Client or provider

EQ Admin

EQ Forum Admin
Staff member
A user needs "something" to access their email. That could be a combination of webmail, email client, app, and/or a custom mechanism. If that's not secure. game over.

Also, what's your definition of secure? Which features do you care about? Email encryption? Privacy and not being tracked?

I believe there isn't an answer to this question. It's not provider vs. client, but the implementation end to end.
 

compleo

Valued Member
Also, what's your definition of secure?

Not really concerned if e mail is read,more interested in metadata & tracking.

The reason i asked which is more secure,i get the impression that e mail client is not secure by itself which is why it needs a plug in to aid in security.

If one uses "https everywhere" will a non encrypted e mail provider/client be secure.

HTTPS EVERYWHERE
 
Last edited:

EQ Admin

EQ Forum Admin
Staff member
This gets into my comment about all of the connections end to end. HTTPS encrypts the traffic between your web browser and the web server you're communicating with to prevent a 3rd party in the middle from viewing your data. It's not 100% guaranteed. Sometimes there are vulnerabilities that break HTTPS. Sometimes you're on a hostile network (even a corporate network at work!) that intercepts and inspects the data within your HTTPS connections. This would make for a nice info graphic showing all of the pieces involved with an email between client and sender. I have the start of one here (How to encrypt and send secure email) from a few years ago that could go into more detail.

An email client can be "secure" if it's reading email over IMAP+SSL or POP3+SSL. It also matters if you care about the copy of email being created on your device getting stored encrypted or not. Some of the newer encrypted email providers have apps that should be more secure than the standard email client such as Microsoft Outlook.

If one uses "https everywhere" will an non encrypted e mail provider/client be secure.

It depends which part of the communication that you're trying to secure. Most web based email these days is already full session HTTPS. HTTPS everywhere does nothing to help with the email stored on the providers servers, your device(s), the senders device(s), the senders providers, or the connections between all of the above not already mentioned.
 

EQ Admin

EQ Forum Admin
Staff member
It's not fair to say "webmail" or "email client" is more secure. It's going to depend on the email service provider and the security around how you interact with them.

For example, it's possible for there to be a webmail such as SCRYPTmail that is more secure than your ISP email accessed with a standard email client.
 
Top