[MlMt] Follow Up to Email Concerns

[Benny Kjær Nielsen]

On 25 Jun 2021, at 2:35, Harvey Leff wrote:

> It seems that a prime alleged reason for their change is that IMAP 
> does not support 2-Factor authentication. Do any of you experts have 
> knowledge whether that claim is true and really limits security?

I haven't read through all the details of this thread, but MailMate 
supports OAuth2 for Office365 accounts. It only works in test releases 
of MailMate since the feature is quite new for Office365 itself (for 
third party email clients).

On a general note, 2FA is great for security, but OAuth2 itself over 
IMAP **for a desktop email client** isn't as great as it might look like 
at first. It requires MailMate to be registered with Microsoft (like it 
is for Gmail at Google). They can then put up all kinds of requirements 
and even code audits. If MailMate should ever misbehave then they can 
block its usage similar to how Apple can throw apps out of its app 
store. This might all sound great, but in practice any other application 
can pretend to be MailMate since there's no way for MailMate to hide its 
“identity”. For example, it would also be easy to make MailMate 
masquerade as Thunderbird even if MailMate had never been registered at 
Microsoft (or Google).

On a related note, MailMate doesn't work with Yahoo OAuth2 since there 
appears to be no official way to register MailMate for IMAP/SMTP. I 
believe it works with Thunderbird because they apparently were somehow 
registered “manually”. It seems Apple also has something similar for 
iCloud, but I don't think any third party email clients are allowed 
access to that which is why application specific passwords are needed to 
make it work (contrary to Apple Mail itself).

Phew...

-- 
Benny
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freron.com/pipermail/mailmate/attachments/20210725/899224d2/attachment.htm>