You should never send your credentials. Granting access to someone who should have access is one thing, but not your credentials that individually identify you. Also, if it isn't coming through standard protocols and procedures you probably shouldn't do it.