There used to be a time when secure email management was simple. “Managing” meant sorting through your email messages, putting them into appropriate folders. Secure email back them meant using a simple password for email access. However, today, with email being a business critical application, more threats against email than ever before, government regulatory concerns, secure email management takes on a whole different meaning. Viruses, spam, worms, and other malicious attacks and non-malicious events can bring email infrastructures to their knees. With recent government legislation in countries such as the U.S., email confidentiality has become a growing concern. One of the more common access to email today is via web browser and web based email access. What security issues should be kept in mind when developing or designing web mail systems?