Why do PDF passwords not provide maximum protection when sending PDFs via email?

• A. PDF passwords can easily be cracked by software brute force tools
• B. PDF passwords are not considered safe by Sarbanes-Oxley
• C. When sent through E-mail, PDF passwords are stripped from the document completely
• D. PDF passwords are converted to clear text when sent through E-mail

Answer: (C)

The key idea is that protecting a PDF with a password does not guarantee security when the file is sent by email. Email is not a guaranteed secure channel, and the protection on a PDF hinges on how the file is transmitted and handled along the delivery path. In many real-world email workflows, the password protection can be weakened or removed by intermediate systems, gateways, or clients, leaving the document exposed even though it was password-protected at rest. The password itself is not automatically carried securely through the email process, and some systems may strip or bypass the protective layer, making the protection ineffective by the time the recipient accesses the file. The other options either overstate the universal strength of PDF password encryption, reference standards not directly applicable here, or describe behavior that doesn’t accurately reflect how PDF password protection works in transit. Therefore, the idea that the password protection can be stripped from the document when sent via email captures why this method doesn’t provide maximum protection. To truly protect sensitive PDFs, use end-to-end encrypted transfer methods or separate out-of-band channels for sharing the password.