Sharing files with an expiry date: why a link is often better than an attachment
Sending files as attachments works, but you lose control. Here's how to use a download link with an expiry date — without learning any new tools.
You know how it goes: a colleague leaves a meeting and says "can you send me that PDF later?". You email the file. A week later, that same colleague forwards it to a client. And that client forwards it to their accountant. Before you know it, your file is sitting on four laptops — and nobody knows whether it's still the latest version.
That's exactly the problem with sending files as attachments. It works, but you lose control. In this post we show how a simple download link with an expiry date saves you a lot of hassle (and risk), without needing an expensive tool.
Why an attachment is often not the best idea
Sending a file as an attachment feels easy, but in practice it creates four problems:
- You don't know who opens it. The email can be forwarded without you noticing.
- Large files don't get through. Above 20 MB, many mail servers reject the message.
- Multiple versions appear. Everyone saves the PDF locally and keeps working from that copy.
- The file lives on forever. Even three years from now, that quote will still be sitting in someone's inbox.
For a menu, that's fine. For a quote, contract, payslip, medical record or client file, it's not.
What is a download link with an expiry date?
Instead of sending the file itself, you place it in a secure location and send a link. You attach rules to that link:
- The link works for, say, 7 or 14 days, and then stops working.
- The recipient can view only — not share — or must log in first.
- You can see who opened the file and when.
- You can revoke the link at any time, even if it was sent by mistake.
That last point is the killer feature. Accidentally emailed the wrong attachment? It's gone. Sent the wrong link? Revoke it and the file is no longer accessible.
Which tools can you use?
You don't need a new system for this. Chances are you already have one:
Microsoft 365 (OneDrive / SharePoint)
In OneDrive, right-click a file and choose Share. Under the link settings, select:
- Specific people (by email address) or anyone with the link
- View or edit permissions
- Set an expiry date (e.g. 14 days)
- Optionally, a password
Google Workspace (Drive)
Right-click → Share. You can also set an expiry date per person here and see afterwards who opened the file.
Standalone tools
Not working within Microsoft or Google? Look at options like WeTransfer Pro, Tresorit Send, or SURFfilesender (for education/healthcare). All of them support expiry dates and download limits.
How to approach this practically
You don't need to overhaul everything at once. Start small:
- Pick one document type to start with. Quotes and contracts are a logical first choice.
- Agree on a standard timeframe — for example, 30 days for quotes and 14 days for internal documents.
- Always use "specific people" instead of "anyone with the link" for sensitive content.
- Add it to your email signature or quote template: "This link is valid until [date]. Let us know if you need a new one."
- Check monthly which links are still active and clean up anything that's no longer needed.
What do you tell the recipient?
Some clients find a link "suspicious" because they associate it with phishing. Fair enough — so teach them how to recognise a legitimate link. Two things help:
- Mention it in the email: "I'll be sending you the quote via OneDrive shortly — the link will come from onmicrosoft.com."
- Always use the same sender and the same platform. Consistency makes forgeries stand out.
If a recipient isn't sure whether a link is really from you, picking up the phone is always the right answer.
Two pitfalls to watch out for
1. Using "anyone with the link" for sensitive matters. It seems convenient, but the link can be forwarded. For confidential content, always choose specific recipients by email address.
2. Forgetting that old links still work. Without an expiry date, a link can remain usable for years. Set an expiry date by default, even if the file isn't particularly sensitive.
In short
Sending files as attachments is quick, but you lose control. A download link with an expiry date solves that: you can see who opened it, you can revoke it, and old files disappear automatically. In OneDrive or Google Drive, it's a single setting.
Want help setting up secure file-sharing agreements within your team, or a quick check on who in your environment actually has access to what? Take a look at our access check — in about an hour we'll go through who has which permissions and where things could be smarter.
Volledige gids: Security for SMBs without an IT department: what should you do this quarter?
Dit artikel is onderdeel van onze uitgebreide Security zonder IT-afdeling-gids. Lees de pillar voor het complete plaatje.
Lees de pillar →