←back to thread

How IMAP works under the hood

(blog.lohr.dev)
236 points michidk | 1 comments | 3/29/2025, 9:05:00 AM | HN request time: 0.199s | source
Show context
superkuh ◴[3/31/2025, 1:36:00 PM] No.43534900[source]

Of course these days the mega-corp walled garden email providers don't really follow standards like IMAP. IMAP will not work with, say, Google's gmail or Microsoft office365, or AT&T ISP email, etc, etc. They have each implemented their own proprietery out-of-band authentication system that only works over HTTPS using the OAuth2.0 toolkit to build it. Any email client that does not explicitly design for each particular OAuth2.0 implementation (each megacorp's is slightly different) will not be able to connect over IMAP (unless they login via HTTPS using a web browser and set up "app passwords" for google, or similar for others).

replies(4): >>43535154 #>>43535551 #>>43536258 #>>43544796 #
slightwinder ◴[3/31/2025, 3:36:00 PM] No.43536258[source]

> IMAP will not work with, say, Google's gmail or Microsoft office365

Except they do, to some degree. It works well enough that my Thunderbird allows me fetching or moving of mails. Not sure about advanced features like search or server-side filtering, never tried them, but this seems to be a bit more wacky with other clients & servicers too.

> They have each implemented their own proprietery out-of-band authentication system that only works over HTTPS using the OAuth2.0 toolkit to build it.

True. Gmail at least had a long while application-passwords. I think they changed this only recently? Or are they still a thing?

replies(2): >>43539730 #>>43547057 #
1. superkuh ◴[4/1/2025, 2:17:00 PM] No.43547057[source]

Look in the thunderbird source. The devs had to make a many hundreds of lines config for each mega-corp. So, yeah, the mega-corps are covered by major workarounds in major email clients. But for normal email clients it's very hit and miss.

And while OAuth2 is open it is a toolkit for making protocols, not a protocol. And each megacorps implementation is different and handled differently.