If people's computers can decide what to do with files based on their extensions (.pdf, .mp3, .docx, .dotx, etc.), why do web servers and email apps need to also specify a MIME type?
I can see this being useful if you want to deliver a file in a way that differs from the default (e.g. show a .py or .html file as plain text) or if the file extension is unregistered on the client computer, but in most cases, if I'm creating a new file format (say .foobaz) and want to enable people to share these files on the web and over email, shouldn't it be sufficient to rely on the client recognizing the file extension?
Best Answer
Mime type clearly specifies the intended use of the file. File extensions only hint at the content. Both can be wrong. DOC has been used by a number of text editors with a variety of internal file formats.
Faking extensions is used extensively to mislead people as the the file type. This can be used to malware of various kinds. It can also lead to security bugs. If myfile.txt would be validated for security as a text file, and later by content inspection is run as an executable, you may end up with an infected machine.
Unix uses an executable bit to indicate which file can be run. Scripts can start with a bang path indicating which interpreter should execute them. The file command can be used to fairly reliably determine the file type with or without an extension.
Using extensions to identify which file use can lead to ambiguity. If I have myfile.exe, myfile.com, myfile.bat, and myfile.cmd, which runs if I run the command myfile.