Safe Alternative to Sharing Files Over Email: Why Attachments Are a Security Problem

Email is probably the most used file transfer method on the planet. It's also structurally one of the worst for anything beyond casual, low-stakes documents — and the problem has nothing to do with the 25MB attachment limit, though that limit is genuinely infuriating. The security and privacy problems with email attachment-based file transfer are architectural. They're built into how email works at the protocol level, and no encryption add-on or "secure email" provider completely resolves them.

What Email Actually Does to Your Files

When you attach a file and hit send, the file does not travel in a sealed envelope from your device to your recipient's inbox. Email is a relay system. Your message leaves your mail client, hits your outgoing mail server — run by Google, Microsoft, or your corporate IT team — gets routed through potentially several intermediate relay servers, arrives at your recipient's mail provider's incoming server, and sits there until their client fetches it.

Standard SMTP email is not end-to-end encrypted. TLS encryption between relay servers protects messages in transit between hops — most modern mail servers use TLS — but the message can be decrypted and read at each server it passes through. Your email provider can read your attachments. Your recipient's email provider can read them. Any intermediate relay server can read them if TLS is absent or compromised at that hop. This is not a theoretical capability. It is the design of the protocol, unchanged since email was invented.

The practical consequence: a file you send via email has been stored in readable form on at minimum three server systems — your outgoing mail server, your recipient's incoming mail server, and the copies in your Sent folder and their Inbox, which typically persist indefinitely or for years under corporate retention policies. That single "private" file transfer creates multiple permanent copies on infrastructure you don't own or control.

For Google Workspace accounts, Google's default email retention is indefinite unless an administrator configures otherwise. For Microsoft 365 accounts, retention policies can be set to years. Individual consumer Gmail accounts retain everything in Sent and Inbox until you delete it manually — and most people never delete email.

Business Email Compromise: The Attack That Targets Your File Workflow

Beyond the infrastructure exposure, email-based file transfer is the primary attack surface for Business Email Compromise (BEC). The FBI's Internet Crime Complaint Center reported $2.7 billion in US BEC losses in 2022 — making it the costliest category of cybercrime by dollar value, more than ransomware.

BEC attacks work by identifying predictable email-based file workflows and either intercepting them or impersonating them. An attacker who gains access to a business email account — through credential theft, phishing, or a mail server breach — can monitor outgoing attachments, intercept file transfers, and send convincing impersonation emails requesting slightly modified versions of sensitive documents.

The attack works because email-based file transfer creates a persistent, observable, searchable record of exactly which files were sent to which addresses and when. If your company consistently sends contracts via email attachments, that pattern is visible to anyone who gains access to your email — a compromised account, a disgruntled employee, a server breach. The workflow itself becomes the vulnerability.

P2P transfer via Zapfile creates no searchable email trail for the actual file. Your email shows "here is a link" and the file transfer happens outside the email system entirely. An attacker who compromises your email sees a URL that expires when your session closes — not the document contents, not a copy of the file, not a pattern showing which files you send to which recipients.

The Real Problem With Using Google Drive Links as an "Email Workaround"

Most people's response to the 25MB email limit is to create a Google Drive link instead. The file goes into Drive, a sharing link gets pasted into the email body, the recipient clicks the link and downloads. This solves the size problem and introduces a different set of problems that are arguably worse.

The file is now permanently stored in your Google Drive quota until you manually delete it. Most people don't delete files they've "shared." Your 15GB Google Drive quota — shared with Gmail and Google Photos — quietly fills up with years of "temporary" file shares. A Google Drive link set to "Anyone with the link can view" remains active indefinitely. Files shared in 2020 via Drive links are still accessible in 2025. Google's content scanning policies apply to everything stored in Drive, including files you shared "privately" with one specific person.

The Google Drive workaround trades one problem (size limit) for several others (permanent storage, permanent live links, content scanning, quota consumption). The correct response to "email can't handle this file" is a tool designed for file transfer, not a cloud storage workaround.

What to Use Instead, Matched to Your Actual Situation

When your recipient is available right now and the file is sensitive

Zapfile is the right tool. The file goes directly from your browser to theirs via WebRTC. Nothing touches a mail server. Nothing touches a cloud server. No copy in your Sent folder. No copy in their Inbox. The email you send contains only a URL; the file transfer happens entirely outside your email system. The Zapfile link expires when you close your browser tab, so there's nothing to revoke or clean up afterward.

Workflow: open zapfile.ai, drop the file, copy the link, paste it into your email. Email becomes the delivery notification; Zapfile handles the actual transfer. What your mail server records is a URL, not a document.

When the file needs to exist for days and the recipient isn't available now

Wormhole gives you 24-hour async delivery with genuine end-to-end encryption — files are encrypted in your browser before leaving your device, and Wormhole's servers hold only ciphertext. WeTransfer gives you 7-day delivery with simpler setup. Both auto-delete and require no account from the recipient. For most professional file deliveries — client work, contractor handoffs, document exchanges — one of these covers the async case cleanly.

When the file is legally sensitive or professionally privileged

For lawyers, the ABA Model Rules of Professional Conduct Rule 1.6, Comment 18 requires "reasonable efforts to prevent inadvertent or unauthorized disclosure" of client information. Email attachments stored indefinitely on mail servers at both ends are difficult to defend as "reasonable efforts" for genuinely privileged communications. For these situations, use tools with audit logging, E2E encryption, and compliance certifications: Tresorit (ISO 27001, SOC 2 Type II, HIPAA-ready) or Proton Drive (Swiss jurisdiction, E2E encrypted) for the file transfer layer.

When you need a documented delivery record

Email's strength is its built-in timestamp and audit trail. If you need to prove you sent a specific file to a specific person at a specific time — legal discovery, formal contract exchange, regulatory compliance — email's metadata record has genuine value. For these cases, sending a link to a purpose-built secure transfer service in an email body gives you the timestamped email record while keeping the actual file out of the mail infrastructure.

The Habit Worth Building Right Now

Use email as the notification channel. Use something else as the actual transfer channel.

Send an email saying: "Here is the contract we discussed — [Zapfile link]." Your email client records that you sent a communication with a URL at a specific time. The file transferred P2P and left nothing behind on any server. The Sent folder entry proves communication; it doesn't expose file contents or create a permanent accessible copy.

This is not a complicated workflow change. It's opening one additional browser tab. The result: no attachment size limits, no permanent server copies, no content scanning of your documents, no live links that are still active years later. Email stops being a liability for file transfer and starts being what it was designed for: communication.