On 2024-07-16 07:34, Jeff Pang via mailop wrote:
It seems so many opensource email software existing. Here in the list I
got:
<snip>
does any of the IMAP servers provide fine-grained access control in
conjunction with oauth?
use case: I understand the benefit of iPhone (and Android) email client
storing the access credentials on Apple's (or Google) server so that the
server polls IMAP and only wakes up the phone if there is actual mail to
be fetched. However, this grants the server more access than it needs
to fulfill said function. My concern is that server, hosting access
credentials for such a multitude of user accounts, is a juicy target for
bad actors who would gain unauthorized access and use the harvested
credentials.
Feature request: finer grained access control that would only answer
client request with a yes/no answer that would trigger the server to
wake up or not the phone. The phone would then access with full
credentials and do what an email client does.
I see two potential ways of doing this: (a) filtering at the IMAP
server level, based on client's characteristics; or (b) assignment of
different access credentials to the (Apple) server and to the actual
end-user mail client. (b) most likely requires changes at the client
level and I am not sure how inclined Apple would be to add the feature
to Apple Mail; but (a) should not be too difficult to implement given
that the (Apple/Google) servers are easy to identify?
Thanks
Yuv
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
