(blog.lohr.dev)

230 points michidk | 1 comments | 29 Mar 25 09:05 UTC | HN request time: 0.243s | source

Show context

superkuh ◴[31 Mar 25 13:36 UTC] No.43534900[source]▶

Of course these days the mega-corp walled garden email providers don't really follow standards like IMAP. IMAP will not work with, say, Google's gmail or Microsoft office365, or AT&T ISP email, etc, etc. They have each implemented their own proprietery out-of-band authentication system that only works over HTTPS using the OAuth2.0 toolkit to build it. Any email client that does not explicitly design for each particular OAuth2.0 implementation (each megacorp's is slightly different) will not be able to connect over IMAP (unless they login via HTTPS using a web browser and set up "app passwords" for google, or similar for others).

replies(4): >>43535154 #>>43535551 #>>43536258 #>>43544796 #

1. Avamander ◴[01 Apr 25 09:46 UTC] No.43544796[source]▶

>>43534900 #

> Of course these days the mega-corp walled garden email providers don't really follow standards like IMAP.

Not really true. It's usually the client implementations that violate the standard in some way or another, like Outlook. But there are way more bespoke rare clients that have poor implementations.

> They have each implemented their own proprietery out-of-band authentication system that only works over HTTPS using the OAuth2.0 toolkit to build it.

Well, no. They have implemented OAuth and that's not proprietary. They do it because plain login has massive downsides.

↑

How IMAP works under the hood