[MlMt] Follow Up to Email Concerns
Benny Kjær Nielsen
mailinglist at freron.com
Sun Jul 25 03:45:25 EDT 2021
On 25 Jun 2021, at 2:35, Harvey Leff wrote:
> It seems that a prime alleged reason for their change is that IMAP
> does not support 2-Factor authentication. Do any of you experts have
> knowledge whether that claim is true and really limits security?
I haven't read through all the details of this thread, but MailMate
supports OAuth2 for Office365 accounts. It only works in test releases
of MailMate since the feature is quite new for Office365 itself (for
third party email clients).
On a general note, 2FA is great for security, but OAuth2 itself over
IMAP **for a desktop email client** isn't as great as it might look like
at first. It requires MailMate to be registered with Microsoft (like it
is for Gmail at Google). They can then put up all kinds of requirements
and even code audits. If MailMate should ever misbehave then they can
block its usage similar to how Apple can throw apps out of its app
store. This might all sound great, but in practice any other application
can pretend to be MailMate since there's no way for MailMate to hide its
“identity”. For example, it would also be easy to make MailMate
masquerade as Thunderbird even if MailMate had never been registered at
Microsoft (or Google).
On a related note, MailMate doesn't work with Yahoo OAuth2 since there
appears to be no official way to register MailMate for IMAP/SMTP. I
believe it works with Thunderbird because they apparently were somehow
registered “manually”. It seems Apple also has something similar for
iCloud, but I don't think any third party email clients are allowed
access to that which is why application specific passwords are needed to
make it work (contrary to Apple Mail itself).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the mailmate