Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 23 Oct 2018, 10:37
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Sylpheed and gmail
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 1 [6 Posts]  
Author Message
Wognath

Joined: 19 Apr 2009
Posts: 405

PostPosted: Sat 20 Jan 2018, 17:06    Post subject:  Sylpheed and gmail  

In order for Sylpheed to connect to gmail, allow less secure apps must be set to "yes" in the gmail "My account" options, resulting in this notification:
Quote:
Access for less secure apps has been turned on.

You recently changed your security settings so that your Google Account xxxx@gmail.com is no longer protected by modern security standards.

Please be aware that it is now easier for an attacker to break into your account.
I have several questions about this. Thanks in advance for information.

I'm not worried about it. Should I be?

Quote:
Google, sometime late in 2014 started blocking apps that are using IMAP/SMTP PLAIN authentication by default. It also seems no Linux email client has addressed this change
https://stackoverflow.com/questions/35377148/why-do-all-of-my-linux-based-email-clients-fail-to-authenticate-using-imap-gmail (4/2017) If this were a problem, Linux mail clients would have addressed it by now, right?

Quote:
In my understanding, "less secure apps" refers to applications that send your credentials directly to Gmail. Lots of things can go wrong when you give your credentials to third party to give to the authentication authority
https://security.stackexchange.com/questions/66025/what-are-the-dangers-of-allowing-less-secure-apps-to-access-my-google-account
Hmm, I think he means "more secure apps" like web login. To establish https, gmail sends their certificate to me. What am I sending to whom during imap login? Who is the third party?

P.S. anticipating advice to drop google: gmail is free and convenient and I've had the account for a long time. For important mail I use fastmail, for searches DDG. Wink

Fatdog 721 frugal, Sylpheed 3.5.1
[edited for clarity]
Back to top
View user's profile Send private message 
Gordie

Joined: 23 Aug 2016
Posts: 120

PostPosted: Sat 20 Jan 2018, 21:55    Post subject:  

I use the Google Mail Checker extension for my Chromium browser. Not exactly the ideal situation but it works and it can also read html email. Sylpheed cannot read html
Back to top
View user's profile Send private message 
fabrice_035


Joined: 28 Apr 2014
Posts: 506
Location: Bretagne / France

PostPosted: Sun 21 Jan 2018, 04:40    Post subject:  

hi,

You can use SSL with POP3 and SMTP. I think is secure, no ?
Back to top
View user's profile Send private message 
mfb

Joined: 22 Mar 2016
Posts: 60

PostPosted: Sun 21 Jan 2018, 04:44    Post subject:  

Gordie wrote above:
Quote:

Sylpheed cannot read html


jamesbond wrote elsewhere:
Quote:
Sylpheed can also handle html email - it will transliterate it to text. You can't view it with the html formatting as such, but at least you can view the text. This may or may not be good enough. For me it is.
Back to top
View user's profile Send private message 
Sailor Enceladus

Joined: 22 Feb 2016
Posts: 1547

PostPosted: Sun 21 Jan 2018, 08:40    Post subject:  

It probably means "choose the webmail to see OUR ads and services based on what YOU send and receive in your emails, or we will try to scare the * out of you in another way". - Google Team Smile
Back to top
View user's profile Send private message 
prehistoric


Joined: 23 Oct 2007
Posts: 1736

PostPosted: Sun 21 Jan 2018, 10:09    Post subject:  

I do have a gmail account or two, in addition to others. It was possible when I set it up to use an application-specific password which would not work from any other machine. It still works.

I would like to use 2FA with a hardware key for gmail, but I don't like using their web interface, which keeps changing.

I don't use HTML messages, depending on Sylpheed to translate the text, where possible. I don't use external spam filters, which makes me look like a prime sucker to spammers, but I do have filters in Sylpheed that move suspect email to a spam folder, where it can be examined with other tools. I have quite a collection of booby-trapped HTML email.

Someone needs to explain to me why ISPs don't immediately identify email like that with the attached text as spam. This file really is gzipped.
spam_header.txt.gz
Description  random word header from spam intended to make it look like a real message, gzipped.
gz

 Download 
Filename  spam_header.txt.gz 
Filesize  7.34 KB 
Downloaded  63 Time(s) 
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 1 [6 Posts]  
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0449s ][ Queries: 14 (0.0077s) ][ GZIP on ]