I might be over paranoid and correct me if wrong but as far as I understand, almost all the email clients out there either store your credentials or the access token to be able to send you push notifications for new emails.<p>Once they have the credentials/token, they have full control over your emails, what happen if they get compromised or they leak your data?
Even 2FA will not protect you in this case since you already give them the auth token after a successful 2FA auth, or a specific app password.<p>Considering the email is used to reset almost all other accounts passwords, how can you trust a third party email clients? Am I missing something?
Thanks.
I don't use non-open-source, third party email clients.<p>For G Suite (personal) - I use gmail web client.<p>For Office 365 (work) - I use Outlook.<p>For my own mail server - I use Thunderbird or forward to gmail.
How do you trust someone else to manage your mail service?<p>How do you trust every line of an open source package without auditing it yourself?<p>In your hierarchy of risk/trust, this one is pretty small.
Send / receive encrypted messages. Print out encrypted data. Type into computer you built yourself from individual transistors to do the decryption.