can obviously hold a 20 MB file. They are about not spending deliverability budget on a courtesy the recipient did not ask for.
- No attachments in the first email of a cold sequence, ever — use a link if a document needs to be shared.
- Keep any eventual attachment under 2 MB where possible; compress PDFs and avoid embedding high-resolution images.
- Never send .zip, .rar, or macro-enabled Office files in cold outreach — use PDF for anything static.
- Use a descriptive, honest filename ('Q3-Pricing-Overview.pdf', not 'Document1.pdf' or anything that reads as generic or evasive).
- Host recurring collateral — one-pagers, case studies, decks — on a tracked link once and reuse the link across the sequence rather than re-attaching each time.
- If a corporate gateway is known to block links from a certain domain, that is the one case worth testing an attachment against, but confirm with actual send data rather than assumption.
Instead of attaching a 4 MB case study PDF to a first cold email, send: 'Wrote up how a similar team cut onboarding time by a third — happy to send the two-pager if useful.' A reply becomes the trigger to share the link, which also tells you the recipient is actually reading.
Diagnosing attachment-related deliverability problems
If a campaign's reply and open rates drop sharply right after attachments were introduced, treat that as the first suspect before rewriting copy or changing the list. Compare inbox placement between a version of the sequence with an attachment and an otherwise identical version using a link — the difference is often immediate and large enough to isolate without a formal split test.
Domain and IP reputation tools can also show whether attachment-heavy sending correlates with a reputation dip on your sending domain over the same window. If it does, pull attachments from the sequence for two to three weeks, let reputation recover, and reintroduce them gradually, low-volume first, rather than all at once.
FAQ
What is the maximum attachment size for cold email?
Technically 20–25 MB across Gmail, Outlook and Yahoo, but that number is irrelevant for cold outreach — deliverability problems from attachments start well below the hard limit, often in the low single-digit megabytes on a cold or new-ish sending domain.
Do attachments really hurt deliverability, or is that a myth?
It is real. Spam filters weigh unsolicited mail carrying a binary payload as a higher-risk pattern regardless of file size, because it overlaps heavily with phishing and malware distribution tactics. The effect is strongest on new or low-reputation sending domains.
Should I ever attach a PDF to a cold email?
Prefer a hosted link in almost every case — it is more trackable, easier to update, and carries less deliverability risk. Save actual attachments for cases where the recipient explicitly requested a file or the relationship is already established.
Is a Google Drive or Dropbox link safer than an attachment?
Generally yes, though shared-drive links from consumer platforms can occasionally get flagged themselves if the domain has been abused elsewhere. A link hosted on your own tracked domain is usually the cleanest option.
Does attachment file type matter for deliverability?
Yes. PDFs and images are treated far more leniently than .zip, .rar, or macro-enabled Office documents, which get flagged aggressively in almost any filtering system because of how heavily those formats are used in malware campaigns.
When is it safe to start including attachments in a cold campaign?
After the sending domain has an established, warmed-up reputation and the specific contact has already engaged — replied, clicked, or requested the material. Avoid attachments entirely in the first several weeks of a new domain or a new sequence.
Want to apply this to your outreach?
We will map it to your segment and product — before any work starts.
Talk to us