Hi Andrew,
We seem to be talking about entirely different things. Everyone was talking
about having Gmail fetch messages from your server, you seem to be talking about
the opposite?
The ASP I was talking about would be something to be managed entirely on your
side, because Gmail would be fetching from your server in this scenario. I can't
tell you what that would look like, as I don't manage your servers :). The most
common setup for smaller servers is of course a single account password, and no
ASP support.
> I would not be happy letting GMail collect mail from me using a method
> that I cannot use to collect from them.
You can implement a pop3 fetcher if you want. Gmail has ASPs implemented, and
you can use them with pop3:
https://support.google.com/accounts/answer/185833
Or you could implement an IMAP fetcher with OAuth for better UX than the user
having to create an ASP, but it's not strictly necessary.
I fully support Googles on enforcing ASPs or OAuth, I just wish they made this
option much more visible. But of course making it more visible doesn't suit
their interests. So I suppose I half support their enforcement.
L. Mark Stone not allowing forwarding is a choice, it's not one I would make,
but it's a perfectly fine choice that I assume they made based on the context
they operate their servers in.
Hope that clears up everything from my end!
Groetjes,
Louis
Op dinsdag 7 januari 2025 om 14:56, schreef Andrew C Aitchison via mailop
<mailop@mailop.org>
> Now that I am in front of a keyboard I'll be a bit more expansive.
>
> On Mon, 6 Jan 2025, Louis via mailop wrote (with some re-threading):
>
> > Op maandag 6 januari 2025 om 23:32, schreef Andrew C Aitchison via mailop
> <mailop@mailop.org [mailop@mailop.org]>:
> >
> >> On Mon, 6 Jan 2025, L. Mark Stone via mailop wrote:
> >>> If one of our customers wants a copy of the emails on our system
> >>> sent to their Gmail account, we advise them to set up their Gmail
> >>> account to fetch such emails from our system instead.
> ... ...
> >> Do you have a 'device' specific secret (OpenAuth, CLientID etc.) for
> >> GMail to use ? How do you get GMail to use it ?
> >> Do GMail have documentation on how the rest of us can do this ?
> >
> > You just go to the settings and you can add POP3 credentials. Google
> > will poll for new messages every so often and transfer them. Unable
> > to find docs, but it's not a hard feature to use.
>
> Ah. I meant documentation on getting GMail to use a 'device' specific secret
>
> >> If not, how comfortable are you giving GMail your users' passwords
> >> (sorry, asking your users to share their password with GMail) ?
> > Realistically, it's the same risk as giving the user's password to any email
> > client, right? Unless you implement a strict ASP policy for imap/pop/smtp,
> > the user is going to be giving out their passwords to email clients anyway.
>
> The effect *may* be the same but, as Yuv pointed out elsewhere in this thread,
> the detailed risks are very different.
>
> I'm not sure which ASP you mean.
>
> However, the real point is that if Mark's service wants to collect
> mail from a user's GMail account, an imap/pop/smtp password is not
> really sufficient. If he is lucky the user will get a popup from GMail
> asking if they will let Mark access their mailbox, but more likely he will
> need to give GMAIL some sort of secondary token; either OAuth or an app
> password.
>
> I was hoping that Mark had implemented something similar and *** found a way
> to make GMail use it to collect mail from his service. ***
>
> I would not be happy letting GMail collect mail from me using a method
> that I cannot use to collect from them.
>
> --
> Andrew C. Aitchison Kendal, UK
> and...@aitchison.me.uk [and...@aitchison.me.uk]
> _______________________________________________
> mailop mailing list
> mailop@mailop.org [mailop@mailop.org]
> https://list.mailop.org/listinfo/mailop
> [https://list.mailop.org/listinfo/mailop]
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
