Technically inline images are not attachments. That opens up a lot of malicious compliance possibilities.

I’ve heard they are filtering inbound emails that don’t come from .gov domains to many of these addresses. Impossible to verify, but it’s a common sense thing to do.