Keith Turpin Keith is the Chief Information Security Officer (CISO) and Head of Global Infrastructure Services at Universal Weather and Aviation, a billion-dollar international aviation services company that operates 50 locations in 20 countries. Prior to Universal Weather and Aviation, Keith served as a cyber security Technical Fellow at The Boeing Company where he led Application Security Assessments, International IT Security Operations and Supply Chain Security. Keith frequently speaks on various cyber security topics. He has presented for the Houston FBI, Los Alamos National Laboratory, the Department of Homeland Security’s Software Assurance Forum and in Singapore at Blackhat Asia. Keith has made several industry contributions including serving as a U.S. delegate to the International Standards Organization’s Cyber Security Sub-Committee and leading an international software security best practices project. Keith holds a MS in Computer Systems and a BS in Mechanical Engineering.

Using a Local Mail Client to Backup Web Email

One of the reasons you want to have a backup of your web email is that it can be very difficult to recover email if your account is hacked and your email is deleted. This can and does happen to people.

The oldest and most common method for creating a local copy of web email is to connect a local email client (i.e. desktop email software) to your web mail provider (e.g. Gmail, Yahoo, etc.). The local client will download a copy of the email and save it on your PC. Depending on the client and how you configured the connection to your web mail, you may then want to do a backup from the desktop email client, thus saving a copy of all your email. Common local email clients include Thunderbird, Outlook, and Apple Mail. This method will work with any of the major online email services and is the only way recommended by Yahoo for bulk email backup.

Here is the tricky part, and, yes, it seems there is always a tricky part. When you set up a desktop email application to download email from your web email provider, you can tell it to connect in one of two ways:

  1. IMAP: This method allows the desktop email software to have live 2-way synching with the web email provider, which means everything you do either on the desktop software or through your browser accessing the web mail, will get duplicated to each other.

o Advantage: This type of connection by default just duplicates email between the desktop email software and the web email service. (See disadvantages of a POP connection below)

o Disadvantage: If your web email gets hacked and the email is all deleted, the local application will also delete its copy. Though you may be able to recover those local files.

o To avoid losing all email in a hacked account scenario, you can easily backup the desktop email application periodically. This can be accomplished with many desktop email applications by backing up/copying the applications profile, which contains the email.

  1. POP: This method allows the desktop email software to establish a 1-way download from your web based email to a desktop email application. Because the desktop email software does not push changes back up to the web email provider, changes made in the desktop email software will not affect the original emails in your Gmail/Yahoo Mail account.

o Advantage: Email maliciously deleted from your web email will be retained in your local desktop email.

o Disadvantage: Most desktop email software and servers are configured to delete the emails from the web email server when using the POP protocol. You need to check the settings in your desktop email software and web mail settings to be sure the email is “kept” on the web email service.

o In Gmail, go to Settings >> Forwarding and POP/IMAP >>”When messages are accessed with POP” and choose to “keep” email after being accessed by a POP connection.

Configuring Gmail

  • Settings >> Forwarding and POP/IMAP >> Enable IMAP or POP (depending on your goal)
  • Using IMAP with Gmail:

More information about Google POP use here:

  • If you think your Gmail account has been hacked:

Configuring Yahoo

  • Settings >> Accounts >> your Yahoo account >> Under “Access your Yahoo Mail elsewhere,” >> select POP >> Pick how you want to handle spam emails >> Click Save
  • Using IMAP with Yahoo mail:

Alternatives for Backing Up Your Gmail

  • Google email and data files can be backed up using Google’s Takeout Tool:
  • Google Download Information page:
  • Google Takeout:

You can also use third party software to backup Gmail such as Upsafe.

  • Upsafe is a free program that you can connect to your Gmail and download it locally. It will do incremental downloads and let you browse your downloaded email and attachments from within the app.


Free Gmail Backup