Guide · Email

How to send a confidential PDF via email safely

By Giulio Palumbo Schiavone · Published April 18, 2026 · 8 min read

TL;DR — Email is not private by default. If a PDF is confidential, encrypt it with a strong password, send the password through a different channel, and don't rely on “the inbox is locked” as protection. This article walks through the real threats and the one workflow that actually works.

Most people assume that an email attachment stays private because the inbox is password-protected. That's not how email works. A single attachment can pass through half a dozen servers, land in forwarded threads, be auto-backed up by a client app, or sit in a never-emptied “Drafts” folder for years. If the PDF itself isn't protected, you aren't protected.

What can actually happen to an “unprotected” attachment

It gets forwarded by mistake. The recipient meant to forward the message above, included your whole thread, PDF and all, to an external vendor.
It's indexed by a third-party service. Many email clients and “productivity assistants” parse attachment content for search, AI summaries, or CRM enrichment.
It's cached on a shared device. A family iPad, a desktop borrowed by a colleague, an Outlook profile in a conference room.
The mailbox is breached later. Old emails stay forever. A compromise three years from now still exposes today's PDF.

None of these require a sophisticated attack. All of them have happened to someone every single day.

The only workflow that actually works

Encrypt the PDF itself, send the password through a different channel, and treat the email as a dumb pipe. Three steps.

Encrypt the PDF before attaching. On iPhone, the fastest way is a dedicated app. See How to password-protect a PDF on iPhone. Use AES-256 if the option is available.
Use a strong, unique password. Not your dog's name. Not the recipient's last name. Generate one in your password manager: at least 14 characters, mixed.
Send the password through a different channel. iMessage, Signal, WhatsApp, SMS, a phone call — anything that isn't the same email thread. If your email gets intercepted, the attacker still can't open the PDF.

Password channel: what to use, what to avoid

Good channels

Signal, iMessage, WhatsApp — end-to-end encrypted, easy to use.
A voice or video call — the password is not written down anywhere.
A separate email account — much better than nothing, especially if the accounts belong to different providers.

Bad channels

The same email thread. Obvious, but still the most common mistake. “Password: abc123, see attached” defeats the entire point.
A shared network drive or Slack channel. Anyone with access to that channel eventually has access to the password.
Public social DMs on unencrypted platforms — LinkedIn, Twitter/X direct messages.

Rule of thumb: if the password lives in a place that's also a likely place for the email to leak, you haven't separated channels — you've just created two copies of the same risk.

For extra-sensitive documents: go beyond a password

For some documents — passport scans, notarized contracts, health records — a password isn't the whole answer. Consider layering:

A secure transfer link (Firefox Send, Tresorit Send, or your organization's secure portal). The link expires; there's no permanent attachment.
An encrypted archive. Put the PDF in a password-protected ZIP or 7z if your recipient has tools for it.
End-to-end encrypted email (ProtonMail, Tuta) when both sides use the same provider.

For day-to-day confidential documents — contracts, invoices, certificates — a password-protected PDF plus a separate password channel is enough.

What about “just uploading it to the cloud and sharing a link”?

Google Drive, iCloud, and Dropbox have solid infrastructure, but a link-only share is as secure as the link's access settings and the password of whoever opens it. Points to check:

Restrict to specific people, not “anyone with the link”
Set an expiration date if the platform supports it
Turn off downloads if read-only access is enough
Revoke access after the recipient has downloaded

Even with all that, a password-protected PDF inside the shared folder adds one more layer that travels with the file no matter where it ends up.

Lock sensitive PDFs before you send them

Add a strong password to any PDF on your iPhone in seconds. On-device only.

Download on the App Store

Frequently asked questions

Isn't Gmail / Outlook encrypted already?

They use TLS for transport, which protects the email while it moves between servers. They do not encrypt the attachment at rest in a way that prevents the provider, a future breach, or an inbox forward from exposing it. For confidential content, protect the file itself.

Does password-protecting a PDF prevent the recipient from forwarding it?

No. The recipient can still forward the file — they just can't un-protect it. Anyone they forward to will also need the password. That's the point: the protection travels with the file.

Can I use the same password for everyone?

You can, but please don't. If one recipient leaks the password, everyone else's documents become readable too. Use a unique password per recipient — your password manager makes this trivial.

What's a “strong enough” password?

In 2026, a random 14-character password with upper, lower, digits, and symbols is far beyond brute-force range. A memorable phrase of 5+ unrelated words (like a “diceware” password) is also excellent. Anything short, predictable, or personally identifiable is weak.

Bottom line. Treat every email as if it might be read by someone else one day. The only reliable protection is in the file, not in the inbox. A password-protected PDF plus a password shared out-of-band gets you 99% of the way there, for the cost of one extra minute before hitting Send.