Security difference between webmail access and desktop email client?

security email email-client webmail
7,392

Solution 1

The security of the email would largely depends on the security of the physical server storage, and not so much on the client access mode (web or imap, etc). The connection mode does little for the overall security as most breaches take place on the server side (probably close to 99%), and not while email is in transit.

For any meaningful security you additionally need to use encryption for email storage. The best would be to have each message encrypted on the client side with its own set of keys, with private key never leaving sender's computer in plain form. There are several solutions that provide such strong security. I would look into pgp email solutions or http://cryptoheaven.com

However, a solution with connection layer security such as Pop3S / Imap SSL / SMTP TLS for the client connections does provide appearance of security for an average consumer, but offers not much real protection indeed.

Solution 2

Security of a local mail client is much more dependent on the physical security of the device than a webmail client is.

Local clients tend to have mail passwords saved, whereas it's possible, but less common for webmail clients. Not only does this saved password allow access to mail if you can access the users account, but you hope this password is stored securely.

You would also have mail files stored on the machine. There may be sensitive data embedded in the mail files. These would need to be secured for the user only. I forgot that I had loaded Thunderbird on my laptop, and when I reinstalled it 2 years later, it found my old mail.

Webmail apps have issue with saved files as well, though proper HTTP caching directives, and the ability to wipe out cache, or with private browsing, mitigates most of this.

Share:
7,392

Related videos on Youtube

question
Author by

question

Updated on September 18, 2022

Comments

  • question
    question almost 2 years

    Is there a difference in privacy and security between webmail access and desktop email clients? Is one inherently more secure than the other? Is it more secure to use an email service that does not offer webmail, but only access via IMAP, POP, SMTP in a desktop email client? Let us consider that both are using equal encryption techniques, ie TLS for the connection between server and client.

    • Psycogeek
      Psycogeek over 12 years
      Interesting question. I have always believed that to be true in the single situation of the e-mail being provided by the ISP itself. The path to aquiring the e-mail on my side is from the ISPs own server. Then they added the ability to aquire that over the web anyways. It still will have gone through many servers to get from the sender to my ISPs mail server. Next would be which one makes it easier to break into? which one would allow for 10,000 passwords to be tossed at it, and how quickly. (reguardless of software used to do that) Access to, hackability, and any password storage methods
  • Psycogeek
    Psycogeek over 12 years
    Good point, where is the data. When it comes to locally being screwed by a password seeking virus, they can be either, the keylogger style or the grab the info right off the computer itself. I wonder which is a more popular virus method, I assume getting it right off the computer is fastest. When it comes to Local Walk-up security , that doesnt exist. When it does, I will be locked out of changing my own computer ;-( so badly, that I wouldnt like it anyway.
  • Psycogeek
    Psycogeek over 12 years
    When it comes to where is my e-mail data, I always percieved that my Web e-mail is out there "on the web" instead of removed from A server and only now local on my computer. Which brings up the complications of backups and redundancy , and archiving at any one of the locations.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How come the machine name shows up in the email header?
How can I safely open a suspicious email?
Embed print link with in html email?
Responsive table renders perfectly in everything but default iOS 7 mail app
How to configure sender email credentials for ASP.NET Identity UserManager.SendEmailAsync?
Setting up Email Accounts EC2
I am unable to generate a gpg key through the keyring program
How to make my server email me when there are security updates?
Access Prompt keeps asking for GMail password
How to set a "Profile Picture" in Roundcube Webmail