How to Securely Send Documents by Email

Sending a sensitive document by email feels safe because it is familiar, but familiarity is not security. The honest answer is to encrypt the file, or better, do not send the file at all. Send a gated, expiring link you can revoke and watch instead. An attachment is the least controllable thing you can put in someone else's inbox.

That is the short version. The rest of this guide covers the options people actually use, what each one really protects against, and the exact steps to do the two that matter.

Why an email attachment is the weakest option

The moment a file leaves your outbox as an attachment, you lose every form of control over it. There is no undo. A few things are true about that attachment that most people never think about until it is too late.

Anyone can forward it in one click, with no trace back to you. It gets downloaded onto a laptop, a phone, and a backup, so it now lives in places you will never see. It sits in the recipient's inbox indefinitely, surviving job changes, lost devices, and breached email accounts years from now. You also have zero visibility. You do not know if it was opened, by whom, or how many times it was passed along.

Email itself is less private than it looks. A message usually travels encrypted in transit between well configured mail servers, but it is generally stored unencrypted at rest on the provider's side, readable by anyone who can get into that account. So the question is not only whether the connection is secure. It is who can read this file for the next ten years, and whether you can take it back. With a raw attachment, the answers are "more people than you think" and "no."

That framing decides everything below. The methods that give you real control are the ones that keep the file out of the inbox, or wrap it in encryption the recipient is forced to unlock.

The options people actually use

Below are the realistic methods, roughly from weakest to strongest, with what each one is good for and where it quietly fails.

Password-protected PDF or ZIP

This is the most common "I made it secure" move. You set a password on the PDF or compress the file into an encrypted ZIP, then email it. It beats nothing, and it works everywhere, since the recipient needs no special software.

The problem is almost never the encryption. It is key delivery. If you paste the password into the same email thread, or send it in the reply right underneath, you have wrapped the house key in a note taped to the front door. Anyone who reads the message reads both. Same story if you put the password in the email body and the file in the attachment. One compromised inbox exposes both halves.

A password-protected attachment only helps if the password travels on a different channel. Send the file by email, then send the password by text message, a phone call, or a chat app the recipient already uses. Even then, the file is still downloaded forever and you still cannot see who opened it or pull it back. It is a lock on a door you have already given away.

Use it when the file is mildly sensitive, the recipient is not technical, and you are willing to send the password separately and accept zero visibility afterward.

Encrypted email (S/MIME, PGP, Proton)

This is the textbook "correct" answer, and in theory it is excellent. Standards like S/MIME and PGP encrypt the message end to end, so only the holder of the right private key can read it. Services such as Proton Mail make encrypted email far more approachable than the old command line days, and offer ways to send a protected message to people outside the service.

The catch is brutally practical. Almost nobody can receive it. PGP and S/MIME require both sides to have set up keys or certificates and to have exchanged them in advance, which most clients, lawyers, and counterparties simply have not done. Provider to provider encryption only fully works when both people are on a service that supports it. So the strongest classical method routinely collapses the moment you need to send something to a normal person on a normal Gmail or Outlook account.

Use it when you and the recipient both already have encrypted email configured, or you are inside an organization that has standardized on it. For one off sends to outside parties, it is usually more friction than it is worth.

A secure link instead of the file

The pattern that fixes the underlying problem is to stop attaching the file at all. You upload it once, and send a link to a hosted, gated copy. The file stays on a server you control. The recipient views it in their browser. You decide who gets in, for how long, and what they are allowed to do.

This flips every weakness of the attachment. Forwarding the link does not help an unauthorized person if the link itself is gated by email or passcode. Set an expiry date and access ends on its own. Revoke access after sending if a deal dies or you sent it to the wrong address. Turn off downloading and there is no file to scatter across devices. And you can see exactly who opened it and when. This is what most modern secure document sharing tools, including Plox, are built around.

Use it when the document is genuinely sensitive, you are sending it outside your organization, or you want any control or visibility after the send. For most business documents, this is the right default.

Access & security

Control who can open Clarity Bank and what they can do.

Global settings

Defaults applied to everyone with the dataroom link

Require email

On

Verify email

On

Passcode

On

Watermark

All files

Allow specific users

Off

Allow download

Off

File permissions

Override downloads and security per file or folder

Files & folders

Regulatory & compliance

Clarity Bank Investor Deck.pdf

Financial Model 2025.xlsx

Loan Book & Risk.xlsx

A method comparison, honestly

No method is perfect, so the useful question is which trade-off you can live with. This table weighs the three things that matter: how much control you keep, how easy it is for the recipient, and whether you can see what happened.

Method	Control after sending	Ease for recipient	Visibility
Plain attachment	None	Highest, just open it	None
Password PDF or ZIP, password same channel	None, and the lock is exposed	High	None
Password PDF or ZIP, password separate channel	Low, file still lives forever	Medium, they juggle a password	None
Encrypted email (S/MIME, PGP, Proton)	Strong in transit and at rest	Low, both sides need setup	None, no open tracking
Gated, expiring, trackable link	High, expire and revoke any time	High, opens in a browser	Full, per viewer and time

The link approach is the only row that scores well on all three at once. Encrypted email protects the content beautifully but tells you nothing afterward and asks a lot of the recipient. Password files are a reasonable middle ground only if you are disciplined about the second channel.

How to password-protect a PDF before sending

If you are going to send an attachment, at least lock it properly. The steps differ slightly by tool, but the shape is the same.

1. Open the document in a PDF editor that supports encryption, such as Adobe Acrobat or the export options in many office suites.
2. Find the protect or security settings, usually under a Protect, Secure, or Export menu.
3. Choose to encrypt with a password, and set a strong, unique password you are not using anywhere else.
4. Save the file as a new, encrypted copy so you keep an unprotected original for yourself.
5. Email the encrypted file. Then send the password by a different channel, a text or a call, never in the same thread.

On macOS you can also use Preview to export a PDF with an encryption password. On Windows the built in print to PDF does not encrypt, so you will need Acrobat or a similar tool. Remember what this does and does not buy you. It scrambles the file, but it does nothing about forwarding, permanence, or visibility once the recipient has unlocked it.

How to send a secure link instead, step by step

This is the pattern we would actually recommend for anything sensitive. The example uses Plox, but the principles apply to any tool built around gated links.

1. Upload the document to Plox. It becomes a live link rather than a file you attach.
2. Turn on a gate so the link is not open to the world. You can Require Email to View, add a one-time passcode by email so the viewer proves they control the inbox, or Require Passcode that you share separately.
3. Restrict who gets in. Use an allowlist of specific email addresses so only the people you name can open it, even if the link is forwarded.
4. Decide what they can do. Disable downloads so the document stays in the browser, and turn on dynamic watermarking so each viewer sees their own email stamped across every page, which quietly discourages screenshots and leaks.
5. Set an expiry date so access ends automatically, and keep the ability to revoke the link the instant you need to.
6. Send the link by email as normal. Then watch. The analytics show you who opened it, when, how far they read, and you can set alerts so you know the moment it happens.

Documents

Share live links, never an attachment.

Upload

NameUpdated

Series A Pitch Deck.pdf

3 links

Sep 23

Investor link

Email required

248 views · 31 viewers

Warm intro from Sequoia

Passcode

62 views · 9 viewers · expires in 12 days

Public teaser

No protection

1,204 views

Financial Model 2025.xlsx

2 links

Sep 21

Series A diligence

Email required

Watermark

84 views · 12 viewers

Board copy

Passcode

16 views · 3 viewers

Cap Table.xlsx

1 link

Sep 20

LP update

Email required

31 views · 8 viewers

Term Sheet (final).pdf

0 links

Sep 12

The difference in posture is the whole point. With an attachment, your security work ends the moment you hit send and you are blind from then on. With a gated link, sending is the beginning. You keep a hand on the document, you can change your mind, and you can see what is happening. This is the core of how document control should work.

Which should I use, and when

Match the method to the stakes and to who is on the other end.

For low stakes internal files where everyone is trusted and visibility does not matter, a plain attachment is fine. Do not over engineer a lunch menu.

For a moderately sensitive file going to a non technical recipient as a one off, a password-protected PDF with the password sent by text is acceptable, as long as you accept that the file then lives forever and you cannot track it.

For anything where the content must stay private and both sides are already set up for it, encrypted email is a strong choice. In practice this is rare with outside parties, so do not count on it for ad hoc sends.

For sensitive documents going outside your organization, contracts, financials, pitch decks, anything tied to a deal, a person, or a deadline, send a gated, expiring, trackable link. It is the only option that keeps control and gives you visibility, and it is no harder for the recipient than clicking a normal link. For a whole collection of files under one structured space, a data room extends the same controls to a folder of documents.

A note on what nothing can stop

Be honest with yourself. No method makes a document unleakable. If someone can see a page, they can photograph their screen with a phone. Encryption, allowlists, disabled downloads, and watermarks all raise the cost and the risk of leaking, and watermarking in particular makes a leaked screenshot traceable back to the person who took it. But determined exfiltration of something a human is allowed to read is, ultimately, not a problem any tool fully solves.

The goal is not magic. The goal is to make the easy, accidental leaks impossible and the deliberate ones traceable, while keeping the power to revoke and the visibility to know what happened. That is a realistic, large improvement over an attachment, which offers none of it.

FAQ

Is it safe to send a sensitive document as a normal email attachment?

Not really. The connection is often encrypted in transit, but the file is usually stored unencrypted in the recipient's inbox, can be forwarded or downloaded freely, lives there indefinitely, and gives you no way to track or revoke it. For anything genuinely sensitive, encrypt the file or send a gated link instead.

Is a password-protected PDF actually secure?

The encryption itself is reasonable. The weakness is how the password travels. If you send the password in the same email or thread as the file, you have defeated the purpose. Send the file and the password on different channels, and remember that even then the file is downloaded permanently and you cannot see who opened it.

Why does almost nobody use encrypted email like PGP or S/MIME?

Because both sender and recipient have to set up keys or certificates and exchange them ahead of time, and most people on ordinary Gmail or Outlook accounts simply have not. It is genuinely strong when both sides are configured, but for one off sends to outside parties the setup friction usually makes it impractical.

How does a secure link protect a document better than an attachment?

The file stays on a server you control instead of landing in an inbox. You can gate it behind email verification, a passcode, or an allowlist, disable downloads, add a watermark, set an expiry, and revoke access at any time. You also see exactly who opened it and when, which an attachment can never tell you.

Can I take back a document after I have sent it?

With an email attachment, no. Once it is in the recipient's inbox it is theirs. With a gated link in a tool like Plox, yes. You can revoke access whenever you want, or let it expire on a date you set, and the document stops opening for everyone who had the link.

Can watermarking stop someone from leaking a document?

Not completely, since a person who can read a page can photograph their screen. What dynamic watermarking does is stamp each viewer's own identity across every page, so a leaked copy or screenshot points straight back to whoever shared it. It deters casual leaks and makes deliberate ones traceable.

Send your next sensitive document the controllable way

Stop hoping an attachment behaves once it leaves your outbox. With Plox, every file becomes a live link you can gate, watermark, expire, revoke, and watch. See exactly who opened it, and shut off access the moment you need to. Explore document control to send your next sensitive document with control you actually keep, on the Free, Pro, Team, or Data Rooms plan that fits you, with details on pricing.