download email from gmail regularly

[Julieta Shem]

It seems Gmail is decomissioning username-password authentication.
Clients will have to use "Sign in with Google". What happens to all
download-email programs? I'm looking for one, in fact. If I want to
pull my mail via POP or IMAP today, what would I have to use?

I'd like to read my mail with Gnus (using djb's Maildir storage). I
can't stand Gmail any longer. I'm done.

(*) Other questions

This ``Sign In with Google'' means the downloader would always have to
ask me for passwords? I could never just pull gmail without being asked
for credentials? (Very annoying.)

[Julieta Shem]

Here's another option I might have. I could just forward my Gmail
e-mail to another mailbox and then pull my email from this other
mailbox. But this other mailbox would have to allow me some easy
authentication and also let me SMTP-send mail from it.

I don't have an SMTP server myself. To do that with, say, Proton Mail,
I'd have to buy an account because there seems to be no IMAP access to
it without a paid account.

If I were to host my own mail, I suppose I should use it to just get
mail from Gmail and not use it to send mail out to the world because I
can't devote my life to SMTP deliveries right now. So I'd need a way to
SMTP-send mail out through Gmail somehow. (I wonder if that's possible
still.)

[Gary R. Schmidt]

There's a process to get an authorisation string for your gmail accounts
- I did it so very, very long ago I no longer recall what I did, but
it's still working with getmail - so google should eventually point you
to the right place.

Cheers,
Gary B-)

[Mike Spencer]

Julieta Shem <js...@yaxenu.org> writes:

> Julieta Shem <js...@yaxenu.org> writes:
>
>> It seems Gmail is decomissioning username-password authentication.
>> Clients will have to use "Sign in with Google". What happens to all
>> download-email programs? I'm looking for one, in fact. If I want to
>> pull my mail via POP or IMAP today, what would I have to use?
>>
>> I'd like to read my mail with Gnus (using djb's Maildir storage). I
>> can't stand Gmail any longer. I'm done.
>>
>> (*) Other questions
>>
>> This ``Sign In with Google'' means the downloader would always have to
>> ask me for passwords? I could never just pull gmail without being asked
>> for credentials? (Very annoying.)
>
> Here's another option I might have. I could just forward my Gmail
> e-mail to another mailbox and then pull my email from this other
> mailbox. But this other mailbox would have to allow me some easy
> authentication and also let me SMTP-send mail from it.

How do you access the net? Whatever company is providing your IP
address or handing you one each time you connect should have an SMTP
server on their system. Such a server shoud recognize your IP address
as "one of ours" and allow you to connect and send mail.

I do my mail through a surviving mom 'n pop ISP but I connect through a
major telecom company. If the local ISP is down (it suffers from the
same power outages I do) I can swap in a different set of config
files, restart sendmail, and send via the corporate SMTP server. My
local ISP requires me to use TLS and AUTH on port 587 as I appear to
it to be "foreign" but the corporate server apparently sees me as "one
of ours" and accepts SMTP on port 25 as usual. (This doesn't help with
receiving mail when the local ISP is down, of course.)

FWIW, I've never used Gmail because I dread the kind of thing you're
encountering -- hacking a corporate interface -- far more than I do
the task of hacking sendmail (which is, as they say, marginally above
my pay grade. :-)

> I don't have an SMTP server myself. To do that with, say, Proton Mail,
> I'd have to buy an account because there seems to be no IMAP access to
> it without a paid account.
>
> If I were to host my own mail, I suppose I should use it to just get
> mail from Gmail and not use it to send mail out to the world because I
> can't devote my life to SMTP deliveries right now. So I'd need a way to
> SMTP-send mail out through Gmail somehow. (I wonder if that's possible
> still.)

--
Mike Spencer Nova Scotia, Canada

[Computer Nerd Kev]

In comp.misc Mike Spencer <m...@bogus.nodomain.nowhere> wrote:

> Julieta Shem <js...@yaxenu.org> writes:
>> Here's another option I might have. I could just forward my Gmail
>> e-mail to another mailbox and then pull my email from this other
>> mailbox. But this other mailbox would have to allow me some easy
>> authentication and also let me SMTP-send mail from it.
>
> How do you access the net? Whatever company is providing your IP
> address or handing you one each time you connect should have an SMTP
> server on their system. Such a server shoud recognize your IP address
> as "one of ours" and allow you to connect and send mail.
>
> I do my mail through a surviving mom 'n pop ISP but I connect through a
> major telecom company. If the local ISP is down (it suffers from the
> same power outages I do) I can swap in a different set of config
> files, restart sendmail, and send via the corporate SMTP server. My
> local ISP requires me to use TLS and AUTH on port 587 as I appear to
> it to be "foreign" but the corporate server apparently sees me as "one
> of ours" and accepts SMTP on port 25 as usual. (This doesn't help with
> receiving mail when the local ISP is down, of course.)

Yes I use my ISP's SMTP server similarly. One issue might be if
Google has their SPF record set to indicate that their servers are
the only valid source of mail from Gmail accounts. Then mail sent
from other SMTP servers is more likely to be marked as spam by
people who use spam filtering. However if you have your email
address at your own domain (not @gmail.com etc.), but hosted by
GMail, this isn't a problem as you can change your SPF record or
not use one at all (though the latter is claimed to often cause
email to be marked as spam too).

> FWIW, I've never used Gmail because I dread the kind of thing you're
> encountering -- hacking a corporate interface -- far more than I do
> the task of hacking sendmail (which is, as they say, marginally above
> my pay grade. :-)

Indeed I opt for Sendmailing over GMailing as well. Unfortunately
Google still forces me to tinker with Sendmail configs to try and
placate their evil spam filtering which nevertheless seems to
insist that anyone running their own email server must be sending
spam.

--
__ __
#_ < |\| |< _# | Note: I won't see posts made from Google Groups |

[Computer Nerd Kev]

That sounds like what's called "App Passwords" here:

"Crucial to note, however, is that App Passwords will continue to
work, which is good news, because without App Passwords, older
IMAP email clients without OAuth support, such as the ones often
used on legacy or minor operating systems, would cease to work
with Gmail."
https://www.osnews.com/story/138392/google-to-restricts-access-to-imap-smtp-pop-to-oauth-this-year/

[Andy Burns]

Julieta Shem wrote:

> It seems Gmail is decomissioning username-password authentication.

they more or less did that 2 years ago, asking people to use oAuth2

for those who couldn't use oAuth, they require per-device passwords,
which in turn require you to enable 2-step validation, which in turn
requires they know your mobile number (also you can't turn off 2-step
later, as that burns the per-device passwords)

> Clients will have to use "Sign in with Google".

that was decidedly their direction of travel at the time

> What happens to all
> download-email programs? I'm looking for one, in fact. If I want to
> pull my mail via POP or IMAP today, what would I have to use?

in the same way stunnel can "wrap" TLS around a http or pop3 connection
to make it https or pop3s, there are oAuth wrappers available, I've
never used them

> I'd like to read my mail with Gnus (using djb's Maildir storage). I
> can't stand Gmail any longer. I'm done.

any use?

<https://github.com/ggervasio/gnus-gmail-oauth/blob/master/gnus-gmail-oauth.el>

[immibis]

You might try the "app password" solution. This is designed as a
workaround for 2FA, so it requires that your Google account has 2FA.

https://support.google.com/accounts/answer/185833?hl=en

[Spiros Bousbouras]

On Sat, 27 Jan 2024 00:51:31 -0300
Julieta Shem <js...@yaxenu.org> wrote:
> It seems Gmail is decomissioning username-password authentication.
> Clients will have to use "Sign in with Google". What happens to all
> download-email programs? I'm looking for one, in fact. If I want to
> pull my mail via POP or IMAP today, what would I have to use?

I have been looking into the same thing. I don't have a definitive solution
at present but , with my looking so far , the most detailed instructions seem
to come from alpine (more detailed instructions than those the mutt
documentation provides) so I have been inclined to use alpine (on Linux)
exactly for this reason.

https://alpineapp.email/alpine/alpine-info/misc/AuthorizeAlpineGmail.html
https://alpineapp.email/alpine/alpine-info/misc/xoauth2.html

In fact I had been meaning to start a thread on comp.misc asking if people
feel that XOAUTH2 really does improve security. With my casual look so far , I
don't see that it does.

You may also want to ask on some newsgroup specific to the operating system
you want to use to do the job. What people with the same operating system are
using ?

> I'd like to read my mail with Gnus (using djb's Maildir storage). I
> can't stand Gmail any longer. I'm done.

The older "HTML only" gmail interface is ok for my taste but they are going
to decommission this in February (it was supposed to be January 2024 but they
seem to have extended it) and force you to use the bloated interface which I
don't like at all.

> (*) Other questions
>
> This ``Sign In with Google'' means the downloader would always have to
> ask me for passwords? I could never just pull gmail without being asked
> for credentials? (Very annoying.)

I haven't looked in detail at the alpine instructions but I think that ,
once you jump through the hoops to get the required credentials for gmail
access , then you can instruct alpine to store them so you won't have to enter
them every time. I think it is the same with mutt but the mutt documentation
makes it less clear what those initial hoops are.

From <87il3f5...@yaxenu.org> :

> Here's another option I might have. I could just forward my Gmail
> e-mail to another mailbox and then pull my email from this other
> mailbox. But this other mailbox would have to allow me some easy
> authentication and also let me SMTP-send mail from it.
>

> I don't have an SMTP server myself. To do that with, say, Proton Mail,
> I'd have to buy an account because there seems to be no IMAP access to
> it without a paid account.

In the long run , getting a different provider is I think the best solution.
My prediction is that gmail will gradually want you to jump through more and
more hoops (like giving them more and more private information) to access
your account so , the earlier you start planning where you're going to move
next , the easier it will be. In my case , my domain registrar (Gandi) also
provides email storage (with SMTP and IMAP access. I'm not sure if there is
also a web interface) as a bonus for buying the domain so my plan is to set
up that. But I still want to make gmail access through an external client
work as an intermediate step.

--
Given the way some of these characters knock back the booze (and why not),
I'm betting that the secret new PreCure who shows up two thirds of the way
through will be Cure Hangover.
https://www.animenewsnetwork.com/bbs/phpBB2/viewtopic.php?t=3191739

[Spiros Bousbouras]

On 27 Jan 2024 02:23:18 -0400

Mike Spencer <m...@bogus.nodomain.nowhere> wrote:
> Julieta Shem <js...@yaxenu.org> writes:

> > Here's another option I might have. I could just forward my Gmail
> > e-mail to another mailbox and then pull my email from this other
> > mailbox. But this other mailbox would have to allow me some easy
> > authentication and also let me SMTP-send mail from it.

Does gmail allow forwarding at present ? This is one thing they may turn off
in the future or force you to jump through awkward hoops to achieve it ,
in the name of security , you see.

> How do you access the net? Whatever company is providing your IP
> address or handing you one each time you connect should have an SMTP
> server on their system. Such a server shoud recognize your IP address
> as "one of ours" and allow you to connect and send mail.

Is this a universal thing ? Because I don't remember my current ISP
advertising this ; but I wasn't really looking. With such a set up , where
would for example notifications for failed deliveries be delivered ?

--
vlaho.ninja/menu

[Andrzej Adam Filip]

Spiros Bousbouras <spi...@gmail.com> wrote:
> On 27 Jan 2024 02:23:18 -0400
> Mike Spencer <m...@bogus.nodomain.nowhere> wrote:
>> Julieta Shem <js...@yaxenu.org> writes:
>
>> > Here's another option I might have. I could just forward my Gmail
>> > e-mail to another mailbox and then pull my email from this other
>> > mailbox. But this other mailbox would have to allow me some easy
>> > authentication and also let me SMTP-send mail from it.
>
> Does gmail allow forwarding at present ? This is one thing they may turn off
> in the future or force you to jump through awkward hoops to achieve it ,
> in the name of security , you see.

> […]

Gmail allows forwarding but forwarded emails "may" hit after gmail anti
spam filters. It happen quite regularly in my case even with "spam
according to gmail" excluded from forwarding.

--
[Andrew] Andrzej A. Filip

[Julieta Shem]

Doesn't this involve going to Google Console and creating this string
there? I wouldn't be able to. It's not an @gmail.com account. It's an
account owned by an organization. I suppose many would say---don't use
such mail account. I might listen.

I enabled POP3 and IMAP here and tested both. We can still use POP3 and
IMAP with just the password---must enable the less-secure-apps thing.

Gmail will disable this authentication this year, it seems. I remember
seeing something that if you do something until a certain date, you get
to continue to use IMAP with the less-secure-apps thing, but not POP3.
(That was my understanding. It's not clear what it is.)

It seems that the best thing is to actually leave Gmail completely. It
seems easy to just forward your mail. However, I don't really wanna
host my own mail. That seems like annoying work.

I'm gonna try to download my mail from IMAP. I tried the notmuch client
today. Interesting with its GNU EMACS interface. I'm on Windows,
though. I ran notmuch in the WSL. I saw there's a port of notmuch to
Windows. Would have to compile it, though

[Julieta Shem]

Spiros Bousbouras <spi...@gmail.com> writes:

> On 27 Jan 2024 02:23:18 -0400
> Mike Spencer <m...@bogus.nodomain.nowhere> wrote:
>> Julieta Shem <js...@yaxenu.org> writes:
>
>> > Here's another option I might have. I could just forward my Gmail
>> > e-mail to another mailbox and then pull my email from this other
>> > mailbox. But this other mailbox would have to allow me some easy
>> > authentication and also let me SMTP-send mail from it.
>
> Does gmail allow forwarding at present ? This is one thing they may turn off
> in the future or force you to jump through awkward hoops to achieve it ,
> in the name of security , you see.

They still do. Anything could happen.

>> How do you access the net? Whatever company is providing your IP
>> address or handing you one each time you connect should have an SMTP
>> server on their system. Such a server shoud recognize your IP address
>> as "one of ours" and allow you to connect and send mail.
>
> Is this a universal thing ? Because I don't remember my current ISP
> advertising this ; but I wasn't really looking.

It's likely an American thing.

> With such a set up , where would for example notifications for failed
> deliveries be delivered ?

Good question by the way.

[Julieta Shem]

It seems that's not a solution for people who don't own their Google
accounts.

--8<---------------cut here---------------start------------->8---
If you’ve set up 2-Step Verification but can’t find the option to add an
app password, it might be because: Your Google Account has 2-Step
Verification set up only for security keys. You’re logged into a work,
school, or another organization account. Your Google Account has
Advanced Protection.

Source:
https://support.google.com/accounts/answer/185833?hl=en
--8<---------------cut here---------------end--------------->8---

I would agree that if you don't own the account, you should just forward
it to your real e-mail account.

Now, 2-step verifications involve a phone, right? That sucks too.

[Frank Slootweg]

Julieta Shem <js...@yaxenu.org> wrote:
> It seems Gmail is decomissioning username-password authentication.
> Clients will have to use "Sign in with Google". What happens to all
> download-email programs? I'm looking for one, in fact. If I want to
> pull my mail via POP or IMAP today, what would I have to use?

As others have indicated, in your Google Account you can create 'App
passwords' (just enter 'App passwords' in the search box of your
account). You then use the generated 'App password' where you would
normally use your own password.

As said, in order to be able to create 'App passwords', 2-Step
Verification (2SV) needs to be (turned) on in your Google account.

I use Google 'App passwords' in (a rather old version of) Thunderbird.
Works perfectly fine.

> I'd like to read my mail with Gnus (using djb's Maildir storage). I
> can't stand Gmail any longer. I'm done.

Huh!? I suppose you mean "I can't stand the Gmail *web UI* any
longer.", because you *do* want to use Gmail itself, i.e. your
<me_myself_and_i>@gmail.com email address/Inbox.

[...]

[Frank Slootweg]

Julieta Shem <js...@yaxenu.org> wrote:
[...]

> Now, 2-step verifications involve a phone, right? That sucks too.

Nope. A (smart) phone is one of several options. Others are Backup codes,
Authenticator app and security. Also Voice or text (SMS) message, to a
phone which can be a 'dumb' phone and even a 'landline'.

Just put '2-Step Verification' in the search box of your Google
Account and all will be revealed.

[Eric Pozharski]

with <87il3f5...@yaxenu.org> Julieta Shem wrote:
> Julieta Shem <js...@yaxenu.org> writes:

>> It seems Gmail is decomissioning username-password authentication.
>> Clients will have to use "Sign in with Google". What happens to all
>> download-email programs? I'm looking for one, in fact. If I want to
>> pull my mail via POP or IMAP today, what would I have to use?

*SKIP* [ 4 lines 2 levels deep]

>> (*) Other questions
>>
>> This ``Sign In with Google'' means the downloader would always have
>> to ask me for passwords? I could never just pull gmail without being
>> asked for credentials? (Very annoying.)

I doubt that 'sing-in-with-google' is anything else but browser thing.

> Here's another option I might have. I could just forward my Gmail
> e-mail to another mailbox and then pull my email from this other
> mailbox. But this other mailbox would have to allow me some easy
> authentication and also let me SMTP-send mail from it.

I suspect misunderstanding here. Pulling to google is a thing (unless
disabled at source), that's certain. I doubt there's such thing as
forwaring from (google or not). How something would do that? But as
soon as 'sign-in-with-google' would become a thing that pulling out
won't work anymore. What comes to google stays with google, suck it up.

> I don't have an SMTP server myself.

It's more than that. Unless ecosystem of maintained by individuals
SMTP/POP3 emerges get ready to pay. And dearly. And rates will just
astonish you. Otherwise you can have your SMTP/POP3 server all to
yourself in your drawer because you'd be unable to reach anyone. For
nay-sayers, I'm talking from experience.

> To do that with, say, Proton Mail, I'd have to buy an account because
> there seems to be no IMAP access to it without a paid account.

mailbox.de offers SMTP/POP3 on free plan. That being said, I've managed
to create accuont there (on second attempt) but I couldn't login in even
once (rolling balls, that's all) (I believe my attempt is about to
timeout, probably wouldn't try anymore). Considering that gmx.net
doesn't want to let me create account (I'm not from Germany) you might
be in luck with mailbox.de.

I'm paying 1€pm now. Considering other options -- pretty cheap.

> If I were to host my own mail, I suppose I should use it to just get
> mail from Gmail and not use it to send mail out to the world because I
> can't devote my life to SMTP deliveries right now. So I'd need a way
> to SMTP-send mail out through Gmail somehow. (I wonder if that's
> possible still.)

As long as google allows it (BTW, writing is on the wall) you can always
go with browser extensions. Until you can't.

--
Torvalds' goal for Linux is very simple: World Domination
Stallman's goal for GNU is even simpler: Freedom

[Dave Yeo]

Spiros Bousbouras wrote:
>> How do you access the net? Whatever company is providing your IP
>> address or handing you one each time you connect should have an SMTP
>> server on their system. Such a server shoud recognize your IP address
>> as "one of ours" and allow you to connect and send mail.
> Is this a universal thing ? Because I don't remember my current ISP
> advertising this ; but I wasn't really looking. With such a set up , where
> would for example notifications for failed deliveries be delivered ?

My ISP contracted out email to Google, so suddenly all the same problems
as using Gmail.
Dave

[Dave Yeo]

I've always just used POP with Gmail, IMAP occasionally too.
Starting a year or two back, they started requiring Oauth2, which means
a newer email client or falling back to a token for a password.
I used the instructions at
https://support.google.com/accounts/answer/185833 to generate the token,
replaced my password with the token and continued on using pop.gmail.com.
Note that you do need to use SSL/TLS to connect and port 995. Port 587
and STARTTLS for sending using smtp.gmail.com.
I've hardly ever used the web interface, mostly for checking the spam
folder when an expected email didn't show up.
Dave

[Computer Nerd Kev]

In comp.misc Spiros Bousbouras <spi...@gmail.com> wrote:
> On 27 Jan 2024 02:23:18 -0400
> Mike Spencer <m...@bogus.nodomain.nowhere> wrote:
>> How do you access the net? Whatever company is providing your IP
>> address or handing you one each time you connect should have an SMTP
>> server on their system. Such a server shoud recognize your IP address
>> as "one of ours" and allow you to connect and send mail.
>
> Is this a universal thing ? Because I don't remember my current ISP
> advertising this ; but I wasn't really looking.

My ISP, and the one before it, don't currently advertise it (or at
least not obviously), but there are lists of SMTP servers run by
Australian ISPs where you can find them for my country. The same
might be the case where you live.

My previous ISP was a re-seller of another network so actually the
SMTP server was run by the network operator and only listed under
their name/domain. So that made it even less obvious that one was
available, but it worked.

> With such a set up, where would for example notifications for

> failed deliveries be delivered ?

The SMTP server should send them back to your from: address, so
like any other email it will be received by the SMTP server that
accepts mail for your email address. In the OP's case that would
be Google's SMTP server.

[Spiros Bousbouras]

On Sat, 27 Jan 2024 10:44:59 -0800
Dave Yeo <dave....@gmail.com> wrote:
> Julieta Shem wrote:

[...]

> > This ``Sign In with Google'' means the downloader would always have to
> > ask me for passwords? I could never just pull gmail without being asked
> > for credentials? (Very annoying.)
>
> I've always just used POP with Gmail, IMAP occasionally too.
> Starting a year or two back, they started requiring Oauth2, which means
> a newer email client or falling back to a token for a password.
> I used the instructions at
> https://support.google.com/accounts/answer/185833 to generate the token,
> replaced my password with the token and continued on using pop.gmail.com.

Reading the link and https://support.google.com/accounts/answer/185839 ,
I believe you have to give Google a phone number for this to work. Do I
have this right ?

Otherwise , I fail to see how this increases security. If someone has got
your password then they also can follow the process and create a token. Also
, if someone guesses the 16 character token then they get access to your
emails. It could be that the token is more easily guessable than your
password , depending on what processes you use to create passwords.

[Gary R. Schmidt]

On 28/01/2024 01:55, Julieta Shem wrote:
> "Gary R. Schmidt" <grsc...@acm.org> writes:
>
>> On 27/01/2024 14:51, Julieta Shem wrote:
>>> It seems Gmail is decomissioning username-password authentication.
>>> Clients will have to use "Sign in with Google". What happens to all
>>> download-email programs? I'm looking for one, in fact. If I want to
>>> pull my mail via POP or IMAP today, what would I have to use?
>>> I'd like to read my mail with Gnus (using djb's Maildir storage). I
>>> can't stand Gmail any longer. I'm done.
>>> (*) Other questions
>>> This ``Sign In with Google'' means the downloader would always have
>>> to
>>> ask me for passwords? I could never just pull gmail without being asked
>>> for credentials? (Very annoying.)
>>
>> There's a process to get an authorisation string for your gmail
>> accounts - I did it so very, very long ago I no longer recall what I
>> did, but it's still working with getmail - so google should eventually
>> point you to the right place.
>
> Doesn't this involve going to Google Console and creating this string
> there? I wouldn't be able to. It's not an @gmail.com account. It's an
> account owned by an organization. I suppose many would say---don't use
> such mail account. I might listen.
>

Yes, that's what it is - an AppPassword, as someone else pointed out.
Of course, if you don't have control over the account, you're stuffed.

Cheers,
Gary B-)

[Frank Slootweg]

Julieta Shem <js...@yaxenu.org> wrote:
[...]

> Doesn't this involve going to Google Console and creating this string
> there? I wouldn't be able to. It's not an @gmail.com account. It's an
> account owned by an organization. I suppose many would say---don't use
> such mail account. I might listen.

Elsewhere you said that you're currently use the 'Less secure app
access' (or whatever it's called) setting. If you could set that setting
in the Google Account, why can't you set other settings?

Please explain your setup in more detail. And what do you mean with
"It's not an @gmail.com account."? Does that mean that your *login
credentials* use another e-mail address than a @gmail.com address? Or is
the e-mail address used actually send/receive e-mail a no...@gmail.com
address? (I don't think that could work, but maybe it can.)

In any case, explain if you don't have access to the *Google Account*
and if so, why not.

[Frank Slootweg]

Spiros Bousbouras <spi...@gmail.com> wrote:
> On Sat, 27 Jan 2024 10:44:59 -0800
> Dave Yeo <dave....@gmail.com> wrote:
> > Julieta Shem wrote:
>
> [...]
>
> > > This ``Sign In with Google'' means the downloader would always have to
> > > ask me for passwords? I could never just pull gmail without being asked
> > > for credentials? (Very annoying.)
> >
> > I've always just used POP with Gmail, IMAP occasionally too.
> > Starting a year or two back, they started requiring Oauth2, which means
> > a newer email client or falling back to a token for a password.
> > I used the instructions at
> > https://support.google.com/accounts/answer/185833 to generate the token,
> > replaced my password with the token and continued on using pop.gmail.com.
>
> Reading the link and https://support.google.com/accounts/answer/185839 ,
> I believe you have to give Google a phone number for this to work. Do I
> have this right ?

No. That very ('Turn on 2-Step Verification') page explains how to
"Use other verification methods".

> Otherwise , I fail to see how this increases security. If someone has got
> your password then they also can follow the process and create a token. Also
> , if someone guesses the 16 character token then they get access to your
> emails. It could be that the token is more easily guessable than your
> password , depending on what processes you use to create passwords.

One can't "guess" a 16 character token. Theoretically it's crackable,
but it can't be guessed.

[Julieta Shem]

Frank Slootweg <th...@ddress.is.invalid> writes:

> Julieta Shem <js...@yaxenu.org> wrote:
> [...]
>
>> Doesn't this involve going to Google Console and creating this string
>> there? I wouldn't be able to. It's not an @gmail.com account. It's an
>> account owned by an organization. I suppose many would say---don't use
>> such mail account. I might listen.
>
> Elsewhere you said that you're currently use the 'Less secure app
> access' (or whatever it's called) setting. If you could set that setting
> in the Google Account, why can't you set other settings?

It's not clear to me. I do not find this "app password" option in my
Google Console. Yes, I'm using less-secure-app succesfully. People
here said that it would require a 2-factor authentication. So I assume
that's why I don't see an option, because I don't have 2-factor
authentication set.

--8<---------------cut here---------------start------------->8---
The 2-factor auth doesn't require a phone, but requires a physical
device as an alternative. I don't see what the difference is. A phone
is a physical device. Why would I use a second device? Might as well
use the phone.
--8<---------------cut here---------------end--------------->8---

> Please explain your setup in more detail. And what do you mean with
> "It's not an @gmail.com account."?

It's a private e-mail domain owned by an organization, which currently
is a client of Google Workspace, so I do have a Google Account, but the
domain is not @gmail.com.

> Does that mean that your *login credentials* use another e-mail
> address than a @gmail.com address?

Yes.

> Or is the e-mail address used actually send/receive e-mail a
> no...@gmail.com address?

I didn't get the question.

> (I don't think that could work, but maybe it can.)
>
> In any case, explain if you don't have access to the *Google Account*
> and if so, why not.

I do have access to the Google Account.

[Frank Slootweg]

Julieta Shem <js...@yaxenu.org> wrote:
> Frank Slootweg <th...@ddress.is.invalid> writes:
>
> > Julieta Shem <js...@yaxenu.org> wrote:
> > [...]
> >
> >> Doesn't this involve going to Google Console and creating this string
> >> there? I wouldn't be able to. It's not an @gmail.com account. It's an
> >> account owned by an organization. I suppose many would say---don't use
> >> such mail account. I might listen.
> >
> > Elsewhere you said that you're currently use the 'Less secure app
> > access' (or whatever it's called) setting. If you could set that setting
> > in the Google Account, why can't you set other settings?
>
> It's not clear to me. I do not find this "app password" option in my
> Google Console. Yes, I'm using less-secure-app succesfully. People
> here said that it would require a 2-factor authentication. So I assume
> that's why I don't see an option, because I don't have 2-factor
> authentication set.

'Google Console' is an unknown term for me. Probably it's something
related to your Google Workspace environment.

For a normal Google Account, this URL should get you there directly:

<https://myaccount.google.com/apppasswords>

And, as I said earlier, in a normal Google Account, you can just enter
"App passwords" in the search box on the account Home page.

> --8<---------------cut here---------------start------------->8---
> The 2-factor auth doesn't require a phone, but requires a physical
> device as an alternative. I don't see what the difference is. A phone
> is a physical device. Why would I use a second device? Might as well
> use the phone.
> --8<---------------cut here---------------end--------------->8---

As said before, for a normal Google Account, there are several other
options than a physical device. See 'Use other verification methods' on:

<https://support.google.com/accounts/answer/185839>

> > Please explain your setup in more detail. And what do you mean with
> > "It's not an @gmail.com account."?
>
> It's a private e-mail domain owned by an organization, which currently
> is a client of Google Workspace, so I do have a Google Account, but the
> domain is not @gmail.com.
>
> > Does that mean that your *login credentials* use another e-mail
> > address than a @gmail.com address?
>
> Yes.
>
> > Or is the e-mail address used actually send/receive e-mail a
> > no...@gmail.com address?
>
> I didn't get the question.

Sorry, I dropped "to" between "used" and "actually". But you already
answered the question (the answer is yes).

> > (I don't think that could work, but maybe it can.)
> >
> > In any case, explain if you don't have access to the *Google Account*
> > and if so, why not.
>
> I do have access to the Google Account.

Hope this helps a bit.

[Julieta Shem]

Before anything else, I'd like thank everyone who provided very valuable
help on this thread. Thank you all!

Frank Slootweg <th...@ddress.is.invalid> writes:

> Julieta Shem <js...@yaxenu.org> wrote:
>> Frank Slootweg <th...@ddress.is.invalid> writes:
>>
>> > Julieta Shem <js...@yaxenu.org> wrote:
>> > [...]
>> >
>> >> Doesn't this involve going to Google Console and creating this string
>> >> there? I wouldn't be able to. It's not an @gmail.com account. It's an
>> >> account owned by an organization. I suppose many would say---don't use
>> >> such mail account. I might listen.
>> >
>> > Elsewhere you said that you're currently use the 'Less secure app
>> > access' (or whatever it's called) setting. If you could set that setting
>> > in the Google Account, why can't you set other settings?
>>
>> It's not clear to me. I do not find this "app password" option in my
>> Google Console. Yes, I'm using less-secure-app succesfully. People
>> here said that it would require a 2-factor authentication. So I assume
>> that's why I don't see an option, because I don't have 2-factor
>> authentication set.
>
> 'Google Console' is an unknown term for me. Probably it's something
> related to your Google Workspace environment.

Sorry. I'm a terrible Google user. I should've said Google Account.

https://myaccount.google.com/

> For a normal Google Account, this URL should get you there directly:
>
> <https://myaccount.google.com/apppasswords>
>
> And, as I said earlier, in a normal Google Account, you can just enter
> "App passwords" in the search box on the account Home page.

I get

The setting you are looking for is not available for your account.

I also see a broken robot. That explains why I can't find it. It's not
available to me.

> Hope this helps a bit.

It helped immensely. Now I understand how much I don't know. Thanks
very much.

[Retrograde]

On Sat, 27 Jan 2024 00:51:31 -0300

Julieta Shem <js...@yaxenu.org> wrote:

> It seems Gmail is decomissioning username-password authentication.
> Clients will have to use "Sign in with Google". What happens to all
> download-email programs? I'm looking for one, in fact. If I want to
> pull my mail via POP or IMAP today, what would I have to use?
>
> I'd like to read my mail with Gnus (using djb's Maildir storage). I
> can't stand Gmail any longer. I'm done.

They're moving to OAuth, and several solutions already exist. They seem
to be small python programs that deal with the OAuth negotiation when
the time comes. Once you've authenticated, your mail client works as
expected. Haven't experimented with them myself but Mutt is my MUA so
I'm paying casual attention and will need to figure it out sooner than
later. I don't see the advantage of this new configuration mechanism,
personally.

[Gary R. Schmidt]

On 30/01/2024 01:57, Julieta Shem wrote:
> Before anything else, I'd like thank everyone who provided very valuable
> help on this thread. Thank you all!
>
> Frank Slootweg <th...@ddress.is.invalid> writes:
>

[SNIP]

>> For a normal Google Account, this URL should get you there directly:
>>
>> <https://myaccount.google.com/apppasswords>
>>
>> And, as I said earlier, in a normal Google Account, you can just enter
>> "App passwords" in the search box on the account Home page.
>
> I get
>
> The setting you are looking for is not available for your account.
>
> I also see a broken robot. That explains why I can't find it. It's not
> available to me.

It's not available because 2FA is not activated.

Everything is predicated on turning 2FA on, and if you don't do that
soon you will lose all access to the account.

Cheers,
Gary B-)

[Scott Alfter]

In article <87o7d75...@yaxenu.org>, Julieta Shem <js...@yaxenu.org> wrote:
>It seems Gmail is decomissioning username-password authentication.
>Clients will have to use "Sign in with Google". What happens to all
>download-email programs? I'm looking for one, in fact. If I want to
>pull my mail via POP or IMAP today, what would I have to use?

Use an app password:

https://support.google.com/accounts/answer/185833?hl=en

You'll need to enable 2FA ("2-Step Verification") on your Google account
first for this to work, which isn't a bad thing to have anyway...and there
are alternatives to Google Authenticator that you should probably use
anyway. (I use FreeOTP+ on my phone and I have all my 2FA setups in a
KeePass database as well.)

--
_/_
/ v \ Scott Alfter (remove the obvious to send mail)
(IIGS( https://alfter.us/ Top-posting!
\_^_/ >What's the most annoying thing on Usenet?

[Marc Olschok]

I had this option activated quite some time ago (I use mailx), and I can
also use the generated password on new machines, but I faintly remember
that google might have removed this option altogether.

--
M.O.

[Frank Slootweg]

As I mentioned before, I use (Google) 'App passwords' with (a rather
old version of) Thunderbird.

I have seen no indication anywhere that 'App passwords' are going
away. Of course Google would *prefer* us to use OAuth2, but that does
not mean that 'App passwords' are going away.

As mentioned, there are loads of 'old' e-mail clients, which do not
have OAuth2 functionality and hence it would be rather stupid for Google
to break all those clients. (Yes, one could put a OAuth2-'proxy' between
the 'old' client and the Gmail servers, but we don't want/need more
hacks, do we!?)

[Eric Gillespie]

Spiros Bousbouras <spi...@gmail.com> writes:

> next , the easier it will be. In my case , my domain registrar (Gandi) also
> provides email storage (with SMTP and IMAP access. I'm not sure if there is
> also a web interface) as a bonus for buying the domain so my plan is to set
> up that. But I still want to make gmail access through an external client
> work as an intermediate step.

Gandi was acquired last year and almost immediately announced
they'd start charging for email. That started back in November.
I'd been considering switching to Fastmail anyway, and at that
point I went ahead and switched.

Gandi search is crazy slow; Fastmail search is crazy fast.
Fastmail also has a gmail-style web UI if you like that sort
of thing.

It also has super easy import from Gmail and other providers.

Also calendar.

I'm a satisfied customer.

Good luck!

--
Eric Gillespie <*> e...@pretzelnet.org

[Spiros Bousbouras]

On Thu, 01 Feb 2024 19:00:07 -0600
Eric Gillespie <e...@pretzelnet.org> wrote:
> Spiros Bousbouras <spi...@gmail.com> writes:
>
> > next , the easier it will be. In my case , my domain registrar (Gandi) also
> > provides email storage (with SMTP and IMAP access. I'm not sure if there is
> > also a web interface) as a bonus for buying the domain so my plan is to set
> > up that. But I still want to make gmail access through an external client
> > work as an intermediate step.
>
> Gandi was acquired last year and almost immediately announced
> they'd start charging for email. That started back in November.
> I'd been considering switching to Fastmail anyway, and at that
> point I went ahead and switched.
>
> Gandi search is crazy slow; Fastmail search is crazy fast.

Search for what ? If you mean searching in my emails , I have no use for
that. All I want is an email server for sending and receiving. Good spam
filtering would be a plus. Emails I want to keep I save on my own computer
and if I want search , grep works fine.