Gmail & IMAP

Home Forums The Show Discussion Gmail & IMAP


This topic contains 5 replies, has 3 voices, and was last updated by Christian Christian 2 years, 5 months ago.

Viewing 6 posts - 1 through 6 (of 6 total)
  • Author
  • #3302

    Regarding the caller having problems with Roadrunner and Thunderbird, I don’t have any suggestions but I want to echo Steve’s comments regarding GMail. It’s the worst choice for use with a mail client like Thunderbird. Google really wants you to use the web interface.



    Would you explain why that combination is bad? That’s what I’ve been using for several years, and have been real happy with it. I do use the POP3 access rather than IMAP, but seems to work out better than what the ISPs provide in their email service.


    It might be because we had the same account setup in multiple computers, but some messages would download to one client but not another. Other times it was what the caller was saying; there were messages in webmail that hadn’t downloaded at all. I remember finding a setting on the website that seemed to help, but didn’t eliminate the issue. Why are there so many settings? I believe it’s because GMail’s IMAP is either non-standard or requires extra configuration whereas every other mail provider has just worked. Maybe I’ve just had a bad experience but I don’t trust that it’s showing me all my messages without double checking by logging into the website.


    Google screwed me again! It works for a month or two and then, since Google knows best, they changed my settings. I opened Thunderbird and of course, none of the new emails downloaded, so I have to go to the web interface. There I see “sign-in attempt blocked”. Great. Thanks, Google. It says

    if this was you, we recommend switching to an app made by Google such as Gmail

    No kidding. I didn’t see that coming 🙂

    or change your settings so that your account is no longer protected by modern security standards

    I love the vague “modern security standards”. It’s like Google has borrowed the FUD page from Microsoft’s 90’s playbook. I mean, it’s not like they could have written something more informative. It’s not like users of Google services are technically savvy. So I go to the settings page and see

    Some apps use less secure sign-on technology which makes your account more vulnerable. You can turn off access for these apps which we recommend, or turn on access if you want to use them despite the risks.

    Less-secure sign-on technology, another technical term. Clicking on “Learn More” shows

    Some examples of apps that do not use the latest security standards include:
    Some Desktop mail clients like Microsoft Outlook and Mozilla Thunderbird

    There it is. Google does not want you using Thunderbird, makes vague and misleading statements in order to dissuade you, and configures Gmail settings in order to break Thunderbird.



    I would not be surprised in the slightest if the “security” they are referring to is SSL encryption of mail to and from a mail client such as Thunderbird.
    Their servers probably have to support SSL or they would lose a lot of tech-savvy users, but I can’t imagine they like not being able to eavesdrop on your mail, so they lose out on information they can sell to advertisers.


    It’s not SSL (by the way, SSL only encrypts during transport so they can still spy on you). I thought it might be two-factor identification since we’ve been hearing a lot about that lately, but that’s not it, it’s this.

    the “modern security standard” Google are trying to force feed everyone is a web standard not a mail standard. To work properly the application must act as a browser. Something of a security issue for a mail client that is not a browser.

    They Mention Outlook and Thunderbird like they are standouts. The truth is there is not a mail client on the planet other than Google web apps in a browser or on a mobile device that meet their standard.

    The bottom line is enable less secure apps. They are standards compliant applications. They are not less secure, they just do not meet Googles arbitrary authentication standard.

    Google wants email clients to implement OAuth2.0-based authentication, and has stated they intend to cause disruption (hassles) for users that authenticate (login) using a username/password with the POP, IMAP, or SMTP protocol. OAuth 2.0 requires the email client to launch a browser to display a HTML form provided by Google (which can do anything they want) , and then use a token that it returns.

    This is not an issue of whether or not Thunderbird is implementing the latest version of SSL/TLS etc., they’re basically saying they are trying to actively discourage people from using any email client that logins to Gmail using POP, IMAP or SMTP anymore. This appears to be another example of embrace, extend, and extinguish.

    Turns out their “modern standard” is a meaningless scare tactic in order to get people to use something which Google designed and no one else uses. Meanwhile, Google doesn’t even support older security standards like PGP encryption while its social networking rival, Facebook, does (I shouldn’t say rival, Facebook has hundreds of millions of users. By comparison almost no one uses Google Plus).

Viewing 6 posts - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

Comments are closed.