How to Encrypt a File Before Sending It by Email (Free, 2026)

You need to email a tax return, a contract, medical records, or financial statements. You attach the file, hit send, and it travels across the internet in plain text. Your email provider can read it. The recipient's email provider can read it. Any server in between can read it. And if either email account is ever breached, the attachment is exposed.

The fix takes 30 seconds: encrypt the file before attaching it.

The Process (3 Minutes Total)

Step 1: Encrypt the file

1. Open the File Password Protector.
2. Drop your file in (PDF, XLSX, DOCX, JPG, any format).
3. Enter a strong password.
4. Click "Encrypt & Download." You get a .enc file.

Step 2: Email the encrypted file

1. Compose your email as normal.
2. Attach the .enc file instead of the original.
3. In the email body, you can note: "File is encrypted. I'll send the password separately."
4. Send.

Step 3: Share the password separately

1. Send the password via text message, phone call, Signal, WhatsApp, or tell the person face-to-face.
2. Do NOT put the password in the same email. The whole point is that someone intercepting the email can't also get the password.

Step 4: Recipient decrypts

1. Recipient opens the same tool in their browser.
2. Switches to "Decrypt File" tab.
3. Drops the .enc file in, enters the password.
4. Downloads the original file. Done.

Why Email Is Not Secure Enough for Sensitive Files

People assume email is private. It's not. Here's the actual path your email attachment takes:

1. Your device → your email provider's server (usually encrypted in transit via TLS)
2. Your email provider's server → recipient's email provider's server (may or may not be encrypted in transit)
3. Recipient's email provider's server → recipient's device (usually encrypted in transit)

At every stop, the email provider can read the contents. The attachment sits on their servers in readable form. Email providers do encrypt data at rest, but they hold the keys. A data breach, a rogue employee, or a legal subpoena can expose everything.

When you encrypt the file before attaching: even if every server is compromised, the .enc file is just encrypted noise without the password. The email infrastructure never sees your actual file contents.

What About Gmail Confidential Mode?

Gmail's Confidential Mode adds expiration dates and prevents forwarding/copying. But it does not encrypt the attachment with your own key. Google still has access. The recipient still opens it through Google's interface. It's access control, not encryption.

For actual file-level security where only the person with your password can read the file, you need to encrypt it yourself before sending.

What About Outlook Encryption?

Microsoft 365 business accounts offer message encryption. Free Outlook.com accounts do not. Even the business version encrypts the email in transit and in Microsoft's system — Microsoft holds the keys. It doesn't give you a portable encrypted file that works outside the Microsoft platform.

Large Files: Email + Cloud Storage

Most email providers cap attachments at 25MB. For larger files:

1. Encrypt the file (creates a .enc file roughly the same size).
2. Upload the .enc file to Google Drive, Dropbox, OneDrive, or any cloud storage.
3. Share the link via email.
4. Share the password through a separate channel.

The cloud storage provider cannot read the file because it's encrypted. The email recipient gets the link to download the .enc file and uses the password to decrypt it.

Who Should Encrypt Before Emailing

• Accountants and tax preparers: Tax returns, W-2s, SSN-containing documents
• Lawyers: Contracts, case files, client communications
• Healthcare professionals: Patient records, lab results, HIPAA-covered documents
• Freelancers: Client financial data, project files with proprietary information
• HR departments: Employment records, salary data, background checks
• Anyone sending ID documents: Passport scans, driver's license copies, SSN cards

If you are regularly sharing sensitive files, make this a habit. Encrypt before attaching. Share password separately. It adds 30 seconds and eliminates the risk of email-based data exposure.