The "Postcard" Analogy

Security experts often compare email to a postcard. You write your message, put a stamp on it, and drop it in a mailbox. Along the way, anyone who handles that postcard—the postal worker, the sorting machine operator, the delivery person—can read it.

Email works similarly. It passes through multiple servers before reaching its destination. While many connections are encrypted (TLS), the email itself is often stored in plain text on intermediate servers.

The "Forever" Problem

The biggest issue with email isn't just transit; it's storage.

When you email a password to a client:

1. It's in your "Sent" folder.
2. It's in their "Inbox".
3. It's likely backed up to the cloud by both providers.
4. It might be synced to multiple devices (phone, laptop, tablet).

That single password now exists in half a dozen places, forever. If any one of those devices or accounts is compromised years from now, the attacker has the password.

Accidental Exposure

We've all done it: hit "Reply All" when we meant "Reply". If that email contained sensitive data, you've just leaked it to the entire distribution list.

The Solution: Decouple the Secret from the Medium

You can still use email for communication! Just don't put the secret in the email.

Instead, send a CipherSend link. "Here is the password for the new account: [Link]"

If you Reply All, or if your email is hacked later, the link will be dead. The secret is safe because it's no longer there.