How to send secure documents via email—what is the safest technique?

Learn how to send secure documents via email—we present various methods and explain how end-to-end encryption protects your data and online correspondence.

Email is the fastest and safest way to deliver digital documents, provided you use password protection or encryption to protect your content. In this article, we will explain how to send secure documents via email, namely the following three options:

Creating and sending password-protected documents
Encrypting documents for email
Using an email encryption service

Send documents securely with SkiffAny data, including documents, remains private to you only with Skiff Email

Password protection vs. encryption—what’s the difference?

Emails travel through unreliable networks and servers beyond your control. The biggest threat involved in sending documents via email is the potential for unintended third parties to scan, download, or share your files during transit, and that’s where data-protection measures come in.Password protection and encryption are often used interchangeably in conversations about gatekeeping information, but they are separate (albeit overlapping) concepts.Password protection is similar to putting a message inside a padlocked box. Anyone with the key—i.e., the password—can unlock the box. Password-protecting a document ensures it cannot be scanned for data as it travels through the email network. The password is usually communicated via out-of-band channels like Signal, an end-to-end encrypted messaging app. In most cases, a password-protected email will be symmetrically encrypted to ensure content remains unknown to all servers and networks in between the sender and recipient.The biggest risk of sending password-protected attachments is password-centric email attacks. If you use a weak password, your document could be intercepted with brute force or dictionary attacks.Compared to password protection techniques, encryption built into your email client offers a higher level of security. Encryption is a mathematical process that requires scrambling the document content using advanced cryptography, and only the party holding the decryption key can access the message. Random decryption keys, unlike passwords, are far more immune to brute force and similar attacks.

How to send a password-protected document via email

You must add a password to a document before you attach it to an email.The process isn’t universal because not all software providers have this feature built in, and those that do have set up unique methods to password-lock files. We have outlined the procedures implemented by popular providers in the following table:

Product	Password-protection technique
Microsoft Office Suite	You can password-protect MS Office Suite files (Word, Excel, and PowerPoint) using the Encrypt with password feature. The way to access this option depends on the version of the software. In most cases, it’s under the Prepare the document for distribution function. Keep in mind that even if MS Suite has encryption, the decryption key is reduced to a simple user-picked password, which makes the document far more vulnerable to hacking
Adobe Acrobat	Add password protection to an Adobe Acrobat PDF document by accessing the Protect feature from the Tools menu
Apple iWork Suite	You can set up document passwords for Apple Pages, Numbers, and Keynotes by choosing Set Password from the File menu
Google Docs	Google Docs items cannot be protected with a password as your account login is considered a security clearance, so sending a page link via email might not be the best idea. There are third-party add-ons available to enable password protection for Google Docs, but the reliability of such products is variable

Then, you can upload your password-protected document to your email as a regular attachment before sending it.

Precautions when sending password-protected documents

Ensure you’re communicating the password via a secure channel. Do not send it via email unless you use an email service secured by end-to-end encryption.In most cases, setting up a password implies you have to provide it every time you open the file. Forgetting or misplacing the password means you lose access to the file.Password management is inconvenient if you send confidential files frequently, in which case email encryption is a far more efficient method for you.

How to encrypt documents for email—end-to-end encryption solutions

Encryption is one of the oldest data security measures. It converts information into ciphertext, accessible only with a decryption key. Most email service providers (ESPs) offer encryption in transit to attachments by default, but that is not enough for security as email providers still have access to your files.Gmail uses Transport Layer Security (TLS) protocols to protect the contents of your message as it travels through the network, but there is no encryption defense when it rests on a server. The decryption key is also created and managed by Gmail, not the user, so you have no real control over your document’s safety. Outlook also manages in-transit encryption for the user, leaving your communication vulnerable to insider attacks and other threats.If you send sensitive documents via an email service, you must use end-to-end encryption (E2EE) to protect your attachments. E2EE ensures the messages are protected at rest and in transit, so they’re safe from network- and storage-level threats. E2EE allows better account control because the encryption protocols are applied on the user’s device, and the keys are owned and managed by the sender and the recipient, not the ESP.

Get a robust E2EE solutionSkiff Email comes with built-in encryption features ensuring your data remains safe

How to send encrypted files over email—use compatible E2EE standards

If you’re using a third-party E2EE software to encrypt your attachment, you must ensure the recipient uses a compatible service algorithm. In the case of Pretty Good Privacy (PGP) or Secure/Multipurpose Internet Mail Extension (S/MIME), the recipient’s software must support the same encryption standard. Refer to the following table to learn about these standards:

E2EE standard	Meaning
PGP	PGP is designed to enable the encryption of plain data using a public and private key pair. Users typically publish their PGP public fingerprint online or on business cards while keeping their private key to themselves to decrypt incoming emails
S/MIME	S/MIME has a different encoding format and key distribution setup than PGP. It is preferred for sending multimedia attachments in a secure manner

The process of encrypting attachments usually depends on your software. In most cases, you must:

Download the software and connect it to your existing email account
Create the message and manually choose to encrypt the file
Follow the instructions specified by your E2EE provider
Send the email

Merging E2EE services with your existing email account can be time-consuming, which is why providers with built-in encryption features have gained traction in the past few years.These do not require managing complex software and key servers that are needed for S/MIME or PGP.

How to send secure email attachments using a dedicated encrypted email service

Using a provider with built-in encryption features is the best way to send secure documents via email. It doesn’t involve multiple programs or adding and keeping track of passwords but uses a single window for the job.Go for E2EE service providers that offer public-key or asymmetric cryptography, where each user has a public and private key. Symmetric E2EE with a password is fast and simple, but it requires communicating a password separately, making the process harder and more complex.It is also important to specifically ask for end-to-end encryption services, as many providers offer at-rest and in-transit protection as E2EE—but they’re not the same. Here’s how they differ:

In-transit encryption protects data transmitted between servers, while at-rest encryption protects data stored on servers. They are configured by the network or the ESP, which own the decryption key
E2EE protects data on user endpoints. The network or the email service provider cannot access the keys or email content at all

In the past, E2EE email services were pricey, slow, and difficult to use—but not anymore! Skiff offers a fast and reliable private email solution. Skiff’s user interface is minimalistic, visually appealing, and easy to use, so anyone can create a Skiff account for free and benefit from the platform’s convenient E2EE-driven ecosystem!

Emailing encrypted files is a cakewalk with Skiff!

Imagine the convenience of Gmail combined with E2EE—that’s what Skiff brings to the table! The platform’s users enjoy end-to-end encryption not only for attachments but for their entire accounts. Here’s how to send confidential documents using Skiff Mail:

Log in to your Skiff account
1. If you’re new, all you have to do is set up a username and a password to sign up
Write your content and add an attachment
Follow the encryption protocol
Hit Send—and you’re done!

All correspondence exchanged between Skiff users is guaranteed to remain end-to-end encrypted. If you send messages to recipients using third-party services, Skiff never stores any plaintext copy of sensitive data on its servers. Skiff Mail is open source, and everything about the encryption model can be accessed online, including:

Whitepaper
Skiff Mail’s client
Typed-AEAD encryption envelope
UI component libraries

Why is Skiff the safest way to email sensitive documents?

Skiff stands apart from other E2EE services because it encrypts everything created or uploaded by the user, including the metadata of their attachments, email content, and email subjects. Encrypting metadata is important because it contains crucial identifiers like time of creation, geotag, and modification date that should remain private.Skiff’s E2EE architecture is designed on a zero-trust policy, which means no one besides the authorized recipients has access to the message. Even Skiff cannot access your inbox or attachments.

Skiff offers additional security features, giving you the peace of mind that comes from complete ownership of your inbox. Check them out:

Two-factor (2FA) authentication—You can include 2FA verification upon login to facilitate impregnable entry security
Zero-knowledge login—You don’t have to provide personal identifiers to use Skiff, so its servers are free from any info that can be used to trace users. You can optionally add a recovery email address
Decentralized storage—Skiff offers secure, centralized storage but also the option to integrate with a decentralized InterPlanetary File System (IPFS) for enhanced portability and privacy
Secure crypto wallet integrations—Skiff has revolutionized the landscape for crypto users who see privacy as an asset. Connect your crypto wallet with Skiff and enjoy hassle-free and 100% anonymous digital transactions!
Multi-platform support—You can access Skiff from any browser or opt for Android, iOS, and macOS apps

Skiff can replace your big tech email—here’s how!

Skiff offers a complete product suite to help with your everyday tasks. Besides Skiff Mail, you can enjoy enabled E2EE support for:

Skiff Pages—The document creation and sharing tool helps you create an end-to-end encrypted workspace for real-time collaborations. Create notes, wikis, and tables, and opt for decentralized storage if you like
Skiff Drive—Skiff Drive can be a secured repository for all file types. You can download or share them as you please. Skiff Drive’s end-to-end encrypted cloud storage solution is also a great way to securely send documents. All you have to do is paste the doc link to the email, and the authorized recipient can access the file effortlessly!
Skiff Calendar—The calendar works like any other but keeps your schedule and its components completely end-to-end encrypted

Set up your Skiff account and make document security a norm, not a privilege! You can also join the platform’s Discord server to keep up with the latest software rollouts.

Join the community

Become a part of our 1,000,000+ community and join the future of a private and decentralized internet.

Free plan • No card required