How IMAP works under the hood

(blog.lohr.dev)

230 points michidk | 1 comments | 29 Mar 25 09:05 UTC | HN request time: 0.277s | source

Show context

superkuh ◴[31 Mar 25 13:36 UTC] No.43534900[source]▶

Of course these days the mega-corp walled garden email providers don't really follow standards like IMAP. IMAP will not work with, say, Google's gmail or Microsoft office365, or AT&T ISP email, etc, etc. They have each implemented their own proprietery out-of-band authentication system that only works over HTTPS using the OAuth2.0 toolkit to build it. Any email client that does not explicitly design for each particular OAuth2.0 implementation (each megacorp's is slightly different) will not be able to connect over IMAP (unless they login via HTTPS using a web browser and set up "app passwords" for google, or similar for others).

replies(4): >>43535154 #>>43535551 #>>43536258 #>>43544796 #

slightwinder ◴[31 Mar 25 15:36 UTC] No.43536258[source]▶

>>43534900 #

> IMAP will not work with, say, Google's gmail or Microsoft office365

Except they do, to some degree. It works well enough that my Thunderbird allows me fetching or moving of mails. Not sure about advanced features like search or server-side filtering, never tried them, but this seems to be a bit more wacky with other clients & servicers too.

> They have each implemented their own proprietery out-of-band authentication system that only works over HTTPS using the OAuth2.0 toolkit to build it.

True. Gmail at least had a long while application-passwords. I think they changed this only recently? Or are they still a thing?

replies(2): >>43539730 #>>43547057 #

1. XorNot ◴[31 Mar 25 20:42 UTC] No.43539730[source]▶

>>43536258 #

OAuth works fine for major providers in Thunderbird...unless you're using hard tokens with pin number requirements right now (the entry form doesn't display).

↑