I understand your frustration, I'm just explaining the realities here.
A lot of businesses have just a web based forms where one can only write an inquiry, with no attachments even allowed.
Also, security software can only do so much. If a user triggers something by opening a link or an attachment, virus software has little chance of catching it.
In my company I get regular security emails reminding everyone not to open any links or attachments from outside emails. So while internally we can attach links, pictures, whatever, external emails are treated differently. And we are all behind a security fire wall.
Why not call the place, give them your name and email address you will use, explain the situation and ask how they can accommodate it?