Thanks Benny - great feedback…
- - -
On 19 May 2022, at 23:16, Benny Kjær Nielsen wrote:
On 19 May 2022, at 23:34, Antonio Leding wrote:
A few days ago, I ran across a post discussing the upcoming Google
mandate that all Gmail users must use OAUTH2. My understanding is
that this has been working in MM for quite a while so no issue there.
Yes, the mandate might be new but password-based access to Gmail
accounts has not worked well for many years. I never found out the
exact triggers, but users would often have to sign in to webmail to
“unlock” an account for IMAP/SMTP access. I also think default
Gmail settings changed to not allowing it by default (I might be wrong
on that one).
MailMate has worked with Gmail/OAuth2 for almost seven years. I wrote
about my concerns at the time and that's basically how I still feel
about the subject:
https://blog.freron.com/2015/is-oauth2-support-a-good-thing/
In that blog post I write: “If the provider stops supporting other
authentication schemes (which is almost true for Google) then the
provider has the power to decide which email clients are allowed to
access Gmail.”
This is no longer an “if” statement, but in practice it doesn't
change much since password-access did not work well anyways (in my
experience).
The part that got me wondering is this - this post stated that some
apps may need to undergo an annual Google verification process and
that this could cost the devs several hundred or thousands of dollars
per year.
Initially, Google told me the same thing 7 years ago after I went
through a long and tedious series of steps to “verify” MailMate.
Fortunately, a desktop email application like MailMate does not match
the conditions stated by Google for the security assessment
requirement (see the end of this email).
I have no idea if this applies to Mailmate but since I had not seen
anything about this specific topic, I thought I would raise it if
only to have the feedback be “No concern - we’re all good to
go.”
I don't have statistics, but I assume most MailMate users have OAuth2
enabled for Gmail (it's the default behavior).
In general, I cannot say “No concern” since that would contradict
my blog post :)
https://support.google.com/cloud/answer/9110914
The important part of what you linked to is this: “To help keep user
data safe, every app that requests access to restricted scope Google
user’s data and has the ability to access data from or through a
third party server is required to go through a security assessment
from Google empanelled security assessors.”
MailMate does not have the ability to “access data from or through a
third party server”.
--
Benny
_______________________________________________
mailmate mailing list
[email protected]
https://lists.freron.com/listinfo/mailmate
_______________________________________________
mailmate mailing list
[email protected]
https://lists.freron.com/listinfo/mailmate
