Live Direct Marketing
HomeBlogDeliverability

Email Attachment Size Limits Every Cold Sender Should Know

July 7, 2026 · 9 min read · Guide: Deliverability

An attachment feels like a small courtesy in a cold email — here's the one-pager, no extra click required. In practice it is one of the more common, least-diagnosed causes of a cold sequence landing in spam. This guide covers the actual size limits that matter, why attachments carry deliverability risk independent of size, and when a link genuinely serves the recipient better.

Key takeaways
  • Gmail, Outlook and most providers cap incoming attachments around 25 MB, but deliverability problems start well before that limit — often above 1–2 MB on a cold domain.
  • Attachments increase spam-filter scrutiny on cold email specifically, because unsolicited mail with a binary payload matches a known abuse pattern.
  • A hosted link (to a PDF, deck, or one-pager) almost always outperforms a native attachment in cold outreach, and it adds tracking the attachment cannot provide.
  • New or low-reputation sending domains should avoid attachments entirely in the first several weeks of a campaign, regardless of file size.
  • When a file truly must arrive as an attachment, keep it small, keep the filename honest, and never attach on a first cold touch.

The actual size limits, by provider

Every major mailbox provider enforces a hard cap on incoming message size, attachment included, and these numbers are consistent enough to plan around.

These are hard technical ceilings, not deliverability guidance — a message under the cap still clears the mail server, but that says nothing about whether it reaches the inbox rather than spam.

Why attachments hurt deliverability before they hit any size limit

Size is the least important variable. Spam filters weigh attachments on cold, unsolicited mail as a risk signal independent of how large the file is, because the combination of 'first contact from this domain' plus 'binary payload' matches a pattern used heavily in phishing and malware distribution. A 200 KB PDF from a domain with no sending history can trigger more scrutiny than a 20 MB file from a domain with years of clean reputation.

This effect compounds with domain warm-up. A new sending domain or a domain running its first cold campaign is already under closer watch by receiving servers while it builds reputation. Adding attachments during that window — even small, legitimate ones — adds friction at exactly the moment you can least afford it. The safer sequencing is: warm the domain and prove reputation with plain-text, link-free email first, then introduce attachments or links once volume and engagement look clean.

File type matters as much as size. PDFs and images are treated far more permissively than executables, archives (.zip, .rar), or Office documents with macros enabled — the latter category gets flagged aggressively regardless of actual content, because it is the most abused format in malware campaigns.

Why a hosted link usually wins anyway

Independent of deliverability risk, a hosted link is simply a better tool for the job in most cold outreach scenarios, for reasons that have nothing to do with spam filters.

A link also keeps the email itself light, which matters for mobile rendering and for the recipient's first impression — a plain-text email with one clean sentence and a link reads as a real message from a person, while an email with a visible paperclip icon reads as a mass-send template before it is even opened.

When an attachment is still the right call

None of this means attachments are always wrong — a handful of situations genuinely call for one, usually because the recipient explicitly needs an offline, portable file rather than a browser view.

In each of these cases, the same discipline still applies: keep the file small, keep the filename descriptive and honest, and avoid attaching on the very first cold touch to a new contact.

Practical rules for the cold sequence

A short set of defaults handles the majority of cold campaigns without requiring a size-limit lookup every time.

None of these rules are about the recipient's inbox capacity — Gmail can obviously hold a 20 MB file. They are about not spending deliverability budget on a courtesy the recipient did not ask for.

Example

Instead of attaching a 4 MB case study PDF to a first cold email, send: 'Wrote up how a similar team cut onboarding time by a third — happy to send the two-pager if useful.' A reply becomes the trigger to share the link, which also tells you the recipient is actually reading.

Diagnosing attachment-related deliverability problems

If a campaign's reply and open rates drop sharply right after attachments were introduced, treat that as the first suspect before rewriting copy or changing the list. Compare inbox placement between a version of the sequence with an attachment and an otherwise identical version using a link — the difference is often immediate and large enough to isolate without a formal split test.

Domain and IP reputation tools can also show whether attachment-heavy sending correlates with a reputation dip on your sending domain over the same window. If it does, pull attachments from the sequence for two to three weeks, let reputation recover, and reintroduce them gradually, low-volume first, rather than all at once.

FAQ

What is the maximum attachment size for cold email?

Technically 20–25 MB across Gmail, Outlook and Yahoo, but that number is irrelevant for cold outreach — deliverability problems from attachments start well below the hard limit, often in the low single-digit megabytes on a cold or new-ish sending domain.

Do attachments really hurt deliverability, or is that a myth?

It is real. Spam filters weigh unsolicited mail carrying a binary payload as a higher-risk pattern regardless of file size, because it overlaps heavily with phishing and malware distribution tactics. The effect is strongest on new or low-reputation sending domains.

Should I ever attach a PDF to a cold email?

Prefer a hosted link in almost every case — it is more trackable, easier to update, and carries less deliverability risk. Save actual attachments for cases where the recipient explicitly requested a file or the relationship is already established.

Is a Google Drive or Dropbox link safer than an attachment?

Generally yes, though shared-drive links from consumer platforms can occasionally get flagged themselves if the domain has been abused elsewhere. A link hosted on your own tracked domain is usually the cleanest option.

Does attachment file type matter for deliverability?

Yes. PDFs and images are treated far more leniently than .zip, .rar, or macro-enabled Office documents, which get flagged aggressively in almost any filtering system because of how heavily those formats are used in malware campaigns.

When is it safe to start including attachments in a cold campaign?

After the sending domain has an established, warmed-up reputation and the specific contact has already engaged — replied, clicked, or requested the material. Avoid attachments entirely in the first several weeks of a new domain or a new sequence.

Important: this is not bulk email and not spam. We run targeted outreach: every message goes to a specific representative of a specific company for a legitimate business reason, in small daily volumes, personalised to the recipient. Every email identifies the sender and includes one-click opt-out; unsubscribes and stop-lists apply to all future campaigns without exception. Companies that ask not to be contacted are excluded permanently.

Want to apply this to your outreach?

We will map it to your segment and product — before any work starts.

Talk to us