How do I send a PDF securely by email?+
The main steps: (1) Review the document for content that shouldn't be there — metadata, annotations, visual 'redactions' that didn't actually remove content, embedded attachments. (2) Redact any sensitive content properly using a tool that removes the underlying data, not just adds a visual overlay. (3) Password-protect the document with a strong password using 256-bit AES encryption. (4) Send the document by email and the password through a different channel (text, phone call, or separate message). For documents with high sensitivity or regulatory requirements, consider a dedicated secure file transfer service rather than standard email.
Does a PDF password actually prevent someone from reading the document?+
A document open password prevents someone from opening the file without the correct password — so yes, it prevents reading by anyone who doesn't have the password. The encryption (256-bit AES) is strong enough that brute-forcing a reasonably complex password is not practical. What a password doesn't prevent: the authorized recipient sharing the document, forwarding it, or taking screenshots after opening it. A PDF password controls access to the file, not what happens to the content after access is granted.
What's the difference between redaction and drawing a black box over text?+
Drawing a black box over text using annotation tools adds a visual layer over the content but doesn't remove the underlying text from the PDF's data structure. The text remains in the file, fully selectable and extractable by anyone who clicks on it or runs the PDF through a text extraction tool. Proper redaction removes the underlying content from the file — after redaction, there is no text to select or extract at that location. Always use a dedicated redaction tool, not annotation overlays, when you need to remove content from a document before sharing.
Should I send the password in the same email as the document?+
No. If you include the password in the same email as the password-protected attachment, anyone who intercepts the email has both the locked document and the key to open it — the password protection provides no security. Send the document by email and the password through a different channel: a text message, a phone call, a secure messaging app, or a password manager sharing link. The two-channel approach means intercepting the email doesn't provide access to the document.
Does PDF metadata reveal sensitive information?+
It can. PDF metadata includes fields for author name, organization, creation application, creation date, modification date, and sometimes revision history. In most PDF files, these fields reflect the real values: the name of the person who created the file, their organization, and the software they used. If you're sharing a document externally and don't want to disclose who created it or when, strip the metadata before sending. Some PDF tools include a metadata-stripping option; the relevant fields are under File → Properties in most PDF readers.
Can I restrict what a recipient does with a PDF I share?+
PDF permissions restrictions (set with an owner or permissions password) can limit printing, text copying, editing, and annotation in standard PDF readers that honor these settings. These are not cryptographic barriers — specialized tools can remove permissions from most PDFs — so they reduce casual misuse rather than preventing determined extraction. For documents requiring tighter controls, dedicated document rights management (DRM) solutions exist, though they add significant friction for recipients and require the recipient's system to support the DRM. For most practical purposes, a password-protected PDF plus clear expectations about handling is sufficient.