What’s the safest way to send a PDF securely via email?
Whether you’re transferring a PDF file from one location to another via USB stick or over the Internet, the simple fact is that it may be intercepted along its route. As a result, careful thought must be put into the protection applied to your PDF files and the methods used to share them. Today, we’re going to teach you how to securely send PDF files as attachments to an email and discuss some misconceptions surrounding the topic.
Is sending a PDF via email secure?
A question many users have is whether sending a document in PDF format via email is secure. Though many present this as a simple yes/no answer, the truth is that it depends entirely on the measures you take to protect your PDF.
One misconception surrounding the topic is that Gmail’s in-built TLS encryption is enough to keep your PDF safe from being accessed by unauthorized uses. This assumption has some major flaws.
- Standard TLS encryption in email requires the recipient to also have TLS. Therefore, if your recipient’s email provider or client does not have TLS, no protection will be applied to its contents or attachments.
- While TLS protects documents in transit, it’s not end-to-end encryption. Your information can therefore still be intercepted in the mail server and read by others.
- TLS provides zero protection once a recipient receives the file. As soon as they receive it, they’re free to edit or share it at will.
You should also bear in mind that though you might know how to unsend an email in Outlook and Gmail, these built-in features have major limitations. If you sent a sensitive PDF to the wrong person without additional protection, you’re likely out of luck.
What about Gmail confidential mode?
Gmail’s confidential mode offers a different approach to secure email. Rather than encryption, it removes the option to copy, print, and download emails and their attachments, while enabling users to set an expiry date. The only problem is that it doesn’t really work:
- though Confidential mode disables the UI to copy, print, and download in the browser, users can still Right-click > Save as, print via Ctrl + P, or screenshot
- ticking a few boxes in Firefox’s style editor will also let you bypass the controls quite easily
- attachments are not protected at all
- emails aren’t protected end-to-end, opening companies up to man-in-the-middle attacks
- your emails are stored even after they expire (as evidenced by the fact they hang around in your ‘Sent’ folder
Gmail confidential mode doesn’t provide any real protection, then — just the illusion of it.
How to encrypt a PDF file for email
An alternative to this is encrypting the PDF itself, whether it’s through a product such as Adobe Acrobat or using end-to-end PGP encryption. If you use Open PGP software such as ArticSoft FileAssurity, you can encrypt PDF attachments and message text.
Sending a PDF securely via email with ArticSoft PGP encryption
While this is definitely an upgrade to TLS, protecting your files in transit and at rest, it doesn’t address the third issue: what happens after the user receives it. These methods protect a PDF use a password or certificate and once the PDF file has been decrypted by the user it can easily be shared with others for full access.
Password protection also provides another major problem – how do you send the password securely to others? You also need to make sure you use a strong password otherwise it can be easily cracked. See why you should not password protect PDF files.
So, if a password-protected PDF or even certificate encryption is not enough to fully protect your PDF file, what is? A PDF DRM solution like Locklizard provides end-to-end encryption while ensuring that the final part of the puzzle, control after it’s decrypted, is addressed.
Locklizard enables you to send PDF files securely and control their use:
- Prevent changes – restrict PDF editing and modifying
- Stop copying and copy/paste
- Disable PDF printing or enable secure prints
- Stop screenshots by preventing the use of screen grabbing software
- Expire PDF files automatically on a set date, after a number of days or opens
- Lock PDF files to devices and locations
- Prevent saving to unprotected formats
- Add dynamic watermarks that are permanent
- Secure PDF forms – stop form fields from being changed and form data altered after submission
- Track PDF opens and prints
- Revoke access at any time
PDF encryption without passwords or certificates
Locklizard encrypts PDF files without passwords (there are no passwords for you to manage or users to enter) so they cannot be easily broken or cracked. Unlike other rights management systems, we don’t use complex certificate based PKI systems either as they are cumbersome to manage. Instead we use a transparent key licensing system which securely delivers decryption keys to authorized users devices and ensures they cannot be shared by locking them to the device.
How to send a secure PDF attachment via email using PDF DRM
Here’s how to create a secure PDF file with encryption and DRM controls, and send a secure PDF via email (as a secure PDF attachment) using Locklizard Safeguard PDF DRM Security software.
- Install Safeguard Writer, then right-click on your PDF and select “Make secure PDF”
- Open the “Document Access” tab and choose “Selected customers”
- Choose the DRM controls you want to enforce
Creating a secure PDF file using Locklizard Safeguard PDF DRM
Move through the tabs of Safeguard PDF Writer and add any DRM controls you want to apply to your document. By default, Locklizard secure PDF files cannot be edited, copied and pasted, printed, or saved as unprotected PDF files. If you enable printing then we stop users printing to file drivers such as PDF and other unprotected file formats (otherwise they could remove the security). Here are a few of the DRM controls that are available:
- Printing and viewing limitations: control how many times the document can be opened or printed, allow only degraded printing, or disable printing.
- Screenshot blocking: stop users using print screen or screen grabbing tools to take high quality screenshots of document content.
- Expiry date: there’s often little need to have a document available until the end of time and document retention policies may actually state this. The longer a document is in the open, the more chance it has of being shared. Applying PDF expiry allows you to reduce that time, either from the first open or preventing access once a specific date has been reached.
- Watermarking: dynamic watermarks identify individual users, both as a deterrent for copying (photos or photocopies) and help track down the source of any leaks.
- Press the “Publish” button at the bottom of the dialog to protect the PDF file.
- Now grant a user access to it. Open your Safeguard administration system and log in.
- Open the “Customers” tab and press “Add” in the sidebar
- Enter the user information and click on the “Set Document Access” link in the “Manage Access” section
- Select your document and press “OK”
- Press the “Add” button on the customer account.
Keep the “Email license” checkbox checked to have the license file emailed to the user’s email address that you have entered. The user will be sent an email with their license key and instructions on how to download the secure PDF viewer software. You can also choose to untick ‘Email license’ if you’d like to share this information with them via other means.
How to securely send PDF files
Once users have installed the secure Viewer software and registered their license file, you can securely send PDF files to them via email (as a secure PDF attachment) and be sure that only they can open them.
Just select the protected PDF file (.PDC file) and attach it your email message.
Emailing a secure PDF attachment that has been protected with Safeguard PDF Security
Of course, you can also share the protected PDF file via your favorite workplace chat app, cloud storage, or another document-sharing solution. As only the recipient has authorized access, nobody else will be able to open the secure PDF document. For more information on cloud storage sharing see – How to share PDF as a link.
If you want to prevent users opening the secure PDF file outside certain locations (such as the office) you can add country and IP restrictions in the Safeguard Admin System.
How to send a password protected PDF
As mentioned earlier, password-protected PDF encryption has inherent flaws and should not be used in a business environment. However, if you have little choice, we can at least guide you on how to send a password-protected PDF in the least risky way possible.
Encrypting a PDF with a password using Adobe Acrobat
7 Tips for sending a PDF securely via email
- While you don’t need to download a solution to password-protect a PDF, uploading sensitive documents to a remote server isn’t typically the best idea since you have no control over them or any temporary files created. PDF encrypt is an example of an open-source, free app that you can run locally to encrypt documents using a password.
- If you must use a password-based system, make sure your password is secure. An 8-character password with no numbers can be brute-forced in 0.19 milliseconds. Adding numbers or symbols significantly increases that time. However, for this to hold true, your password must still avoid popular words and numbers like dates or “123” otherwise the password will be easily broken by a password cracker that tries commonly used passwords and dictionary attacks.
- Agree beforehand the method you are going to use to send the password securely to others such as a secure text messaging or secure email app.
- Once you have encrypted your PDF, you should ideally send and share it only with those you have some degree of trust in. It’s definitely not recommended to share password protected PDF files outside of your organization. Make no mistake, a strong password on your PDF will still only slow someone down.
- Most importantly, don’t rely on PDF permissions to prevent editing or printing. There are many methods users can use to easily remove these, from using third-party tools, to simply uploading PDF files to Google Drive to bypass PDF restrictions.
- When you do send the PDF, it’s best to do everything you can to avoid interception by a third-party. As a result, an end-to-end encrypted filesharing, email, or messaging service may be better suited.
What’s the safest way to send a PDF securely?
We hope this guide has provided some clarification on whether sending a PDF file via email is secure and how to securely send PDF files as attachments. In summary:
- While sending a password-protected PDF is convenient, the method provides very little real-world protection unless you use a long and strong password and have a secure method of sharing it with others. See 10 Reasons NOT to password protect PDF files.
- Using certificates is a better way to send a PDF securely since you don’t have to worry about password transmission, but certificate encryption also has its issues. We explore the pros and cons of password vs certificate encryption in this article – What is best, certificates or passwords for PDF encryption?
- Adobe PDF restrictions or permissions to restrict editing or disable printing are useless since they can be easily ignored or removed. See How to remove PDF passwords and restrictions.
- Using PDF DRM to create a secure PDF attachment is the safest way to send a PDF securely by email. This is because you can stop unauthorized users from viewing the PDF, prevent additional distribution AND control how it can be used.
If you are currently sending password encrypted documents via email, we strongly recommend you switch to a PDF DRM solution so you don’t have to worry about key management. As well as eliminating antiquated authentication systems, a PDF DRM solution like Locklizard Safeguard provides a wide range of DRM controls you can use to ensure your PDF’s safety after it reaches the intended recipient. Not only does Locklizard enable you to send a PDF securely, it enables you to create a secure PDF that can’t be edited, copied or shared with unauthorized users.
Can email encryption software be used to send documents in PDF format securely?
Yes. But email encryption software only protects the document when it is in transit and at rest (sitting unopened on a PC). Once a user decrypts and opens the document, they can do whatever they like with it, including saving an encrypted version that they can pass on to others, editing it, etc.
If you need to protect the contents of a document from copying, editing, printing, or prevent unauthorized sharing, then you need to implement additional security, such as digital rights management (DRM) controls.
What’s the best way to send an encrypted or protected PDF?
If a PDF is encrypted using a strong algorithm, the method you use to send it is unimportant. It is more important how you distribute the key to unlock the document and how you control use once it is opened. If the key is exposed to the user at any point, it can be shared with unauthorized users so that they too can open the document. The same can be said for when the key is embedded in the document and linked to a password, such is the case with Adobe PDF security. Meanwhile, if you cannot stop the user from copying and pasting, printing, or screenshotting the document, then secure key distribution is of limited help as the receiver can still easily share the contents with others.
If I encrypt a PDF for email, will that prevent sharing?
No. File encryption does not stop sharing because it makes no attempt to control what happens after a user opens the PDF and it is decrypted. The user you send the PDF to can simply share the decrypted file.
What’s the best way to send a PDF securely by email?
Protect it using PDF DRM software before you send it. A good PDF DRM solution will protect the PDF file in transit, at rest, and while in use, locking it to authorized devices. This is something that standard email encryption is unable to achieve.
How can I send documents securely over the internet?
If you protect your documents with a good DRM solution users will not be able to view, share, print, or edit your documents without your permission, regardless of the method you use to send them.
Can you send files securely using Google Drive?
Yes. However, as Google Drive is not a secure way to send documents, you must make sure that you protect your files with a DRM solution before you upload them. Drive’s default security will otherwise allow users to print, copy and paste, screenshot, and remove watermarks from your documents without your permission.