Is the attachment limit the same as the SMTP message limit?

No. The attachment limit is the file-size rule a user sees. The SMTP message limit is the encoded payload accepted by the mail server, including the body, headers, MIME boundaries, and encoded attachments.

Why does a 24 MB PDF fail against a 25 MB limit?

Base64 encoding usually expands the file by about 34%. A 24 MB PDF becomes roughly 32 MB on the wire before the rest of the email is counted.

What limit should I configure in Microsoft 365?

For internal mail, configure the smallest limit that fits the business workflow. For external mail, keep user guidance conservative because recipients outside your tenant still reject oversized messages.

Are file links better than direct attachments?

For large files, yes. File links avoid MIME size limits, but they introduce access permissions, expiry, brand trust, and recipient security-filter considerations.

Do attachments hurt deliverability?

Attachments increase size, slow processing, and trigger file-type controls. They do not automatically cause spam placement, but risky files and oversized messages get rejected more often.

Learn

Email deliverability

What are the attachment and message size limits for different mailbox providers?

Matthew Whittaker

Co-founder & CTO, Suped

Published 30 Apr 2025

Updated 21 May 2026

7 min read

Summarize with

A calm editorial thumbnail about mailbox attachment and message size limits.

Most mailbox providers limit the whole SMTP message, not just the visible file attachment. For practical sending, assume Gmail allows 25 MB outgoing attachments and 50 MB incoming messages, Yahoo Mail allows 25 MB total, Outlook.com allows 25 MB total, iCloud Mail allows 20 MB unless Mail Drop is used, Proton Mail allows 25 MB outgoing and 50 MB incoming, and Microsoft 365 starts at 35 MB send and 36 MB receive by default but can be raised by admins.

The caveat is the part that catches people: attachments are MIME encoded inside the message body. Base64 encoding usually adds about 34%. That means a 25 MB message limit gives you roughly 18 MB of safe raw attachment budget once you include headers, body text, signatures, tracking, and small inline images.

Safe default: keep normal attachments under 10 MB when the recipient mix is broad or unknown.
Upper budget: keep total raw attachments under 18 MB when sending to mixed consumer domains.
Large files: use a file link once a single file gets close to 20 MB, even when your sender UI accepts it.

Provider limits to plan around

These are the practical limits I use when planning attachment-heavy sends. They combine public mailbox rules with the more important operational rule: the smallest limit anywhere in the path wins. A sender can accept a file, then the recipient server can reject the encoded message later.

Provider	Direct send	Receive	Planning note
Gmail	25 MB	50 MB	Drive link above send limit
Google Workspace	25 MB usual	50 MB usual	Enterprise Plus can be 50/70
Outlook.com	25 MB	25 MB	OneDrive link for larger files
Microsoft 365	35 MB default	36 MB default	Admins can raise to 150 MB
Yahoo Mail	25 MB	25 MB	Total file size applies
iCloud Mail	20 MB	20 MB	Mail Drop up to 5 GB
Proton Mail	25 MB	50 MB	Up to 100 files
Zoho Mail	20 MB personal	40 MB	Paid plans vary
Fastmail	70 MB message	70 MB message	About 50 MB raw file
GMX	50 MB	50 MB	Direct large files
mail.com	30/100 MB	30/100 MB	Free or Premium
Yandex Mail	25 MB direct	Varies	Disk link after 25 MB

Mailbox size limits that matter for real delivery planning.

Corporate mail systems add another layer. Microsoft 365 tenants, private Exchange servers, gateways, and content filters can enforce smaller per-user, per-connector, per-domain, or per-file-type limits. When delivery matters, test the actual path instead of trusting a generic provider number.

Gmail compose screen showing a large attachment being sent as a Drive link.

Attachment limit vs message limit

The phrase attachment limit is convenient, but SMTP delivery is usually governed by message size. A MIME attachment is part of the message payload. The receiver does not see a 20 MB PDF as only a 20 MB file; it sees the encoded MIME body, headers, boundaries, text content, and other parts.

Attachment limit

User view: the size shown beside a PDF, image, spreadsheet, or zip file on disk.
UI rule: the webmail or app composer blocks files above its upload threshold.
Common mistake: assuming a 24 MB file fits under a 25 MB provider limit.

Message size limit

SMTP view: the encoded wire payload after MIME packaging and transport encoding.
Server rule: the receiving MTA rejects mail above its advertised or configured size.
Correct habit: budget for encoding overhead before the message leaves your platform.

Encoding mathtext

raw_file_mb * 1.34 = estimated_wire_mb
18 MB * 1.34 = 24.12 MB
25 MB / 1.34 = 18.66 MB

That is why I treat 18 MB as the real-world ceiling for a single direct attachment when the destination includes Gmail, Yahoo Mail, Outlook.com, AOL, Comcast, iCloud Mail, or older corporate gateways. For deeper detail on encoding and content types, read MIME size effects.

How SMTP advertises the wire limit

If you are diagnosing server-to-server delivery, the SMTP EHLO response often includes a SIZE extension. That value tells the sender how many encoded bytes the receiving server says it accepts for the message transaction. It is useful, but it is not the same thing as the webmail attachment limit.

EHLO size checkbash

swaks -q HELO --server gmail-smtp-in.l.google.com

# Look for a line like this in the EHLO response:
# 250-SIZE 157286400

How to read SIZE

A large SIZE value means the MX is advertising a large SMTP transaction size. It does not guarantee that a user can upload a file of that size in the provider UI, that the sender account is allowed to submit it, or that policy filters will accept it.

Use it for: MTA troubleshooting, direct SMTP testing, and explaining server rejection behavior.
Do not use it for: promising that a consumer mailbox UI accepts the same attachment size.
Always add: base64 overhead, headers, HTML, plain text, inline images, and MIME boundaries.

This distinction also explains why one recipient accepts a message while another rejects it with a size error. The sender UI, outbound MTA, relay, gateway, and destination MX each get a vote. For the bounce pattern itself, see max message size errors.

A safe sending policy

For most teams, the answer is not to chase every provider maximum. The better policy is to define a safe limit that works across the common mailbox mix, then make exceptions only for known internal routes or file-link workflows.

Attachment planning bands

Use the raw file size before MIME encoding, not the final SMTP size.

Low risk

0-10 MB

Works across most consumer and corporate mailboxes.

Caution

10-18 MB

Still usually deliverable, but account for body and signature size.

High risk

18-25 MB

Fits some upload UIs but fails after MIME encoding.

Use links

25 MB+

Send a secure file link instead of a direct MIME attachment.

Before a campaign, invoice batch, or customer notice goes out with attachments, send a real sample through Suped's email tester. I want to see the actual MIME output, HTML weight, image handling, authentication results, and any obvious construction issue before the message reaches production volume.

Email tester

Send a real email to this address. Suped opens the report when the test is ready.

?/43tests passed

Preparing test address...

A test result does not override recipient policy, but it catches avoidable mistakes: oversized HTML, heavy images, missing plain text, broken authentication, and files that expanded beyond the limit after packaging. If the same sender domain also has DNS or authentication issues, run domain health checks before you blame the attachment alone.

What to do by recipient type

The right limit depends on who receives the mail. Consumer mailboxes reward conservative sizing because the sender rarely controls the recipient policy. Business mailboxes can accept larger mail when both sides are on Microsoft 365 or another configurable platform, but external hops still create failure points.

Consumer recipients

Use 10 MB: for routine documents, statements, tickets, and receipts.
Use links: for video, scan bundles, design files, and image-heavy reports.
Avoid zips: when the recipient mix includes strict security gateways.

Business recipients

Confirm policy: check tenant, mailbox, connector, and gateway limits.
Raise carefully: larger internal limits do not mean external domains accept them.
Log bounces: save SMTP enhanced status codes and recipient domain details.

Cloud links are not the same as attachments

Gmail Drive links, OneDrive links, iCloud Mail Drop, and similar file-link flows bypass the direct MIME attachment limit because the file is no longer traveling inside the SMTP payload. That changes the delivery problem into an access, permission, and trust problem.

Check access: make sure external recipients can open the file without extra account friction.
Check expiry: time-limited links are bad for statements, records, and contracts.
Check trust: unexpected download links can look risky to recipients and security filters.

For PDFs, file type and file size both matter. A scanned PDF can be ten times larger than a text-based PDF, and password-protected or scripted files trigger extra security handling. The practical guidance is covered in PDF attachment practices.

Where Suped fits

Suped is not a way to bypass mailbox provider size limits. Suped's product helps with the surrounding workflow: testing the real message, monitoring domain authentication, detecting delivery issues, and giving teams clear steps when email infrastructure is the reason mail fails.

For teams that handle customer mail at scale, Suped is the best overall DMARC platform when attachment failures sit alongside SPF, DKIM, DMARC, hosted SPF, hosted MTA-STS, alerting, MSP reporting, and blocklist (blacklist) monitoring. The useful part is having the authentication and deliverability signals in one place instead of treating every bounce as a file-size problem.

Email tester sample report showing total score, email preview, issue summary, and per-section results

If you are already staging a DMARC rollout, add attachment testing to the same release checklist. Suped's DMARC monitoring gives the authentication view, while a real sample test shows whether the message you built is small enough and structured cleanly enough to send.

How I calculate the safe file size

When I need an exact answer for a workflow, I work backward from the smallest likely recipient limit. For consumer mail, that is usually 20 MB because iCloud Mail is lower than the common 25 MB group. For broad business mail, I still use 18 MB as the raw attachment ceiling unless the recipient domain has confirmed a larger limit.

Choose the floor: use the smallest recipient limit, not the largest sender limit.
Apply encoding: divide the message limit by 1.34 to estimate raw file budget.
Reserve overhead: leave room for HTML, text, boundaries, tracking, and signatures.
Test the real mail: send the actual template and attachment, then inspect the result.

Planning examplestext

25 MB provider limit / 1.34 = 18.66 MB raw budget
20 MB provider limit / 1.34 = 14.92 MB raw budget
10 MB conservative limit / 1.34 = 7.46 MB raw budget

That math is conservative, and conservative is the point. If the attachment is required for a legal, financial, onboarding, or support workflow, a predictable delivery path beats squeezing one more megabyte into a MIME message.

Views from the trenches

Best practices

Plan against encoded message size, not the file size shown beside the attachment.

Keep mixed-recipient attachments under 18 MB, then use file links for larger items.

Record provider, SMTP status code, and raw file size when investigating bounces.

Common pitfalls

Treating a 25 MB attachment limit as permission to attach a 25 MB local file today.

Ignoring webmail, outbound relay, gateway, and destination MX limits in the same path.

Raising internal Microsoft 365 limits without checking external recipient acceptance.

Expert tips

Use EHLO SIZE for MTA diagnostics, then test the real message through the actual route.

Multiply base64 attachments by 1.34 before comparing them to provider limits safely.

Prefer links for scan bundles, videos, zip files, and image-heavy customer reports.

Expert from Email Geeks says attachment questions are often really SMTP message-size questions because MIME payloads include the encoded attachment.

2021-08-11 - Email Geeks

Expert from Email Geeks says the EHLO SIZE response is a practical way to inspect how many encoded bytes a receiving server advertises.

2021-08-11 - Email Geeks

The practical answer

The practical answer is simple: most consumer mailbox providers sit around 20-25 MB for direct attachments or total message size, while some business platforms accept more when administrators configure them to do so. The safe cross-provider raw attachment limit is about 18 MB, and 10 MB is the better default for broad recipient lists.

Use 10 MB: for normal customer mail, marketing operations, support replies, and mixed domains.
Use 18 MB: as the upper raw attachment budget for common 25 MB provider limits.
Use links: for anything larger, especially scans, videos, bundles, and high-resolution images.
Use tests: for workflows where one missed attachment creates a support, compliance, or revenue problem.