July 26, 2016
One unlikely lesson of the 2016 presidential election turns out to be that you simply should not host your own email unless you really know what you're doing. And odds are, if you're running for office, or running a political party, you probably don't.
It's still unclear how exactly the Democratic National Committee email servers were compromised and whether anyone hacked into Hillary Clinton's personal servers. But it seems like everyone's email would probably have been served by letting Google take care of it. (Set aside for a moment the rules governing how public records are stored for government officials. That's an important issue, no doubt, but it's not precisely a question of security.)
Outsourcing email management to a private company doesn’t solve all potential security threats. It’s still, of course, possible for an adversary to steal credentials and use them to access an individual’s email records. In fact, at least one DNC consultant’s personal email, operated by Yahoo, was reportedly targeted as part of the larger breach. But while corporate email servers and security measures won’t necessarily protect individual accounts from being compromised, they generally do a pretty good job protecting against someone trying to conduct a full sweep of every email on a server.