Fax has a reputation for being secure—but that reputation was built on analog-era assumptions. Here is the complete, honest answer: where fax still holds up, where it fails, and how modern cloud fax changes the security equation.
Frequently Asked Questions
Is fax more secure than email?
Modern cloud fax is more secure than standard email for sensitive documents. Email passes through multiple relay servers without mandatory encryption and stores copies indefinitely. A properly configured online fax service uses TLS 1.3 in transit, AES-256 at rest, and creates a direct verified delivery path with no persistent intermediate copies.
Can a fax be intercepted?
Traditional analog fax can theoretically be intercepted by physically tapping a phone line. Online fax encrypted with TLS 1.3 cannot be intercepted in transit without the encryption key. The more common real-world risk is misdirected fax—one wrong digit sends sensitive documents to the wrong recipient entirely.
Is faxing HIPAA compliant?
Faxing can be HIPAA compliant, but it is not automatically so. Online fax services that sign a Business Associate Agreement (BAA) and use end-to-end encryption meet HIPAA technical safeguard requirements. Traditional fax machines without physical access controls and audit trails typically do not.
Are online fax services secure?
Yes, reputable online fax services are secure. They use AES-256 encryption for stored documents, TLS 1.3 for data in transit, SOC 2 certified infrastructure, and full audit trails. This makes them more secure than both traditional fax machines and standard email for sensitive document transmission.
What is Faxploit?
Faxploit is a vulnerability discovered by Check Point Research in 2018 that lets attackers inject malware into a corporate network by sending a specially crafted image file via fax. The exploit requires only the target's fax number and affects all-in-one printer-fax machines connected to networks. It was demonstrated live at DEF CON 26.