A. Don't

B. Obtain consent to disclose from client. Print to pdf. Password protect. Send.

Send password protected to the client and tell them to do whatever they want to do with it. 

I agree - don't.

I disagree - do not send them an encrypted .pdf either.

For many years in the AICPA Liability Insurance seminars we have been told lenders have been suing tax preparers if the borrower defaults - and unbelievably they have been winning these cases.  For the same reason we don't prepare verification letters; the lender wants our signature so they can sue.  Yes, anybody can sue anybody for any good or bad reason. But I'd make it a firm policy that you will provide whatever documents that are needed to the client and then let the client submit to the lender.

I have lost individual clients because I will not do a verification letter for a refinance or similar.  I'm pissed at first but in the end I still know it's the proper thing to do.

I've lost them too.... Good riddance... 

I'm going to assume that part about lenders successfully suing tax preparers for providing client-authorized copies of tax returns is an urban legend.  What is heard in seminars, unless the course materials cite a specific case, is akin to what is heard in barber shops.  In fact, the AICPA does have a handout on the wrong way and the right way to do it:

https://www.aicpa.org/InterestAreas/FRC/DownloadableDocuments/Third_Party_Verification/QA_Third_Part...