[conspire] fetchmail, oauth2 and disposable free email services

Ivan Sergio Borgonovo mail at webthatworks.it
Mon Jun 20 00:40:47 PDT 2022


On 6/20/22 04:47, Rick Moen wrote:
> Quoting Ivan Sergio Borgonovo (mail at webthatworks.it):
> 
>> sooner or later fetchmail will support oauth2 natively (good read)

> So, just a reminder, OAuth 2.0 is a _Web_ (HTTP) standard.  Deciding, as
> Google, Inc. did in 2021, to adapt it to a completely different context
> (SMTP/IMAP) is necessarily a different thing -- one apparently called
> "SASL XOAUTH2", something of Google's own invention.
> 
> You are thus chasing after something that may or may not be a stable
> API, may or may not work as described, etc.  And sometimes, the way
> passive-aggressives say "no" is to say "OK, here's a basic outline of a
> de-facto way of doing things that sort of work for now, least for us.
> Good luck."

I'd argue that this is not a problem inherent to the protocol, rather to 
the owner of the service, but as I wrote it is a good read and mostly 
says what you summarized.

>> Any advice or alternative route?
> 
> Intermittent discussion appears to occur on kwlug-discuss, as mentioned.
> https://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org
> 
> (Otherwise, I have no relevant knowledge, not choosing to deal with the
> indicated problem, and elect to not outsource my mail.)

Self hosted or commodity rented email servers do not provide the 
slightest level of anonymity and email are frequently used for 
"authentication".

I've used gmail adresses to register to services that I didn't want to 
be easily correlatable with me where "email" traffic was sporadic and 
mostly limited to password expiration or some kind of notification.

I've found that gmx.net and yandex.ru still provide free email through 
pop3/smtp. I don't make much difference between being spied by my 
friends state agents or my enemy state agents for the use I'm going to 
make of such disposable adresses.

When I see it fit, I use tor, but I'm not trying to protect myself from 
state agents.

I probably didn't like them because while the registration process 
didn't require any verifiable personal data it was a bit of a pain.

Getting a new disposable email address used to be much easier.

-- 
Ivan Sergio Borgonovo
https://www.webthatworks.it https://www.borgonovo.net




More information about the conspire mailing list