[jonathanlydall]

Slightly related, but fraudsters love using .svg attachments, typically the mails purport to be for an invoice which you need to log into your Microsoft account to be able to “securely” view.

I’m not sure if Exchange Online doesn’t scan them or something, but I landed up making a rule which blocks all emails with either .svg or .htm(l) attachments and to notify me when blocked.

Happens a couple of times per month for the our small company, no false positives yet.

[jojomodding]

I know someone who embeds an SVG of his signature in their emails. Looks pretty cool, renders inline, and it's sad that the state of things means they'll probably have to remove it because it triggers spam filters.

[jonathanlydall]

I don't block embedded SVGs, just ones included as attachments, so I don't think it would affect your friend's use case.