Just to make sure I'm following, the scenario you're worrying about is someone sends an email containing a url to "YourTaxReturns.zip". Upon visiting the site, it automatically downloads a zip file named "YourTaxReturns.zip". And then what? How is this any worse than the user downloading the zip directly? They clearly wanted to download it, given they clicked on it after all.