Search code examples
linuxgmailubuntu-14.04

Why do all of my Linux based email clients fail to authenticate using imap gmail?

I have tried to set up every email client available for linux, ubuntu 14.04 and each and every one fails. I'm looking to find what the common element is that causes authentication to fail in each and every instance. Is it because google has changed their authentication algorithm and nobody has kept up with the changes?

Solution

  • It seems that Google, sometime late in 2014 started blocking apps that are using IMAP/SMTP PLAIN authentication by default. It also seems no Linux email client has addressed this change (at least that as far as I have found).

    It had only affected me recently. The change only propagated to me now, in February of 2016. I found this out by attempting to install one email client after the other; kmail, evolution, claws, sylpheed, thunderbird. Finally, after reading Gmail blocking mutt I found out that my mail account had been tampered with by Google to reject anything other than OAuth. One way to fix this is to

    Allow less secure apps: ON

    in the "My Account" settings.

    I received a very nice email from Microsoft Google expressing their dismay that I would choose anything other than their email client to access my gmail account:

    Hi ... , You recently changed your security settings so that your Google Account [email protected] is no longer protected by modern security standards.

    Please be aware that it is now easier for an attacker to break into your account. You can make your account safer again by undoing this change here, then switching to apps made by Google such as Gmail to access your account.

    Don't recognize this activity? Review your recently used devices now. Best, The Google Accounts team [emphasis mine]

    Apparently the only "modern security standards" are Google's security standards. And for why the above is FUD see:

    What are the dangers of allowing “less secure apps” to access my Google account?

    Also, lmao, apparently "business users" of gmail do not need this security "improvement." I assume this is so because Google does not want to really make a needed security change (otherwise why leave business users out of this), but rather to strong-arm Mom and Pop into using their email software.

    Bad Google.