diff --git a/src/Api/Tools/Controllers/SendsController.cs b/src/Api/Tools/Controllers/SendsController.cs
index f9f71d076d..61002a0168 100644
--- a/src/Api/Tools/Controllers/SendsController.cs
+++ b/src/Api/Tools/Controllers/SendsController.cs
@@ -239,12 +239,6 @@ public class SendsController : Controller
         {
             throw new BadRequestException("Could not locate send");
         }
-        if (send.MaxAccessCount.GetValueOrDefault(int.MaxValue) <= send.AccessCount ||
-            send.ExpirationDate.GetValueOrDefault(DateTime.MaxValue) < DateTime.UtcNow || send.Disabled ||
-            send.DeletionDate < DateTime.UtcNow)
-        {
-            throw new NotFoundException();
-        }
 
         var sendResponse = new SendAccessResponseModel(send);
         if (send.UserId.HasValue && !send.HideEmail.GetValueOrDefault())
@@ -272,12 +266,6 @@ public class SendsController : Controller
         {
             throw new BadRequestException("Could not locate send");
         }
-        if (send.MaxAccessCount.GetValueOrDefault(int.MaxValue) <= send.AccessCount ||
-            send.ExpirationDate.GetValueOrDefault(DateTime.MaxValue) < DateTime.UtcNow || send.Disabled ||
-            send.DeletionDate < DateTime.UtcNow)
-        {
-            throw new NotFoundException();
-        }
 
         var url = await _sendFileStorageService.GetSendFileDownloadUrlAsync(send, fileId);
 
diff --git a/src/Api/Tools/Models/Response/SendResponseModel.cs b/src/Api/Tools/Models/Response/SendResponseModel.cs
index 295814353c..f7f6b683d6 100644
--- a/src/Api/Tools/Models/Response/SendResponseModel.cs
+++ b/src/Api/Tools/Models/Response/SendResponseModel.cs
@@ -47,7 +47,6 @@ public class SendResponseModel : ResponseModel
         DeletionDate = send.DeletionDate;
         Password = send.Password;
         Emails = send.Emails;
-        EmailHashes = send.EmailHashes;
         Disabled = send.Disabled;
         HideEmail = send.HideEmail.GetValueOrDefault();
 
@@ -155,12 +154,6 @@ public class SendResponseModel : ResponseModel
     /// </summary>
     public string Emails { get; set; }
 
-    /// <summary>
-    /// Comma-separated list of email **hashes**  that may access the send using OTP
-    /// authentication. Mutually exclusive with <see cref="Password"/>.
-    /// </summary>
-    public string EmailHashes { get; set; }
-
     /// <summary>
     /// When <see langword="true"/>, send access is disabled.
     /// </summary>
diff --git a/src/Core/Tools/Models/Data/SendAuthenticationTypes.cs b/src/Core/Tools/Models/Data/SendAuthenticationTypes.cs
index 9ce477ed0c..c90dba43a8 100644
--- a/src/Core/Tools/Models/Data/SendAuthenticationTypes.cs
+++ b/src/Core/Tools/Models/Data/SendAuthenticationTypes.cs
@@ -45,6 +45,6 @@ public record ResourcePassword(string Hash) : SendAuthenticationMethod;
 /// Create a send claim by requesting a one time password (OTP) confirmation code.
 /// </summary>
 /// <param name="Emails">
-/// The list of email addresses permitted access to the send.
+/// The list of email address **hashes**  permitted access to the send.
 /// </param>
 public record EmailOtp(string[] Emails) : SendAuthenticationMethod;
diff --git a/src/Core/Tools/SendFeatures/Queries/SendAuthenticationQuery.cs b/src/Core/Tools/SendFeatures/Queries/SendAuthenticationQuery.cs
index 97c2e64dc5..a82c27d0c3 100644
--- a/src/Core/Tools/SendFeatures/Queries/SendAuthenticationQuery.cs
+++ b/src/Core/Tools/SendFeatures/Queries/SendAuthenticationQuery.cs
@@ -37,8 +37,11 @@ public class SendAuthenticationQuery : ISendAuthenticationQuery
         SendAuthenticationMethod method = send switch
         {
             null => NEVER_AUTHENTICATE,
-            var s when s.AccessCount >= s.MaxAccessCount => NEVER_AUTHENTICATE,
-            var s when s.AuthType == AuthType.Email && s.Emails is not null => emailOtp(s.Emails),
+            var s when s.Disabled => NEVER_AUTHENTICATE,
+            var s when s.AccessCount >= s.MaxAccessCount.GetValueOrDefault(int.MaxValue) => NEVER_AUTHENTICATE,
+            var s when s.ExpirationDate.GetValueOrDefault(DateTime.MaxValue) < DateTime.UtcNow => NEVER_AUTHENTICATE,
+            var s when s.DeletionDate <= DateTime.UtcNow => NEVER_AUTHENTICATE,
+            var s when s.AuthType == AuthType.Email && s.EmailHashes is not null => EmailOtp(s.EmailHashes),
             var s when s.AuthType == AuthType.Password && s.Password is not null => new ResourcePassword(s.Password),
             _ => NOT_AUTHENTICATED
         };
@@ -46,9 +49,13 @@ public class SendAuthenticationQuery : ISendAuthenticationQuery
         return method;
     }
 
-    private EmailOtp emailOtp(string emails)
+    private static EmailOtp EmailOtp(string? emailHashes)
     {
-        var list = emails.Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
+        if (string.IsNullOrWhiteSpace(emailHashes))
+        {
+            return new EmailOtp([]);
+        }
+        var list = emailHashes.Split(',', StringSplitOptions.RemoveEmptyEntries | StringSplitOptions.TrimEntries);
         return new EmailOtp(list);
     }
 }