How to send files securely by email

Email is the most natural way to send someone a file — and one of the least private. A plain attachment isn't end-to-end encrypted: it's copied across mail servers and lives in inboxes long after you forget about it. The fix isn't to abandon email; it's to change what you send through it.

The short answer

Don't attach the file — email an end-to-end encrypted link instead, and share the access PIN through a different channel. The email then carries only a link that can't be opened on its own, so the file itself never sits on a mail server in readable form.

Why email attachments aren't private

• No end-to-end encryption. Email is typically encrypted in transit (TLS), but each mail server along the way can read the attachment — encryption in transit is not the same as keeping the file unreadable to everyone in the middle.
• It lingers. The attachment stays in the sender's “sent” folder, the recipient's inbox, and on backup servers — copies you can't recall or expire.
• One breached account exposes everything. Anyone who gains access to either inbox gets the file along with it.

The secure pattern: email the link, not the file

Instead of attaching the file, you encrypt it with a peer-to-peer tool and get back a link. The file streams directly between browsers and is never stored on a server, so the email only ever contains a pointer — not the data. Two design details make this genuinely safe:

• The key stays out of the email. The decryption secret lives in the link's URL fragment (after #), which browsers never transmit to a server, and a separate PIN is shared out of band.
• The service can't read it either. This is the zero-knowledge property: the provider never holds the key, so it cannot open the file even if asked.

How to send a file securely by email, step by step

1. Encrypt the file with a peer-to-peer tool instead of attaching it. That's what SaferDrop does — the file is encrypted in your browser and never uploaded to a server.
2. Copy the generated link and paste it into your email as you would any other link.
3. Send the PIN through a different channel — a text message or a quick call — never in the same email as the link.
4. The recipient opens the link and enters the PIN. The file streams to them and decrypts on their device — no account, no install.
5. Nothing lingers. Once delivered, there's no attachment left on a mail server to leak later, and the link expires.

A quick checklist before you hit send

• Are you sending a link to an encrypted transfer rather than a raw attachment?
• Is the file encrypted before it leaves your device?
• Is the PIN shared on a separate channel from the email?
• Does the link expire instead of living in inboxes forever?

For the general method on any file, see how to send files securely; for sensitive paperwork specifically, see how to send confidential documents.

Frequently asked questions