diff --git a/app/notify_client/sender.py b/app/notify_client/sender.py
deleted file mode 100644
index 3ae7951bf..000000000
--- a/app/notify_client/sender.py
+++ /dev/null
@@ -1,27 +0,0 @@
-from random import randint
-from flask import url_for, current_app
-from itsdangerous import URLSafeTimedSerializer, SignatureExpired
-from app import notifications_api_client
-
-
-def send_change_password_email(email):
-    link_to_change_password = url_for('.new_password', token=generate_token(email), _external=True)
-    notifications_api_client.send_email(email_address=email,
-                                        from_address='notify@digital.cabinet-office.gov.uk',
-                                        message=link_to_change_password,
-                                        subject='Reset password for GOV.UK Notify')
-
-
-def generate_token(email):
-    ser = URLSafeTimedSerializer(current_app.config['SECRET_KEY'])
-    return ser.dumps(email, current_app.config.get('DANGEROUS_SALT'))
-
-
-def check_token(token):
-    ser = URLSafeTimedSerializer(current_app.config['SECRET_KEY'])
-    try:
-        email = ser.loads(token, max_age=current_app.config['TOKEN_MAX_AGE_SECONDS'],
-                          salt=current_app.config.get('DANGEROUS_SALT'))
-        return email
-    except SignatureExpired as e:
-        current_app.logger.info('token expired %s' % e)
diff --git a/tests/app/main/notify_client/test_sender.py b/tests/app/main/notify_client/test_sender.py
deleted file mode 100644
index aef8d1f0c..000000000
--- a/tests/app/main/notify_client/test_sender.py
+++ /dev/null
@@ -1,29 +0,0 @@
-from itsdangerous import BadSignature
-from pytest import fail
-
-from app.notify_client.sender import generate_token, check_token
-
-
-def test_should_return_email_from_signed_token(app_):
-    email = 'email@something.com'
-    token = generate_token(email)
-    assert email == check_token(token)
-
-
-def test_should_throw_exception_when_token_is_tampered_with(app_):
-    email = 'email@something.com'
-    token = generate_token(email)
-    try:
-        check_token(token + 'qerqwer')
-        fail()
-    except BadSignature:
-        pass
-
-
-def test_return_none_when_token_is_expired(app_):
-    with app_.test_request_context():
-        app_.config['TOKEN_MAX_AGE_SECONDS'] = -1000
-        email = 'email@something.com'
-        token = generate_token(email)
-        assert check_token(token) is None
-        app_.config['TOKEN_MAX_AGE_SECONDS'] = 120000