We are frequently asked how to prevent “forwarding” or “saving” a PDF file attachment. Our view is that attempting to actually block a PDF file from moving around is doomed to fail, given that the format’s first name is “Portable” and the fact that no vendor can (or should) control user behavior in the multitude of available email clients. Furthermore, there are times when forcing users to enter a document-specific password, or to remember a login to a secure website, is impractical and not terribly secure either.
So instead of trying to stop the bits and bytes of a file from moving around, we recommend encrypting the file and controlling access such that only your intended recipient is authorized to open it. FileOpen RightsManager can be used in this way to send email attachments securely:
1. Select a PDF or group of PDF files and encrypt them by dropping them into a watched folder, or via one of our other methods in the Windows file system or inside Adobe Acrobat.
2. Optionally, an online version of the PDF will be created automatically and uploaded to your private FileOpen Viewer distribution portal.
3. Enter the email address of the recipient or import a list of email recipients (Users) using Outlook or a spreadsheet.
4. Organize your Users into Groups, if not all users should have the same permissions
5. Organize your Documents into Groups if not all Documents should have the same permissions (remember that Users and Documents may be in more than one Group).
6. Apply permissions policies to your Groups (expiration, printing restrictions, etc.)
7. If this is the first time you are sending a file to this user or users, send an email containing credentials to register one or more device, or a one-time “registrationPDF” which will register the device on which it is opened. These emails can be auto-generated from within Microsoft Outlook using the FileOpen add-in with a template that you can customize, and normally include instructions on how the user should prepare their system to open a FileOpen-encrypted PDF attachment and/or open the online version from your portal.
8. You are now free to send your secure PDFs to your users, which they will be able to open seamlessly with no additional passwords on the registered machines. You can also include the URL to the online version in the email, or that URL can be embedded into an unencrypted coverpage around the encrypted PDF (so that user without Adobe Acrobat/Reader or one of the other FileOpen-enabled PDF viewers will be able to click the link and see the same content in any browser).
9. The nefarious user who tries to save an unencrypted copy or forward the file to a friend will be foiled, as the recipient’s machine is not registered.
Here's a screenshot that shows the policy management interface in FileOpen RightsManager:
For more details on how FileOpen enables secure PDF email attachments, check out our whitepaper, “Using FileOpen to Prevent Pass-Along of Emailed Documents.”