<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/xhtml; charset=utf-8">
</head>
<body>
<div style="font-family:sans-serif"><div style="white-space:normal">
<p dir="auto">Thanks Benny - great feedback…</p>
<hr style="background:#333; background-image:linear-gradient(to right, #ccc, #333, #ccc); border:0; height:1px" height="1">
<p dir="auto">On 19 May 2022, at 23:16, Benny Kjær Nielsen wrote:</p>
</div>
<div style="white-space:normal"><blockquote style="border-left:2px solid #777; color:#777; margin:0 0 5px; padding-left:5px"><p dir="auto">On 19 May 2022, at 23:34, Antonio Leding wrote:<br>
</p>
<blockquote style="border-left:2px solid #777; color:#999; margin:0 0 5px; padding-left:5px; border-left-color:#999"><p dir="auto">A few days ago, I ran across a post discussing the upcoming Google mandate that all Gmail users must use OAUTH2. My understanding is that this has been working in MM for quite a while so no issue there.</p>
</blockquote><p dir="auto">Yes, the mandate might be new but password-based access to Gmail accounts has not worked well for many years. I never found out the exact triggers, but users would often have to sign in to webmail to “unlock” an account for IMAP/SMTP access. I also think default Gmail settings changed to not allowing it by default (I might be wrong on that one).<br>
<br>
MailMate has worked with Gmail/OAuth2 for almost seven years. I wrote about my concerns at the time and that's basically how I still feel about the subject: <a href="https://blog.freron.com/2015/is-oauth2-support-a-good-thing/" style="color:#777">https://blog.freron.com/2015/is-oauth2-support-a-good-thing/</a><br>
<br>
In that blog post I write: “If the provider stops supporting other authentication schemes (which is almost true for Google) then the provider has the power to decide which email clients are allowed to access Gmail.”<br>
<br>
This is no longer an “if” statement, but in practice it doesn't change much since password-access did not work well anyways (in my experience).<br>
</p>
<blockquote style="border-left:2px solid #777; color:#999; margin:0 0 5px; padding-left:5px; border-left-color:#999"><p dir="auto">The part that got me wondering is this - this post stated that some apps may need to undergo an annual Google verification process and that this could cost the devs several hundred or thousands of dollars per year.</p>
</blockquote><p dir="auto">Initially, Google told me the same thing 7 years ago after I went through a long and tedious series of steps to “verify” MailMate. Fortunately, a desktop email application like MailMate does not match the conditions stated by Google for the security assessment requirement (see the end of this email).<br>
</p>
<blockquote style="border-left:2px solid #777; color:#999; margin:0 0 5px; padding-left:5px; border-left-color:#999"><p dir="auto">I have no idea if this applies to Mailmate but since I had not seen anything about this specific topic, I thought I would raise it if only to have the feedback be “No concern - we’re all good to go.”</p>
</blockquote><p dir="auto">I don't have statistics, but I assume most MailMate users have OAuth2 enabled for Gmail (it's the default behavior).<br>
<br>
In general, I cannot say “No concern” since that would contradict my blog post :)<br>
</p>
<blockquote style="border-left:2px solid #777; color:#999; margin:0 0 5px; padding-left:5px; border-left-color:#999"><p dir="auto"><a href="https://support.google.com/cloud/answer/9110914" style="color:#999">https://support.google.com/cloud/answer/9110914</a></p>
</blockquote><p dir="auto">The important part of what you linked to is this: “To help keep user data safe, every app that requests access to restricted scope Google user’s data and has the ability to access data from or through a third party server is required to go through a security assessment from Google empanelled security assessors.”<br>
<br>
MailMate does not have the ability to “access data from or through a third party server”.<br>
<br>
-- <br>
Benny<br>
_______________________________________________<br>
mailmate mailing list<br>
mailmate@lists.freron.com<br>
<a href="https://lists.freron.com/listinfo/mailmate" style="color:#777">https://lists.freron.com/listinfo/mailmate</a></p>
</blockquote></div>
<div style="white-space:normal">
</div>
</div>
</body>
</html>