Granite

Guide · Security

How to send documents securely (and when not to email them)

At some point you'll need to send a tax form, an ID, or a financial statement to a bank, a landlord, or an accountant — and the default move, a plain email attachment, is one of the least safe options available. This guide covers why email is the wrong default for sensitive documents, the safe methods ranked from best to worst, how to encrypt a file before you send it, and the habits that keep your documents safe online. It is practical, vendor-neutral, and honest about the trade-offs.

16 min read · Updated 2026-05-29

Why email is the wrong default for sensitive documents

Email feels safe because it's familiar, but familiarity isn't security. The common belief that "email is fine, it's encrypted now" is half true in a way that matters. Between the major providers, email is usually encrypted in transit— the connection from your provider to the recipient's is protected with TLS. But that is not the same as end-to-end encryption, and the gap is exactly where sensitive documents get exposed.

Here is what actually happens when you email a scan of your passport. The file travels in transit-encrypted form, then sits in readable formon your provider's servers, the recipient's provider's servers, your sent folder, and the recipient's inbox — indefinitely. Any of those copies can be read by the provider, exposed in a data breach, or forwarded onward in one click. Email was designed to deliver messages, not to protect them at rest, and inboxes are one of the most heavily targeted assets in any breach precisely because they accumulate a lifetime of documents in plain view.

None of this means email is useless — for a restaurant reservation or a meeting agenda it's perfect. The point is to match the method to the sensitivity. A document that could be used to impersonate you, drain an account, or commit fraud — a Social Security number, a passport, a bank statement, a tax return — deserves better than the channel you'd use to send a recipe. The rest of this guide is about what "better" looks like in practice.

The one rule that matters most

Before the specific methods, the single most useful principle: the safest document to send is the one you don't have to send at all.Every copy you transmit is a copy you no longer control — it lives on someone else's device, in their inbox, maybe in their own forwards. So the first question isn't "how do I send this securely," it's "do I need to send this, in this form, to this person, right now?"

That reframing changes a surprising number of situations. Often the recipient doesn't need the full document — a landlord asking for "proof of income" may not need your entire tax return, just one page or a redacted figure. Often there's a better channel you've overlooked: the institution has a secure portal you didn't notice. And often the request itself is worth questioning — a legitimate organization will have a secure way to receive sensitive information, so if someone insists you email your Social Security number as a plain attachment, that's a reason to slow down, not to comply.

The second half of the rule is control where the copies live. If your documents are scattered across old emails, you end up re-sending them constantly, spawning new copies every time. If they live in one organized, encrypted place, you send deliberately — the right document, once, through the right channel — and you're not leaving a trail of attachments behind you. That's the upstream habit this whole guide rests on, and it's where a real vault earns its place.

The safe methods, ranked

When you genuinely do need to send a sensitive document, here are the options from best to worst. The right one depends on who's receiving it and how sensitive the document is, but this is the order to reach for them in.

1. The recipient's secure portal (best, when it exists)

Banks, lenders, lawyers, accountants, healthcare providers, and government agencies almost always have a secure upload portal— a website where you log in and upload the file directly into their system, never touching email. This is the safest option because the document goes straight to the destination with no inbox copies in between. If an institution asks you to email something sensitive, ask whether they have a portal; they usually do, and it's usually the channel they actually prefer.

2. End-to-end encrypted transfer

When there's no portal, an end-to-end encryptedservice is next best — one where the content is encrypted on your device and can only be decrypted by the recipient, so the service itself can't read it. This includes end-to-end encrypted email services and encrypted file-transfer tools. It's the strongest general-purpose option for person-to-person sending, with the trade-off that it often works best when both sides use a compatible tool.

3. A password-protected file, with the password sent separately

A practical option that works with any email: encrypt the file itself with a strong password, attach it, and send the password through a different channel— a text or a phone call. Even if the email is intercepted or breached, the attachment is useless without the password. The catch is the password discipline (covered in the next section); done right, this is a solid baseline when the fancier options aren't available.

4. Confidential mode (a modest step up)

Gmail and Outlook offer a "confidential" mode that adds expiration and forwarding limits. It's better than a plain attachment for moderately sensitive material, but — as the dedicated section below explains — it is not real encryption, so don't lean on it for your most sensitive documents.

5. Physical mail (for originals)

Sometimes the right answer isn't digital at all. For irreplaceable physical originals, certified mail with tracking or hand delivery can be safer and is sometimes legally required. Never put a sensitive number on the outside of an envelope or a postcard, and use a traceable method so you know it arrived.

How to encrypt a file before you send it

Password-protecting a file is the most accessible form of real encryption, and it works no matter what channel you ultimately use. Most PDF tools — Adobe Acrobat, the export options built into macOS Preview and many editors — let you set a password that encrypts the file, typically with strong AES-256 encryption. A password-protected ZIP archive does the same for a batch of files. The encryption is genuinely strong; the weak link is almost always the password and how you share it.

Two rules make this work. First, use a strong, unique password— a long passphrase, not a birthday or a word from the dictionary. Encryption that's mathematically sound can still be defeated by a password a cracking tool guesses in seconds. Second, and this is the one people break constantly: send the password through a different channel than the file.If you email the encrypted PDF, do not email the password — text it, call with it, or share it through a password manager's secure-share feature. A password sitting in the same inbox as the file it unlocks provides no protection at all.

The counter-argument you'll hear is that this is fiddly, and it is — which is exactly why a secure portal or an end-to-end encrypted service is preferable when available. But password-protection's great virtue is that it works everywhere, with tools you already have, against the most common threat (an exposed inbox). When in doubt and short on options, encrypt the file and split the password from it.

Gmail and Outlook confidential mode, honestly

Both Gmail and Outlook offer a "confidential" sending mode, and it's worth understanding exactly what it does and doesn't do, because the name oversells it. What it does: lets you set an expiration date on the message, blocks the recipient from forwarding, copying, downloading, or printing through the email interface, and can require a one-time passcode sent by SMS. For a moderately sensitive document going to someone you broadly trust, those are real, useful guardrails.

What it does notdo is encrypt the content end-to-end. The provider — Google or Microsoft — can still access the message and attachment. The "no forwarding, no download" restrictions are enforced by the interface, not by cryptography, so a determined recipient can simply photograph their screen. And the document still lives on the provider's servers. In short, confidential mode raises the bar against casual mishandling, but it is not protection against the provider, a breach, or a recipient who wants to keep a copy.

The honest verdict: confidential mode is a reasonable step up from a plain attachment, and using it costs you nothing. But don't let the reassuring label talk you into emailing your most sensitive documents that you otherwise wouldn't. For those, reach for a secure portal or true end-to-end encryption instead.

What not to do

A short list of the habits that cause the most avoidable exposure. None of these are exotic mistakes — they're the ordinary shortcuts almost everyone takes.

  • Don't email a plain, unencrypted attachment of anything sensitive. A Social Security card, a passport, a full bank statement, a tax return — these should not travel as a bare email attachment, for all the reasons in the first section.
  • Don't text a photo of your ID or SSN.Text messages are generally not end-to-end encrypted across platforms, the image lands in the recipient's camera roll and cloud backup, and it lingers in both phones indefinitely.
  • Don't send a public or "anyone with the link" cloud share. A link with no access control can be forwarded, indexed, or guessed; if you must use cloud sharing, restrict it to a specific person and set it to expire.
  • Don't leave sensitive documents sitting in a shared folder nobody manages.A shared Drive or Dropbox folder slowly accumulates everyone's sensitive files in readable form — see how Granite compares as a more secure Dropbox alternative or a Google Drive alternative that actually reads your files.
  • Don't put the password in the same message as the file.It's the most common way a careful encryption step gets quietly undone.

When someone needs to send something to you

Security runs both directions, and the receiving side is easy to forget. If a family member, a tenant, or a client needs to send yousomething sensitive, the same logic applies — and you're the one who should offer the safe channel, because most people will default to a plain email attachment unless you give them something better.

The simplest move is to ask for less: tell them which single page or figure you actually need, not the whole document. When you do need the full thing, suggest a method — "send it password-protected and text me the password," or point them at a secure upload if you have one. And model the behavior you'd want: never ask someone to email you their Social Security number or a full account number as a plain attachment, because that normalizes exactly the habit that gets people's identities stolen.

One more receiving-side habit: don't let what people send you pile up in your inbox. The moment a sensitive document arrives and you've used it, move it somewhere encrypted and delete the email copy. An inbox full of other people's IDs and statements is a breach waiting to implicate not just you but everyone who trusted you with their paperwork.

Send less by keeping your documents in one place

Step back and most "how do I send this securely" problems trace to the same root cause: the documents are scattered, so you're constantly re-finding and re-sending them, spawning new copies through whatever channel is closest to hand. Fix the storage and you shrink the sending problem. That's the honest, upstream role a document vault plays here — and it's worth being precise about what it is and isn't.

Granite is a personal vault, not a secure file-transfer service.It does not send documents to third parties for you, and this guide's methods — a secure portal, an end-to-end encrypted channel, a password-protected file — are still how the actual transmission should happen. What Granite does is upstream of that: you drop each document in and it's read, filed, and organized automatically, so when you need to produce a specific form you pull the exact, current version in seconds instead of scrolling years of email. You send the right copy, once, deliberately — not a whole thread.

On the storage itself, the honest specifics: Granite encrypts every document at rest with envelope encryption, and sensitive fields are encrypted per row, so what sits in storage is ciphertext rather than readable files. To be precise — this is encryption at rest, not zero-knowledge: Granite holds the keys needed to run the service, which is what makes reading and search work, and it means we could technically access your files. You can read exactly how Granite encrypts your documents, and you can export your entire archive at any time. That's a far better home for sensitive paperwork than an inbox — but it's a place to keep documents, not a wire to send them down.

Keeping documents safe online, generally

Sending is one slice of a larger question: how do you keep important documents safe online at all? The same principles that make a send secure make storage secure, and three habits cover most of the risk.

First, stop treating your inbox as a filing cabinet.Email is the single richest target an attacker can hit, because it holds a readable archive of everything you've ever sent or received. Pull sensitive documents out of email and into a place built to protect them. Second, choose storage that encrypts at rest and lets you control accessrather than a shared folder that anyone with a link can open; the difference between "encrypted, access-controlled" and "readable to anyone who finds the link" is the whole game. Third, minimize copies — every duplicate in a downloads folder, a chat thread, or a second cloud account is another thing that can leak.

This is the same job whether you frame it as sending safely or storing safely, and it pairs naturally with the rest of getting your paperwork in order. If you want the storage side in depth, see how to store important documents at home; for how long each document even needs to stick around, see how long to keep important documents. Fewer copies, kept in fewer and safer places, is the throughline.

A simple playbook

Collapsed into something you can actually follow the next time you have to send something sensitive:

  • Ask if you can send less — one page, a redacted figure, or nothing at all if the request is questionable.
  • Check for a secure portal first. If the recipient is an institution, they probably have one; use it instead of email.
  • No portal? Encrypt and split. Password-protect the file with a strong password and send that password by a separate channel — never in the same email.
  • Treat confidential mode as a minor step up, not a safe. Fine for moderate sensitivity, not for your most critical documents.
  • Clean up after. Delete the email copies once the document has done its job, and move the original to somewhere encrypted.

And upstream of all of it: keep your important documents in one organized, encrypted place so you're sending deliberately instead of scrambling. If you're organizing the broader pile, see Granite for important documents. Granite reads, files, and encrypts each document at rest and is free for your first 25 documents — enough to get the sensitive ones out of your inbox and into a place built to hold them.

FAQ

Sending documents securely, answered

Is it safe to send important documents by email?
Usually not, for genuinely sensitive documents like a Social Security number, a passport, or financial account details. Email between major providers is typically encrypted in transit, but it is not end-to-end encrypted: your email provider can read it, it's stored in readable form on several servers, and a copy lingers in your sent folder and the recipient's inbox indefinitely — all of which makes a single account breach a serious exposure. For low-sensitivity documents email is fine; for anything that could be used for identity theft or fraud, use one of the safer methods in this guide instead.
What's the safest way to send a document?
When the recipient is an institution (a bank, lawyer, accountant, or government office), the safest option is almost always their own secure upload portal — use it instead of email. When there's no portal, an end-to-end encrypted service or a password-protected file with the password sent through a separate channel (a text or a phone call, never the same email) is the next best. Gmail and Outlook confidential modes are better than a plain attachment but are not true encryption. For irreplaceable physical originals, certified mail or hand delivery can be the right call. Match the method to how sensitive the document is.
How do I password-protect a PDF before sending it?
Most PDF tools (including Adobe Acrobat and the built-in export options on macOS and many editors) let you set a password that encrypts the file, typically with AES-256. Use a strong, unique password — short or guessable ones can be cracked — and, crucially, send the password through a different channel than the file itself. If you email the PDF, text or call the recipient with the password; sending both in the same email defeats the entire point. A password-protected file is a solid baseline when you don't have access to a secure portal or an end-to-end encrypted service.
Is Gmail's confidential mode actually secure?
It helps, but don't mistake it for encryption. Confidential mode lets you set an expiration date and block the recipient from forwarding, copying, downloading, or printing through the Gmail interface, and it can require an SMS passcode. But it is not end-to-end encrypted — Google can access the content, the recipient can still photograph the screen, and the protections are interface-level rather than cryptographic. It's a reasonable step up from a plain attachment for moderately sensitive material, but for the most sensitive documents, prefer a secure portal or true end-to-end encryption.
Does Granite let me send documents to other people?
Granite is a personal document vault, not a secure file-transfer service, so the honest answer is that the actual sending still happens through one of the methods in this guide. Where Granite helps is upstream: keeping your sensitive documents in one encrypted, organized place means you're not digging through old emails to re-send the same form, and you can pull the exact, current document instead of forwarding a whole thread. Granite encrypts your documents at rest and you can export an encrypted archive at any time — but for transmitting a file to a third party, use a secure portal or an end-to-end encrypted channel.
How can I keep important documents safe online?
Three habits cover most of it. First, stop using email as long-term storage for sensitive documents — an inbox is a high-value target that holds everything in readable form. Second, keep your important documents in a place that encrypts them at rest and lets you control access, rather than a shared cloud folder anyone with the link can open. Third, send sparingly and deliberately, using a secure method matched to the sensitivity. Granite encrypts every document at rest with envelope encryption and per-row encryption on sensitive fields; note this is encryption at rest, not zero-knowledge, and you can export everything at any time.

Keep reading

Related from Granite

The safest document is the one you don't have to re-send

Keep your sensitive documents in one encrypted, organized place, and you stop digging through email to re-send the same forms. Granite reads and files each document, encrypts it at rest, and is always exportable. Free for your first 25 documents.

Get GraniteTry the live demoSee pricing