On 25 Jun 2021, at 2:35, Harvey Leff wrote:
It seems that a prime alleged reason for their change is that IMAP
does not support 2-Factor authentication. Do any of you experts have
knowledge whether that claim is true and really limits security?
I haven't read through all the details of this t
On 2021-07-08 at 11:53:26 UTC-0400 (Thu, 8 Jul 2021 11:53:26 -0400)
Dan Pritts
is rumored to have said:
This is veering WAY off topic, but I’m curious that for only 2k
users you find it effective to run your own email.
That mail system is not a standalone service. It's a legacy service that
This is veering WAY off topic, but I’m curious that for only 2k users you find
it effective to run your own email. Having done it myself for years I can’t
imagine diving back in unless it was a full time thing.
> On Jun 29, 2021, at 12:37 PM, Bill Cole
> wrote:
>
> I help manage email syst
If it helps you I work for Fortune 500 company which uses gmail with 2
factor authentication and we are using IMAP with gmail just fine.
from time to time mail mate pops up asking me to reauthenticate.
I don't see how 2FA changes the security implications here.
what they could argue is that it
I wanted to quickly thank the users who offered patient and helpful responses
to my challenge.
The use of email accounts as the foundation of “internet identity” seems to be
the most significant issue, and I certainly understand the kind of disasters
that can result from a compromised an email
On 29 Jun 2021, at 18:37, Bill Cole wrote:
> This veers far off-topic, but it is somewhat relevant to anyone using email,
> which includes all MailMate users, so please forgive the verbose ranting...
Nothing to forgive: very informative but also easy to read.
Charlie
--
Charlie Clark
Waldlehne
> On 29. Jun 2021, at 16:13, Glenn Parker wrote:
>
>
> I would be interested in a deeper discussion of the actual security threats
> that all this awkward 2FA/OAuth2/whatever are meant to address. I mean, I
> certainly understand the basic need for authentication (and encrypted
> transmiss
This veers far off-topic, but it is somewhat relevant to anyone using
email, which includes all MailMate users, so please forgive the verbose
ranting...
On 2021-06-29 at 10:13:10 UTC-0400 (Tue, 29 Jun 2021 10:13:10 -0400)
Glenn Parker
is rumored to have said:
I would be interested in a deepe
On 29 Jun 2021, at 9:13, Glenn Parker wrote:
> To restate my question: what are the downsides to a compromised email
> account, and do they justify this level of access control?
I think in the University scenario (and probably many corporate scenarios), the
risk that is being addressed is that
In my opinion as someone whose primary research area, for
more than 30 years, has been security, your email credentials
are the most valuable you have. I would add that this opinion
is shared by most security professionals. Why? Because
your email account is used to reset access to almost every
ot
I would be interested in a deeper discussion of the actual security
threats that all this awkward 2FA/OAuth2/whatever are meant to address.
I mean, I certainly understand the basic need for authentication (and
encrypted transmission) to limit access to private information, but it
seems like som
Agree with everything Bill said here…especially “…unwisely run
organizations drinking vendor Kool-Aid…”
The better solution is using OAuth2 which I believe is supported in many
IMAP servers such as Dovecot.
With that in mind, seems like the big boys are creating a somewhat false
sense of urg
My university implemented mandatory Duo authentication about a month ago. To my
extreme surprise MailMate handled it transparently. I had zero problems and did
nothing explicit. I still don’t understand why. By comparison, my iPad needed
to have the whole email account deleted and reinstalled.
On 25 Jun 2021, at 2:35, Harvey Leff wrote:
The university's reply is below if you are interested and willing to
read the claims. What I **DO** know is that the university replaced
its standard IMAP/SMTP server with Microsoft's proprietary ActiveSync.
Maybe Bill more authoritatively on this c
Yeah imap and 2FA is a problem. I looked into it some time ago because I wanted
to implement it for my employer because we have a medium-sized commercial
email-platform. Adding 2FA to a web-application is no problem these days. But
with imap the only chance I see are only workarounds for the set
On 2021-06-24 at 20:35:55 UTC-0400 (Thu, 24 Jun 2021 17:35:55 -0700)
Harvey Leff
is rumored to have said:
I had written earlier that my email provider (the university from
which I retired) stopped using IMAP, which would rule out use of
MailMate. They also stopped having a "Forward all mail" o
Duo has (at least) two modes of operation. One is a standard
time-based one-time password: the site supplies you with a key
(often via a QR code), and your phone calculus F(key, time).
The other is a bit more complex: when you try to log in, the
site sends a push message to your phone; you unlock
I had written earlier that my email provider (the university from which
I retired) stopped using IMAP, which would rule out use of MailMate.
They also stopped having a "Forward all mail" option so I cannot move my
mail to an IMAP-enabled site. I've complained, and the response is
below. I switc
18 matches
Mail list logo
