How to Send Large Files Without Risk: Size Limits, Security, and the Right Tool for Each Scenario
A "large file" means different things depending on what you're used to. For someone accustomed to emailing Word documents, a 50MB Illustrator file feels enormous. For a video editor, anything under 10GB is small. The tools that work at each size tier are different, and so are the security considerations. This guide covers the full spectrum — from files that just barely break email limits to multi-gigabyte production files — with the actual risks at each level and how to address them.
Why Large Files Create Specific Security Problems
Large files don't just stress infrastructure — they create distinct security problems that smaller files don't have:
Longer exposure windows: A large file upload takes longer, meaning the file sits on a server mid-transfer for longer periods. A 10GB file uploading over a standard home connection takes over 20 minutes. During that window, the partial file exists on the server in an uncertain state.
Pressure to use bad tools: When standard tools fail (email bouncing, Slack refusing to accept the file), people reach for whatever works — personal Dropbox, Google Drive, random file hosting sites with no clear privacy policies. The urgency of needing to send something large now overrides careful tool selection. This is exactly when poor security decisions get made.
Permanent cloud storage by default: Large file transfers almost always go through cloud storage because that's the only thing that handles them. Cloud storage defaults to permanent retention unless someone explicitly deletes the file. Large important files — the ones most worth protecting — end up stored permanently on third-party servers because that was the only tool that worked.
Compression damage for media: When platforms do accept large media files, they often re-encode them. A 4K video that took days to edit arrives at the recipient looking like a 720p compressed copy. The recipient can't even tell whether the quality loss is intentional or accidental.
The Size Tiers and What Works at Each Level
10MB – 100MB: The Email Dead Zone
Most corporate email systems have attachment limits between 10MB and 25MB. Consumer Gmail accepts attachments up to 25MB but automatically converts larger attachments to Google Drive links. Outlook and Office 365 typically cap at 20-25MB depending on organizational settings.
Files in this range break email but aren't large enough to make people think carefully about alternatives. This is where most improvised, insecure sharing happens.
Best option: Zapfile for immediate delivery — no size limit, no account needed, browser-to-browser. No permanent cloud copy created. Takes seconds to set up and works on any device the recipient has.
Acceptable option: Google Drive or Dropbox link with specific-person access (not "anyone with the link") and a manual note to clean it up after receipt.
Avoid: WhatsApp or Telegram for anything you care about — compression at this size tier is aggressive and quality loss is significant for images and video.
100MB – 2GB: The Standard Transfer Zone
Most file transfer tools handle this range comfortably. The choice comes down to how sensitive the file is, whether the recipient needs it immediately or can wait, and whether you want the file retained on a server afterwards.
For immediate, sensitive transfers: Zapfile. Direct transfer, no server copy, link expires automatically. Works for files up to and beyond 2GB — no hard limit.
For async delivery with auto-cleanup: WeTransfer free tier (up to 2GB, auto-deletes after 7 days). No account needed from sender or recipient. The 7-day window is enough for virtually any professional file delivery scenario.
For sensitive async delivery: Proton Drive shared link with expiry date set. E2E encrypted, you control the expiry. Better privacy than WeTransfer but requires a Proton account.
2GB – 20GB: Video and Production Files
This is where WeTransfer's free tier falls short and most consumer tools start to struggle. Files in this range are typically video footage, design asset packages, RAW photo collections, or large software distributions.
For immediate transfer: Zapfile still works here — there's no hard size limit, though very large files require both parties to maintain the connection for the duration. A 10GB file over a typical home connection takes 15-20 minutes. Keep the browser tab open.
For async delivery: Smash (no size limit, free tier has slower speeds), WeTransfer Pro (paid, up to 200GB), or Google Drive with specific-person access and a reminder to revoke after receipt.
Security note at this size: Files this large are almost always going through cloud storage because P2P requires sustained connection time. When using cloud storage for large sensitive files, always use specific-person access controls rather than open links, and delete the file after confirmed receipt.
20GB+: Production and Archive Transfers
At this scale, consumer tools generally aren't the answer. Professional transfer infrastructure exists for this range.
Aspera (IBM): The industry standard for large file transfer in media and entertainment. Uses the FASP protocol, which is specifically designed to maximize bandwidth utilisation for large transfers over high-latency connections. Extremely fast for large files. Used by broadcasters, studios, and post-production companies. Not free.
Signiant Media Shuttle: Similar to Aspera but with a focus on ease of use. Also common in broadcast and post-production. Paid.
Rsync over SSH: For technically capable users, rsync over an SSH connection is free, very efficient (only transfers changed parts of files on subsequent transfers), and fully encrypted. Requires SSH access on a remote server.
Physical transfer (sneakernet): For the very largest files — raw unedited camera footage from a multi-day shoot, full backup archives, large dataset transfers — physical media is still faster than any network option. Shipping a 4TB drive overnight is faster than transferring 4TB over any consumer internet connection. FedEx has more bandwidth than the internet, as the saying goes.
The Risk That Applies at Every Size: Permanent Cloud Links
Regardless of file size, the most common security mistake in large file transfer is creating a permanent cloud link and forgetting about it. That important project file you shared with a client three years ago? Probably still accessible if you used Google Drive with a permanent link.
Build this habit: after any large file delivery is confirmed, revoke the sharing link or delete the file from the cloud service. Takes thirty seconds. Closes the exposure window permanently. Most people never do it, which is why cloud accounts accumulate years of forgotten, permanently-accessible file shares.
Or use a tool like Zapfile where the link expires automatically — removing the cleanup step entirely for immediate transfers. The session ends, the link dies, there's nothing to revoke because nothing was ever stored.
Quick Reference
| File Size | Immediate (both online) | Async (recipient downloads later) |
|---|---|---|
| Under 100MB | Zapfile | Email (if under limit) or WeTransfer |
| 100MB – 2GB | Zapfile | WeTransfer (free, auto-expires) |
| 2GB – 20GB | Zapfile (sustained connection needed) | Smash or WeTransfer Pro |
| 20GB+ | Rsync/SSH or Aspera for speed | Aspera, Signiant, or physical media |
The right answer changes with size, urgency, and how sensitive the file is. The wrong answer is whatever requires the least thought in the moment — which is usually how a lot of sensitive files end up sitting permanently accessible on someone's personal Google Drive.
Tags