I use Outlook as my main email client, and have lots of email accounts set up within it - mainly those linked to my (PlusNet) internet account, but also including one Gmail account. I have always - until now - been able to send emails from my Gmail account. But I've just tried to send one today, only to have it blocked by some nefarious guff about clients like Outlook[1] not being secure!
WTF? Is that yet another step along the road towards Google's world dominance, or does it have any merit?
They do seem to be offering the option to "allow less secure apps" - but that comes with dire warnings!
Anyone one else encountered this - and what did you do?
[1] Other "insecure" apps include Thunderbird and mail apps on Apple devices and Windows phones - but not any Google apps of course!
Cannot say I've noticed anything as yet. Its probably more hand holding of people who never bother to check things they are clicking on etc. I noticed the other day that 1 in three emails I sent from Virgin to yahoo accounts was undelivered quoting the virgin server as being in a spamhouse list.
The problem isits fine if these boys running mega email systems want to get real picky about what they allow, but its not actually teaching the masses to be careful is it? The most insecure of email systems has to be online web mail of which Yahoo and Google run a fair few, and only yesterday yet another friend has had their entire address book copied and stupid messages sent to them all pretending to be from the person with the original account. Until people actually take charge of their accounts and make sure they are not hacked, there is little hope other than to make email so awkward and unreliable as to make it pointless.
On 05 Apr 2015, Roger Mills wrote in alt.windows7.general:
The "dire warning" is just FUD intended to keep you within the confines of Google. Go ahead and approve the "less secure" app. I did long ago so I could use various other IMAP and POP mail clients and it has never been a problem.
It might be a statement about SSL/TLS transport when connecting to Google. Consider whether the path to Google is protected by encryption.
Years ago, all your email was traveling as plaintext, and could be read as it flies by, at the ISP. Or read by the NSA. Tightening up the transport might be part of this story.
I'm not enough of a mail/tools expert, to know from your description, what protections were in existence at the time you sent the mail. Knowing the port numbers used would help.
I think part of the setup of things like that, relies on certificates. And at least one recent issue came up, when a certain laptop manufacturer, installed MITM software which generated bogus local certificates. Maybe this is some fallout from that incident. Lenovo has since issued removal software, due to the bad PR.
formatting link
You have to read an awful lot of incident reports, to have any inkling where some of these "security" warnings are coming from. One of my browsers is almost useless now, due to the tightening of SSL/TLS and generating new sessions to prevent certain kinds of padding attacks. There's all sorts of stuff going on, that can be traced to the exploits you read about.
*******
AS for the topic of email, to me webmail services are for the birds. I use a POP3 account, I have some idea what transport and what port number it uses. I have some idea what my exposures are. The people I've tried to help with webmail, everything done in webmail seems to be served with a large dose of bullshit. Just a gut reaction of mine. I'm as suspicious as you are.
On 05 Apr 2015, Paul wrote in alt.windows7.general:
I think Google mail requires SSL/TLS. They won't let you do POP3 or IMAP without it.
The error message in question is a real one from Google. I got it myself when I first used my own email client to grab Google via POP3 and IMAP. At first I couldn't connect. When I went to the Gmail web interface I found that message about "insecure apps". I had to approve it before I could connect. They want to keep you using the web interface or their approved Google mobile apps. Fortunately, they allow you to use other things, you just have to jump through a couple of hoops.
Outlook has SSL. The issue AIUI is that Google require either OAuth 2.0 or 2-stage authentication or user's agreement to use "less secure apps". Does Thunderbird now have OAuth 2.0?
1) Download Thunderbird source tarball.
2) Extract just the TAR file, not the 125,000 files inside.
3) Use a hex editor.
Oauth2 is present.
formatting link
If you attempt to unpack source and use Windows search of the contents, around 67,000 files have the wrong line endings and a text search will ignore the file contents. Hex editing a TAR file, is a lot faster for a basic "is it even mentioned" check. It would probably take half the day, to identify the actual correct source file.
Most - probably all - of my non-Gmail POP accounts are set up to use the default ports (110 in and 25 out)
Gmail is set up to use an incoming port of 995, and "This server requires encrypted connection (SSL)" is ticked. The outgoing port is 587 and, below the port number in Advanced Settings, it says "Use the following type of encrypted connection:" - with the options being None, SSL, TLS and Auto. For the last n years, this has been set to TLS and has worked until now. All the settings were as per the instructions on Google's site at the time I set it up. Now they don't work, and changing from TLS to any of the other options makes no difference.
If I click "Test Account Settings" in Outlook (causing it to try to send and receive test messages) it displays an error which says: "Log onto incoming mail server (POP3): Your e-mail server rejected your login. Verify your user name and password in your account properties. Under Tools, click E-mail accounts. The server responded: -ERR [AUTH] Web login required:
formatting link
"
I can almost certainly make it work by going down the "Use a less secure connection" route - but does anyone know of any alternative port combinations etc. which are likely to work without having to do that?
What little I read last summer when I met this problem made clear it was nothing to do with ports, SSL etc. and that there was no way around the issue in Outlook other than the lower security settings. So that's what I did. As we've used Outlook since 1997 we're reluctant to switch to TB now even if it is free and community-based and all the other nice things that MS Office ain't :)
AIUI there was also resistance within the Thunderbird community to implementing OAuth 2.0 as that meant bowing down to Google's unilateral decision. But from what Paul reported in response to me earlier they have now provided for 2 factor authentication (I assume quite recently).
| > What happens if you use SSL on port 465? | > | | Slightly different error message (compared with using port 995) - but | still no go!
465 and 995 are for outgoing and incoming respectively. If you use both, with SSL, I don't know of any more secure option, other than maybe using secure password authentication.
The page you linked doesn't provide any real information, so it's hard to know what they're talking about. (Port 25 has been phased out for a long time. It's associated with "open relay" problems -- SMTP without password verification.)
If the above settings don't work then it's likely just a google scam, as someone else mentioned.
Then of course there's the obvious question: You probably have ISP email. You could have your own domain email. There are other, less sleazy options like hushmail. So one wonders why you're using gmail in the first place. :)
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.