How can you find out if xlsx and docx files are safe to open?

Macros cannot be saved in .xlsx files. Excel will refuse, and tell you to save it as an .xlsm file. If you save as .xlsm and then rename as .xlsx Excel will not open the file.

Assuming someone got around this restriction, then Excel will disable any macros found in an .xlsx file.


I do site IT support for a manufacturing plant, and I can tell you that sending Word and Excel documents to employees of another company is not common place, especially for sharing tips. I get these sorts of emails all the time and the tips are always contained within the email, included in a PDF, or a link to a page on their company web-site.

Within the organization, this is a different matter. Users within the organization often share Word and Excel files through email.

Sending zipped files on the other hand is common place both inside and outside of the organization. It's also 50%/50% on whether it's spam or not. The users I support forward me emails they received to determine if they were spam or not, and zipped files often accompany the spam emails. On the other hand, they frequently contact me for help when they receive ligitimate emails that contain zipped files or need to send one with a zip file. Often organizations have limits on the size of the emails they can send or receive and the users opt for zipping the files when they exceed those limits. But again, when companies send emails to share tips, I have never seen this.


Side Note: This is just my experience, but anytime a company (any company, not just an IT company) has to contact you first, they aren't very good at what they do and you should avoid them. When a company is good at what they do, the customers will come to them.


First rule would be to NEVER open unsolicited email attachments. It is simply extremely bad security practice. If you send me something suspicious like that and I don't know you, I'll tend to automatically blacklist you.

As far as formats, I normally see most companies use Adobe PDF for whitepapers. I can't remember the last time I saw whitepapers in raw Office format. It used to be that due to the macro issue, you only opened such files from trusted sources and even then disabled macros first. Another reasons you don't see that today is the metadata in the files can lead to embarrassing disclosures. (Which PDF isn't immune to! Something to keep in mind.)