As part of our commitment to user safety, Google Workspace will no longer support the sign-in method for third-party apps or devices that require users to share their Google username and password. This antiquated sign-in method, known as Less Secure Apps (LSAs), puts users at an additional risk since it requires sharing Google Account credentials with third-party apps and devices that can make it easier for bad actors to gain unauthorized access to your account.
Instead, you’ll need to use the option to Sign-In with Google, which is a safer and more secure way to sync your email to other apps. Sign-in with Google leverages industry standard and more secure OAuth method of authentication already used by the vast majority of third-party apps and devices.
↫ Google Workspace Updates
What this means is that “all third-party apps that require password-only access to Gmail, Google Calendar, Contacts via protocols such as CalDAV, CardDAV, IMAP, SMTP, and POP” will no longer work. Crucial to note, however, is that App Passwords will continue to work, which is good news, because without App Passwords, older IMAP email clients without OAuth support, such as the ones often used on legacy or minor operating systems, would cease to work with Gmail.
Moved out of gmail years ago. I cannot stand their corporate culture anymore
Same, around the time they dropped gtalk xmpp compatibility. The only reason to have a gmail account.
I cannot stand their corporate culture since a long time ago. Which mail service are you using? Thanks
I have my own domain hosted on a web hosting provider (which I work for), which uses exim for SMTP and dovecto for POP3/IMAP.
I don’t want to end up in another gmail-like trap in the future.
richarson,
I have the exact same setup! DIY isn’t for everyone. It mostly set and forget for most of the time. The migraines happen when somebody experiences email delivery issues due to external issues, usually caused by some form of spam blocking. I hate spam as much as anyone else and take steps to block it myself, but sometimes innocent users get caught in the battle against spammers and it can be tough to thread the needle when you’re responsible for email.
So it doesn’t surprise me that many prefer to leave things to google, but I have issues with monoculture; it’s dangerous to have all our eggs in their basket. But most people don’t care about this and this apathy has enabled google to exercise monopoly control. Whatever google decides goes. Some of my clients also have both hosting and corporate google accounts, and sometimes google would block their own external emails to themselves. Naturally, I’d get a support call to fix it, except the problem was on google’s end. The delivery logs showed google accepting the message before going into the void. I confirmed there was no spam activity on the IP and it would come up clear on mxtoolbox’s list of blacklists. DKIM/SPF/DMARK all passed. No other delivery problems anywhere else, and good luck getting any support from google. I found out that gmail would accept emails from the same IP with other domains, but this wasn’t useful since the customer obviously needed to use their domain. Since google has email monopolized and many of the company’s own employees were using gmail, we were forced to switchover all email delivery to go through google. Forums showed other people were experiencing the same delivery problem with no fix, but many were not (including others I was responsible for) running the exact same configuration.
Obviously the first thing that comes to mind is spam, but it wasn’t the case here, google was simply at fault. The irony of it all is that a lot of spam emails actually originate from google”s servers, which can’t be blocked by DNSBL because that would block the vast majority of legitimate emails. Ugh it’s a damn hypocrisy with them.
Managed hosting my private domain for general purpose. Paid Proton mail for everything related to money (bank, cc, investment)
Ditto, I still receive some odd emails at my old gmail account so Isetup a redirect, but I just grew tired of my email not working with standard clients every other month.
So, my reasons were cultural and technical.
To be fair, they are at least not discontinuing IMAP/POP3/SMTP support. And even command line clients like Mutt support Oath2 on Gmail:
https://www.redhat.com/sysadmin/mutt-email-oauth2
But of course we cannot know whether this is a “slippery slope”, or it will stay like this.
And… on another note, the main issue with Gmails servers is that they basically block all personal self hosted domains: https://www.reddit.com/r/selfhosted/comments/107iodp/comment/j3msg97/?utm_source=reddit&utm_medium=web2x&context=3
Oauth means not supporting IMAP, POP3 or SMTP because the Google interpretation of OAuth2 is not compatible with those protocols in any shape or form.
It stoped working two years ago. We have clear RFC’s written by google about anything that isn’t a login by a somebody opting to be tracked using Chrome as their browser and logging using the spyware is not trustworthy.
Just stop using Google services. They don’t want customers anymore.
And somehow they still allow third party website to have google logins. On another HTTPS domain that is obviously not google. Just enter your google account here. This is the intended way it is supposed to work. Giving up google credentials on random website, but a trusted local application isn’t trusted?? (because it competes with being tracked by Chrome).
Google may finally push me out of Gmail. As a pre-public pre-invitation alpha tester… it saddens me. But I roll my passwords regularly. I don’t want, need, nor care for someone else to hold my hand. Not the government and not Google.
I fetch, then combine to epub, my mail daily. On an old sparc system. This will kill that process. And I’m not changing.