Getting a grasp on what files are being delivered through email is important in developing rules at the server. A general universal rule is to disallow executables such as PEs (EXE, DLL, SCR and other file extensions), script files such as .vbs, .js, .hta and Java JAR files to be received. Including archives like .zip, .iso, and now .wim should also be considered for email filtering, depending on how necessary it is for employees to send those files over email when internal chat clients such as Slack and the use of dedicated clouds like SharePoint can be utilized. Most phishing documents and payloads can be stopped before a user ever receives them by developing sound email filtering policies and automated rules. When the pressure of protecting the organization is released from the users, trust can be built with those in operations and pave the way for reporting and education.

Source:

https://www.bleepingcomputer.com/news/security/phishing-attacks-unusual-file-attachment-is-a-double-edged-sword/