You Should Probably Self-Host Your E-mail and Never Use a Web Browser for Mail
"Microsoft warns of Outlook Classic bug that can crank CPU use up to 50% when typing," this new report says. Here we go again. Microsoft still cannot handle E-mail right. It's 2025! If it couldn't get it right in about 40 years, then folks should just stop waiting. Go elsewhere. Microsoft became notorious for losing people's E-mail, either at the server level (e.g. Microsoft Exchange) or the client level. Or both. Even buying Hotmail didn't solve anything; it made things worse after moving away from BSD.
Enjoy the anxiety over lost mail (both incoming and outgoing).
One might suggest that the solution is to use a real IMAPS/SMTPS setup or self-host. I can speak about this based on personal experience. I have about 20 E-mail accounts at my domain (surname.com) and my wife has 2. She has used these exclusively since 2012, i.e. for 13 years. I've used mine for over 20 years.
What does that mean and why does that matter? Well, having done so for several decades, and prior to that experimented a little with webmail (late 90s for the most part; the only other choice was the university account or an Internet Service Provider (ISP) account*), I can tell the difference and we shall revisit the subject in the future in relation to client privilege in legal (lawyers') communications. There's a lot more to be said, then done.
Without bothering to look up other people's lists (or "research" by LLMs), here's my personal summary of the key differences:
| webmail | self-hosted webmail | self-hosted and POP3/IMAPS/SMTPS | |
| Storage | Very limited (may change at any time) | It's up to you (or server capacity) | Always up to you and your drive's (or drives') capacity |
| Privacy | Literally none | Usually at risk from browser flaws | E2EE easily feasible |
| Backup | Trust untrustworthy companies that do lost mail and cannot recover it | Back up the server | Back up the computer (every night perhaps) |
| Access | Must have access to browser and Net | Must have access to browser and Net | Usable offline, many clients exist |
| Uptime/downtime | Beg some company to stop lying about ETA | As a customer, demand honest ETA | Use offline during server issues; POP3/IMAPS/SMTPS simpler and thus more robust (thinner stack) |
| SPAM management | Outsourced to dodgy vendor, so expect false positives (they don't care about you) | More customised for oneself (can also create multiple accounts to entrap unwanted mail) | Versatile options in many mail clients and peripheral software |
That last point (concerning "multiple accounts") was illuminated to me by university staff when I worked at MCC. He said that he had created multiple accounts to know where one got the address; he said it would make isolation of SPAM a lot easier. He was right. About 22 years later I still do this.
If you're still using webmail, you may be making life a lot harder for yourself (than it ought to be). The "old way" of doing things is in many cases vastly superior, but it's harder for the "free" (not really) services to "monetise". Does anyone still believe Gmail is "free"? It wasn't too long ago that Microsoft, Google and others put an end to 'API' (not really, open protocol) access to one's mail, falsely citing "security" reasons when in fact webmail is vastly worse at security because "modern" browsers are ridiculously large and complex. Some are outdated, not fully patched, no longer maintained etc. █
____
* I know people who still use their Internet Service Provider (ISP) account. I stopped that in the late 90s. It's not only vendor lock-in, which makes negotiation with ISPs (e.g. over prices/fares/conditions) harder.
Like a university E-mail account, it's only temporary (cannot be kept for eternity no matter how much one wishes so; this impacts both staff and students). This could be added to the table above, but it needs more space to explain.
E-mail addresses are tied to domains and domains change owners or "business models" (and speaking of business, do not use your work E-mail with anybody, except for work where it's mandated; it is important not just for privacy reasons but also access/retention; employees love locking staff out of their accounts, sometimes without announcing it). If it's not yours, then it exists to serve somebody else. This means that when losing touch with some friends and those friends later (much later) wish to get in touch it'll result in messages bouncing, or worse, messages just falling onto a 'blackhole', leaving the senders to assume you simply ignore them or moved on to some unknown newer address.
Many workplaces try to dodge IRC and use spyware like Slack (or Webmail instead of "real" mail) because it makes it easier to force people - immediately and without prior warning - not to have access to past communications (in case there's a legal dispute for example). To paraphrase common wisdom, he who controls the domain controls the communication. So get your own domain and take charge.