Security & Compliance Malware Quarantine HTM attachments Nameless.htm

Copper Contributor

We have a Malware policy to block incoming htm and html attachments, just recently we have started to see incoming emails blocked because of an attachment called Nameless.htm.






It looks like this might be something that is being created by Office 365, Exchange Online when an email has a MS Word document attached to. These Word documents can be either type; .doc or docx. The source of these emails are both local applications and Web Apps.


Is anyone seeing something similar? Web searched have just three results for namless.htm.






9 Replies




We have exactly the same behavior and filtering problem with ghost HTML attachments (nameless.htm) added to others attached documents.
It looks the same for PNG, PDF files etc: it seems to depends on the sender

Have you found a solution ?



@ms: please give us an answer!
Contacting your 365-Support-Team was a waste of time.

@Phraramond I believe one instance where this issue happens when the sender is using Apple Mail.  If they place their attachments In-line (In the middle of their text) the text after the attachment will be sent as an htm attachment.  If they have images in their signature, that can cause issues also.


I don't own any Apple products to test, but from my research the Apple mail sender can select Edit > Attachments > Always Send Windows-Friendly Attachments; and Always Insert Attachments at the End of Message.


Good luck trying to get an Apple user to alter their email attachment behavior to work with what they consider an inferior system (Anything not Apple). They do not care and they will find another company to do business with that doesn't block their emails. (Until that company gets ransomware, that is.)


I have raised a ticket with Microsoft (Which they closed without resolution.) to work with Apple to get this sorted out.  We can't have htm, html, or eml attachments in this day and age.  We need this issue to get addressed.

Not sure if this is still an issue ,we resolved it & I thought I would share the solution

We encountered this issue in Feb of 2023.

1. Do not add .htm & html to the list of files in malware filter.

2. Create a transport rule as shown below.

Works like a charm




I wouldn't recommend doing this. How long do you think it will take for bad guys to figure this out and start naming their malicious attachments "Nameless.htm"?


Agreed , but I cannot see what else to do. MS and Apple are both saying it is the others problem.

This at least stops many



Fair enough. We wanted to maintain a safer approach so what I did instead is leave htm and html in the block list, but created a rule that notifies the user when (s)he receives a message with nameless.htm attachment.Screenshot_5.jpg