Get started today with annual, unlimited access for only $495!

Webmail, short for web-based electronic mail (email), has been around for decades. An estimated 4 billion+ webmail accounts exist among all providers today, with steady growth into the millions year over year. Many people have multiple webmail accounts for different purposes, largely because most webmail accounts are free to set up and use.

Gmail, owned by Google, currently accounts for well over one-third of webmail users worldwide. The top four providers—Gmail, iCloud Mail (Apple), (Microsoft, Hotmail), and Yahoo! Mail—make up nearly three-quarters of all webmail users globally, partly due to other consumer services (e.g., cloud storage, mobile phones, or multi-player gaming) that require the use of their webmail accounts.

Webmail and Traditionally Hosted Mail

Webmail is simply a form of email. The other form of email can be thought of as traditionally hosted email. For example, an Internet
service provider (ISP) may provide email hosting services using enterprise email software, such as Microsoft Exchange Server, where they maintain the computer server infrastructure, and administrators create and manage users and related, back-end IT services. With webmail, consumers simply sign up through a website maintained by the webmail service provider.

Both traditional email and webmail can be configured with an email client, the software used to send, receive, and store local (offline)
copies of emails. Most people are familiar with Microsoft Outlook (not to be confused with, which is the Microsoft webmail service). Another popular email client is Apple Mail, which has been packaged with Apple’s MacOS operating system since before 2000. Today, many email clients are also offered as mobile apps.

Email Collection in Discovery

Understanding the difference between traditional email and webmail, as well as how email is accessed by a user, is important in terms of ESI because it alters where, how, what, and by whom information can be obtained.

  • Email stored within local mail clients (e.g., Outlook, Apple Mail) or within managed service provider (“MSP”) data centers can be obtained through proper data forensic methods.
  • Email accessed only via a web browser and hosted by a webmail provider has a very low probability of being captured using data forensic methods.

Based on the limitation of webmail, the typical reaction by attorneys is to subpoena the webmail provider; however, the Electronic Communications Privacy Act and Stored Communications Act present a serious roadblock.

Electronic Communications Privacy Act / Stored Communications Act

The Electronic Communications Privacy Act of 1986  and the Stored Communications Act (collectively, the “ECPA”) protect customer records of companies that provide telecommunications and data transmission and storage services from disclosure.

Under the ECPA, certain records (e.g., customer names, billing records, IP addresses) may be obtained by a proper civil subpoena. Such data can be crucial for authenticating email messages already possessed by counsel, tracing the source of a specific email, or identifying the user or an otherwise anonymous email account.

However, the substantive content of electronic communications—including text messages and social media content—enjoys much greater protection and can only be disclosed in response to a search warrant, a federal court order, or the “authorization of the account holder.”


Options for Collecting ESI

If a specific email or email series is deemed critical, counsel should serve a preservation letter on the service provider. (See sample preservation letters. ) The letter should include the case information, identify the account holder(s), and specify the ESI that counsel will be seeking. Although the provider will not disclose the ESI under the ECPA, they will preserve it (for a period of time ) to allow counsel to seek remedies in obtaining the content.

Service providers do not store ESI indefinitely, so the preservation letter should also be emailed and/or faxed. If the account holder deletes the ESI in question, there will be a (potentially very) short period of time during which it may be recovered.

After sending the preservation letter, counsel should move to have the court direct the account holder(s) to authorize the email provider to disclose the ESI.

Every email message has at least one (1) sender and at least one (1) recipient. That same email message may also have been copied or blind copied to additional recipients. It may thus be possible to obtain the email(s) from the sender’s machine or account, or the machine or account of any recipient.

Additional Resources


Click on the logo below to see service of process information and other details for each service provider.

Don't see a provider you are looking for?

We can still help. Click the Provider Request button below, and we'll start the process of getting you what you need.

Provider Request

Brought to you by the NGH Group