How to Send Large Files Securely: A Practical Guide
"Send this 4 GB file to the client" sounds simple until you realize email refuses anything over 25 MB, free services impose expiry dates you don't notice until the link is dead, and IT security review is sitting in your inbox asking why. Here's the practical guide to large-file delivery — what works, what doesn't, and how to pick by file size, audience, and security posture.
There's no universal answer to "what's the best way to send a large file" — the right tool depends on the file size, who's receiving it, what's inside it, and whether you'll need a record of the transfer later. This post walks through the five main options for sending large files, the size thresholds where each one breaks down, and how to pick for your specific situation.
The five main options, ranked by file size
| Method | Practical size limit | Best for |
|---|---|---|
| Email attachment | ~25 MB (varies by provider) | Small files to known recipients |
| Free transfer services (WeTransfer, Smash, Send Anywhere) | 2–100 GB (free tier limits vary) | One-off transfers to external recipients |
| Cloud sharing (Dropbox, Google Drive, OneDrive) | Several TB | Ongoing collaboration with named users |
| SFTP | Unlimited (protocol-level) | Partner B2B, automation, regulated workflows |
| Managed file transfer (MFT) platform | Unlimited (platform-level) | Enterprise scale, audit, compliance |
The progression goes: easy and limited at the top, capable and operationally heavier at the bottom. Most teams use several of these for different use cases.
1. Email attachments — the lowest common denominator
Gmail caps attachments at 25 MB. Outlook / Microsoft 365 at 20–25 MB depending on the plan. Apple iCloud Mail at 20 MB. The exact limit varies, but the rough ceiling across major providers is 25 MB and falling rather than rising.
Even within that limit, email is the worst choice for anything sensitive:
- Cleartext at most relay hops. Email is encrypted in transit (TLS) between most modern providers, but a single legacy relay in the path can decrypt and re-encrypt — and many providers don't refuse the unencrypted fallback.
- No expiration or revocation. Once it's in the recipient's inbox, you can't recall it.
- No audit trail. "Did the client receive the file?" is a question email doesn't answer cleanly.
- Stored indefinitely at both ends, in inbox archives, in spam filters, in compliance retention systems.
Use email for: small reference attachments to known recipients where the content isn't sensitive. Don't use email for: anything that exceeds a comfortable margin under 20 MB, anything sensitive (PII, financials, signed contracts), anything where you'll need to revoke access later.
2. Free transfer services — for one-off external transfers
WeTransfer, Smash, Send Anywhere, TransferNow, Filemail — these are the consumer "drag a file here, send a link" services. The free tier limits vary (2 GB on WeTransfer, 50 GB on TransferNow, etc.) and paid tiers extend to 100+ GB.
Strengths:
- Zero friction for the recipient. They click a link, click download, no account needed.
- No setup on your side. Visit the site, upload, get a link, send the link.
- Adequate for one-off use. A creative agency sending a 5 GB render to a client, a journalist sending an audio file to a producer.
Limits:
- Expiration. Links typically expire in 7–14 days on the free tier. If the recipient delays, the file is gone.
- Public-internet upload destination. The file lives on the service's infrastructure for as long as the link is active. Their compliance posture is your compliance posture.
- No audit trail. You can see whether the link was clicked; you can't see who clicked it or get a signed receipt.
- Inconsistent feature set. Some services support password-protected links, some don't. Some support custom branding, some don't.
Use free transfer services for: truly ad-hoc external transfers where the file has limited sensitivity and the recipient is a one-off. Don't use them for: recurring partner exchange, regulated content, anything you'll need to prove was delivered.
3. Cloud sharing — for collaboration with named users
Dropbox, Google Drive, OneDrive, Box, SharePoint — share links, folder permissions, real-time collaboration. These are secure in transit and at rest, and they handle file sizes into the terabytes per account.
Strengths:
- Zero-friction for the recipient if they already have the same service. Drag and drop into a shared folder; everyone with permission sees it instantly.
- Real-time collaboration on document types the service understands (Office, Google Docs, etc.).
- Version history and recovery — accidental edits and deletions are recoverable.
- Pairs naturally with the rest of the SaaS ecosystem (Slack, Teams, M365, Google Workspace).
Limits:
- Governance is harder than it looks. Share-link sprawl, external-access policies, retention controls, audit-log consistency across products.
- Not designed for automated B2B partner exchange. No FTP/SFTP/AS2 endpoint, no batch-drop semantics.
- Vendor lock-in. Each platform has its own API; cross-cloud workflows are friction.
- Per-user cost at enterprise scale.
Use cloud sharing for: internal team collaboration, document review with named external participants, casual content distribution where partner-protocol semantics aren't required.
4. SFTP — for partner B2B and automation
SFTP is the protocol of choice when you need to move files programmatically between systems or between organizations on a schedule. It's encrypted by default, supports SSH key authentication, and is supported by every major file-transfer client and language library.
Strengths:
- Unlimited file size at the protocol level.
- Native automation support —
curl,paramiko,ssh2,lftp, every major scripting tool speaks SFTP. - Strong auth with SSH keys, not just passwords.
- Ubiquitous partner support — every enterprise B2B partner can speak SFTP.
Limits:
- Recipient needs an SFTP client and credentials. Higher friction than "click this link."
- Self-hosting an SFTP server is operational work. Patching, audit logging, key management, compliance scoping.
Use SFTP for: partner B2B file exchange, server-to-server replication, automated batch transfers, anywhere you need a file dropped at one server and picked up by another with strong authentication.
5. Managed file transfer platforms — the unified default
A managed file transfer (MFT) platform unifies several of the above behind a single operational surface. The good ones support SFTP, FTPS, FTP, WebDAV, AS2, and HTTPS share links on the same backend storage; add per-user authentication, audit logging, compliance posture, and automation hooks.
Strengths:
- Multiple delivery methods on one platform. Partner gets an SFTP endpoint; a client gets an HTTPS share link; internal team gets a browser file manager — same files, same audit trail.
- Audit logging on every transfer. Per-file, per-user, immutable. Drops into SOC 2 / HIPAA evidence collection.
- Event-driven automation. File arrival triggers downstream workflows.
- Compliance posture built in. SOC 2, HIPAA-BAA, GDPR-ready, PCI capable.
- Modern features. REST API, SDKs, MFA, SSO, IP allowlisting, scheduled transfers.
Limits:
- Higher per-user cost than free / consumer alternatives. Justifies itself at the scale where the operational alternative is hiring an engineer to maintain SFTP infrastructure.
Use an MFT platform for: any team running file-transfer workflows past the "two engineers swapping files" stage. The operational cost of self-hosting accumulates quickly past that scale.
How to pick: a decision shortcut
- File under 25 MB to a known person, low sensitivity? Email is fine.
- Big one-off file, external recipient, low sensitivity, deadline within two weeks? A free transfer service.
- Ongoing collaboration with named external users on documents? Cloud sharing.
- Recurring partner exchange or automated workflow? SFTP, ideally behind an MFT platform.
- Regulated industry, audit-required, multi-protocol partner mix? MFT platform, full stop.
The modern way
Files.com is the File Orchestration Platform we'd recommend for any team running file-sharing workflows in 2026. It handles every method on this list except email:
- HTTPS share links with passwords, expiry dates, and per-recipient permissions — the WeTransfer shape, with audit logging.
- SFTP, FTPS, FTP, WebDAV on standard ports for partner exchange.
- Browser-based file manager that exposes the same files as the protocols — the cloud-sharing shape.
- AS2 partner messaging for EDI workflows.
- REST API + SDKs in 8 languages for automation.
- Audit logging on every transfer, per-user, per-file, immutable.
- SOC 2 Type II and HIPAA-BAA out of the box. MFA, SSO, IP allowlisting.
Start a free Files.com trial — no credit card, provisioned in about 10 minutes.
For the narrow set of teams that must run file-transfer infrastructure inside their own datacenter, the free ExaVault on-premise appliance handles the same protocols from a self-hosted VM image.
FAQ
What's the maximum file size for email?
Roughly 25 MB across major providers (Gmail, Outlook, Apple Mail, iCloud), with some variation depending on the plan. Some enterprise email services allow larger attachments with sufficient infrastructure, but most external recipients are on consumer or standard business plans that enforce the 25 MB ceiling.
How do I send a file too big for email?
The progression: cloud sharing if you both have accounts on the same service (Dropbox, Google Drive, OneDrive), a free transfer service for one-off external recipients (WeTransfer, Smash), or a managed file transfer platform with HTTPS share links if you want audit logging and configurable expiry.
Is WeTransfer secure for business use?
WeTransfer encrypts files in transit and at rest, which is the baseline. For business use, the practical limits are: no audit trail (can't prove who downloaded), link expiration on the free tier (recipients have to act within 7 days), and no signed receipts (can't prove delivery). For internal-team use it's fine; for partner-facing or regulated workflows, a platform with audit logging is the better fit.
How do I send a 100 GB file?
For one-off transfers, a paid tier of a free-transfer service (TransferNow goes to 250 GB; Filemail to 5 GB free / 100 GB paid). For ongoing transfers, SFTP or an MFT platform. For internal team transfers, cloud sharing handles it natively. Most cellular and home internet uplinks make the upload itself the bottleneck — plan on hours, not minutes.
Is FTP a good way to send large files?
SFTP (the secure version) is excellent for large-file transfer to partners and automated systems. Plain FTP is fine for non-sensitive content but should be avoided for anything with credentials, PII, or regulated content. For ad-hoc transfers to non-technical recipients, an HTTPS share link is friendlier than asking them to install an FTP client.
What's the best way for businesses to share large files?
There's no single answer — it depends on the recipient and the workflow. For partner B2B exchange, SFTP. For ad-hoc external transfers with audit trail, an MFT platform's HTTPS share links. For ongoing internal team collaboration, cloud sharing. For one-off transfers to consumers, a free transfer service. A managed file transfer platform like Files.com handles most of these from a single endpoint with consistent audit logging.