Quarantining executable attachments would include every doc, docm, xls, xlsm, pdf, rtf .
This probably covers at least a few thousand a day,are they going to employ an entire call centre to look at these emails and evaluate them and release them every day?
And that' just the basic office executable attachments, ignoring the more esoteric and links.
Also having run the major malicious TeslaCrypt, Locky attachments and Angler links my organisation received through testing last week no major AV vendors identified them for the first 12 hours.
Links for these things are often to a hacked subdomain of a valid site in order to defeat category based web filtering, they then go on a round robin of scripts based on the identity of the browser to evade checks.
If you are in a Large Organisation, even with filtering, application control, AV, Appsense and email content control the only thing between you and ransomeware is Luck.