You're emailing a contract to a counterparty. You hit send and the email goes through several mail servers, sits in their inbox forever, and is one forward away from going somewhere you didn't intend. Email isn't a secure channel by default — but you can make a specific document journey reasonably safe.
Encrypt the file before attaching
Run the PDF through Flint's password tool and apply a strong passphrase. Now the attachment is unreadable bytes until the recipient enters the password. If the email is forwarded, archived or intercepted, the file content stays private.
Send the password through a different channel — text, Signal, phone call. Same-channel passwords negate the entire exercise.
Don't put sensitive content in the email body
The body of the email isn't encrypted between most providers. Don't summarise the contract terms in the email body — keep that inside the encrypted PDF. The body should say 'see attached', not repeat the sensitive content.
Subject lines are even worse — they're indexed widely, sometimes appearing in mail-server logs and corporate archives. Generic subjects beat descriptive ones for sensitive material.
Use TLS-secured providers
Major email providers (Gmail, Outlook 365, FastMail, ProtonMail) use TLS in transit. Most email between major providers is encrypted server-to-server. This protects against passive interception on the network.
It doesn't protect against: a compromised inbox, a forward to the wrong recipient, an archived copy on a backup tape. For those threats, encryption on the file itself is your defence.
Send the link, not the file
For larger or more sensitive material, send a secure-share link rather than the attachment. The link can be expired, revoked, audited. The file itself never sits in anyone's email.
Providers include Tresorit, Egress, your enterprise file-share. For modest sensitivity, an encrypted PDF as attachment is the lighter-weight option. For high sensitivity, use both — encrypted file via expiring link.
FAQ
Is Gmail encrypted enough for sensitive documents?
TLS in transit, yes. But the message lives in the inbox indefinitely and is one forward from anywhere. Encrypt the attachment for defence in depth.
Does S/MIME help?
S/MIME encrypts email body content end-to-end. Useful if both sides are set up. Most consumer email doesn't use it; corporate setups sometimes do.
Should I avoid email entirely for sensitive PDFs?
For very sensitive material (legal, medical, financial), yes — use a portal or secure-share. Email + encryption is the middle ground.
What about end-to-end encrypted email like ProtonMail?
Helps if both sides use it. Otherwise the protection ends at the gateway. The attached PDF's own encryption is more reliable across mixed setups.
Email + encrypted PDF + separate password channel = a reasonable everyday workflow. Encrypt yours in Flint before sending.