[MlMt] New Yahoo! Mail restrictions for 3rd party e-mail client access as of Oct. 20th 2020

[Kee Hinckley]

Yes, I was going to say. Skipping all those options and going straight 
to "app password" looks right to me. I suspect the remove/add steps are 
there only because they don't trust users to know if their app supports 
their secure sign-on, so doing that will trigger if it does.

It looks like they are using some version of OAuth2. Here's their 
authentication line.

```
20:28:00 S: * OK [CAPABILITY IMAP4rev1 SASL-IR AUTH=PLAIN AUTH=XOAUTH2 
AUTH=OAUTHBEARER ID MOVE NAMESPACE XYMHIGHESTMODSEQ UIDPLUS LITERAL+ 
CHILDREN X-MSG-EXT OBJECTID] IMAP4rev1 Hello
```

Given that the OAuth versions of Google and Outlook both required 
MailMate changes, I'm guessing this will too.

On 25 Aug 2020, at 12:17, Verdon Vaillancourt wrote:

> Application password should work. I use this sort of mechanism for 
> Apple account
>
> v
>
>
>
> On 25 Aug 2020, at 15:13, Greg Earle wrote:
>
>> All:
>>
>> I use MailMate for all of my e-mail accounts, including a throwaway 
>> Yahoo! Mail account I only use for external verification of other 
>> accounts and a few mailing list subs from shopping sites.
>>
>> Today I got an e-mail from Yahoo! with Subject: "Important security 
>> notice for your Yahoo account".  It says that as of October 20, 2020
>>
>> "We’ve noticed that you’re using non-Yahoo applications (such as 
>> third-party email, calendar, or contact applications) that may use a 
>> less secure sign-in method.  To protect you and your data, Yahoo will 
>> no longer support the current sign-in functionality in your 
>> application starting on October 20, 2020.  This means that you will 
>> need to take one of the steps below to continue using Yahoo Mail 
>> without interruption."
>>
>> It lists 3 different options, including one to "keep your current, 
>> non-Yahoo app", but you'll have to "follow a few steps to get it in 
>> sync with our secure sign-in method".
>>
>> Anyway, for specific instructions for using "Others" e-mail clients, 
>> there is a link to this page:
>>
>> https://help.yahoo.com/kb/new-mail-for-desktop/SLN27791.html?impressions=true
>>
>> where it has these non-helpful suggestions:
>>
>> --
>>     If possible, use the Yahoo Mail app or mail.yahoo.com. Since 
>> Yahoo owns these services, we can ensure you're always using the most 
>> secure sign-in technology when accessing your email.
>>
>>     If you'd prefer to continue using your non-Yahoo email 
>> application, try removing and re-adding your account.  Look for the 
>> Yahoo logo when you go to set it up again to activate the secure 
>> sign-in method.
>>
>>     If removing and re-adding your account does not work, generate a 
>> third-party app password to access your account.
>> --
>>
>> I'm not sure whether I'll be able to continue using MailMate with 
>> these new restrictions after October 20.
>> _______________________________________________
>> mailmate mailing list
>> mailmate at lists.freron.com
>> https://lists.freron.com/listinfo/mailmate
> _______________________________________________
> mailmate mailing list
> mailmate at lists.freron.com
> https://lists.freron.com/listinfo/mailmate
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20200825/a735a1f1/attachment.htm>