Sylpheed and gmail

For discussions about security.
Post Reply
Message
Author
Wognath
Posts: 423
Joined: Sun 19 Apr 2009, 17:23

Sylpheed and gmail

#1 Post by Wognath »

In order for Sylpheed to connect to gmail, allow less secure apps must be set to "yes" in the gmail "My account" options, resulting in this notification:
Access for less secure apps has been turned on.

You recently changed your security settings so that your Google Account xxxx@gmail.com is no longer protected by modern security standards.

Please be aware that it is now easier for an attacker to break into your account.
I have several questions about this. Thanks in advance for information.

I'm not worried about it. Should I be?
Google, sometime late in 2014 started blocking apps that are using IMAP/SMTP PLAIN authentication by default. It also seems no Linux email client has addressed this change
https://stackoverflow.com/questions/353 ... imap-gmail (4/2017) If this were a problem, Linux mail clients would have addressed it by now, right?
In my understanding, "less secure apps" refers to applications that send your credentials directly to Gmail. Lots of things can go wrong when you give your credentials to third party to give to the authentication authority
https://security.stackexchange.com/ques ... le-account
Hmm, I think he means "more secure apps" like web login. To establish https, gmail sends their certificate to me. What am I sending to whom during imap login? Who is the third party?

P.S. anticipating advice to drop google: gmail is free and convenient and I've had the account for a long time. For important mail I use fastmail, for searches DDG. ;)

Fatdog 721 frugal, Sylpheed 3.5.1
[edited for clarity]
Top
Gordie
Posts: 153
Joined: Tue 23 Aug 2016, 15:26
Location: Nolalu, Ontario, Canada

#2 Post by Gordie »

I use the Google Mail Checker extension for my Chromium browser. Not exactly the ideal situation but it works and it can also read html email. Sylpheed cannot read html
Top
User avatar
fabrice_035
Posts: 765
Joined: Mon 28 Apr 2014, 17:54
Location: Bretagne / France

#3 Post by fabrice_035 »

hi,

You can use SSL with POP3 and SMTP. I think is secure, no ?
Top
mfb

#4 Post by mfb »

Gordie wrote above:
Sylpheed cannot read html
jamesbond wrote elsewhere:
Sylpheed can also handle html email - it will transliterate it to text. You can't view it with the html formatting as such, but at least you can view the text. This may or may not be good enough. For me it is.
Top
Sailor Enceladus
Posts: 1543
Joined: Mon 22 Feb 2016, 19:43

#5 Post by Sailor Enceladus »

It probably means "choose the webmail to see OUR ads and services based on what YOU send and receive in your emails, or we will try to scare the * out of you in another way". - Google Team :)
Top
User avatar
prehistoric
Posts: 1744
Joined: Tue 23 Oct 2007, 17:34

#6 Post by prehistoric »

I do have a gmail account or two, in addition to others. It was possible when I set it up to use an application-specific password which would not work from any other machine. It still works.

I would like to use 2FA with a hardware key for gmail, but I don't like using their web interface, which keeps changing.

I don't use HTML messages, depending on Sylpheed to translate the text, where possible. I don't use external spam filters, which makes me look like a prime sucker to spammers, but I do have filters in Sylpheed that move suspect email to a spam folder, where it can be examined with other tools. I have quite a collection of booby-trapped HTML email.

Someone needs to explain to me why ISPs don't immediately identify email like that with the attached text as spam. This file really is gzipped.
Attachments
spam_header.txt.gz
random word header from spam intended to make it look like a real message, gzipped.
(7.34 KiB) Downloaded 103 times
Top
Post Reply

Return to “Security”