Technology in terms you understand. Sign up for the Confident Computing newsletter for weekly solutions to make your life easier. Click here and get The Ask Leo! Guide to Staying Safe on the Internet — FREE Edition as my thank you for subscribing!

Is web-based email more secure than using a PC email program?


Is there any increased security to be had via receiving opening and saving
all email on the web-based email reader provided by almost all email

In this excerpt from
Answercast #80
, I look at some of the security implications of web-based
email over local access. Most important is to back up!


Is web-based email more secure?

Not really. The email, whether you use web-based or not, is sitting on your email provider’s server any way.

When you use a POP3 email client on your desktop, you move the mail to your desktop PC. If you’re using IMAP, you just create a copy of the email on your desktop PC.

All of the communication paths are very similar when you’re using web-based email. Most of the sites provide an HTTPS secure encrypted connection, so nobody can snoop on your email being read, but most of the POP 3 and/or IMAP providers also provide a similar SSL type of connection that provides the same level of functionality.

Secure from viruses

We also think of things like malware and so forth. But malware usually arrives in the form of an attachment and it’s up to you whether you open that attachment.

Well, opening it is going to be opening it regardless of where you happen to get it from. If you grab the attachment from email on the web and download it and open it, or get it in your email program on your desktop and open it, it’s the same thing.

Choose what works

So ultimately, I really don’t see a huge security advantage to one approach over the other.

I definitely would choose one over the other based on convenience and what works the best for you – and what allows you to insure that your email is properly backed up.

That more than anything is perhaps one of the downsides of web-based email. People assume that it will always be there and we have seen time and time again that accounts can get hacked. Emails can disappear and so forth.

With that in mind, I strongly recommend that you find some way of backing up your email if you’re only going to read it on a web-based interface.

(Transcript lightly edited for readability.)

End of Answercast 80 Back to – Audio Segment

Do this

Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.

I'll see you there!

3 comments on “Is web-based email more secure than using a PC email program?”

  1. I agree that backing up an online account is a good idea and, luckily, there are useful tools for this. I use Gmail and my favorite is Gmvault ( Another approach is to create a backup account, then configure your main account to forward a copy of every received email to it so you always have a fully operational backup account in case your primary is compromised or you get blocked from it by the provider.

  2. I understand Leo’s reservations, but I have become a huge fan of web-based Email for the following reasons:

    1. Ease of access

    2. Great spam blocking (I have 3 web-based E-mail accounts and zero spam mail in any of my inboxes)

    3. Virtually unlimited storage and the ability to send and receive large files

    As for the back-up issue, I feel it is basically solved by having a smartphone. I have an IPhone, to which all of my E-mails are automatically transferred. I have accidentally deleted E-mails on my computer and recovered them on my IPhone.

    To be honest, I almost can’t see why anyone would still want to have a provider-based E-mail account. I have one and I don’t even know what the address is as I have never used it!


Leave a reply:

Before commenting please:

  • Read the article.
  • Comment on the article.
  • No personal information.
  • No spam.

Comments violating those rules will be removed. Comments that don't add value will be removed, including off-topic or content-free comments, or comments that look even a little bit like spam. All comments containing links and certain keywords will be moderated before publication.

I want comments to be valuable for everyone, including those who come later and take the time to read.