Email with an attached file vs. email with a link to a file
We have a software that sends out invoices by email. As the invoices contain the names of the clients and their addresses we consider the invoice to be sensitive to some degree.
Rather than sending out the actual file we provide the clients with a link so they can download the invoice from a website. The filename is made up of a GUID so that is reasonably hard to simply guess a valid/actual url/filename.
The idea behind this approach is that
- we cannot expect our clients to be able to use encrypted emails therefor regular unencrypted emails have to be used
- the attached file is way easier to manipulate or replace in an unencrypted email than it is on the webserver
- obviously the link could also be manipulated however we think this would be easier to notice
- the GUID-filename provides some degree of security against simply guessing a valid filename (an additional password is considered to be too complicated by some of our clients)
- we reduce the size of the email and therefore the size of the mailboxes of our clients
Therefor we think it is a safer and better approach to email the link rather than the actual file.
We have some clients that consider this approach to be worse than attaching the file to the email. Besides convenience they reason that the files are now on the public internet and can be accessed by anyone. Which is technically true, however you would have to have the correct GUID to download such a file and we consider the chance of guessing a valid GUID to be rather slim.
Is there anything fundamentally wrong with our reasoning? Would attaching the file directly to the email in fact be safer?