You email a contract. The transmission feels private — sender to recipient, ten seconds. The reality: that email touches a handful of servers, gets indexed, archived, scanned and stored in multiple places, and lives forever in two inboxes. Email is the least secure channel most people use daily.
What happens to your email
An outbound email is queued by your client, sent to your provider's outbound server, transmitted (usually over TLS) to the recipient's provider, scanned for malware and content compliance, indexed for search, stored in the inbox, often replicated across the recipient's devices, archived in their organisation's email retention system, and possibly forwarded.
At each hop, the content is at rest somewhere outside your control. TLS protects transit; nothing protects rest.
The forward problem
The biggest practical risk isn't interception — it's forwarding. An email you send to one person can be forwarded to ten, indexed in their archive, shared in a meeting, screenshotted, or simply auto-forwarded by an inbox rule you didn't know existed.
Encryption on the attachment is what survives forwarding. The forwarded email might reach someone you didn't expect; without the password, the attachment is unreadable bytes.
Archiving lives forever
Most enterprise email systems retain email for 7+ years for compliance. Personal email providers retain indefinitely unless you delete. A sensitive PDF you emailed in 2018 may still be sitting in an inbox or archive somewhere in 2026.
For anything that has a long sensitivity tail (contracts, financial records, medical), assume the file will outlive your control of it. Encrypt accordingly.
What to do instead
Lightweight defence: encrypt the attachment with Flint, send password through different channel.
Medium defence: use a secure-share link with expiry rather than attachment.
Heavy defence: enterprise file-share with audit log, no attachments at all.
Match the defence to the sensitivity of the content.
FAQ
Is Gmail-to-Gmail secure?
TLS in transit between Gmail servers, yes. But once delivered, both inboxes are searchable, archivable and forwardable indefinitely.
What about end-to-end encrypted email?
ProtonMail-to-ProtonMail and PGP-encrypted email are end-to-end encrypted. Useful in closed systems; rarely practical across mixed providers.
Does email scanning by providers see my attachments?
Yes for malware and policy enforcement. Most consumer providers don't read content for advertising, but the technical access exists.
Should I just stop emailing PDFs?
For very sensitive material, yes — use a portal. For routine documents, encryption on the attachment is a reasonable middle ground.
Email isn't private. Don't pretend it is. Encrypt sensitive attachments and route the password elsewhere.