[conspire] fetchmail, oauth2 and disposable free email services

Rick Moen rick at linuxmafia.com
Mon Jun 20 01:13:38 PDT 2022

Quoting Ivan Sergio Borgonovo (mail at webthatworks.it):

> I'd argue that this is not a problem inherent to the protocol,
> rather to the owner of the service, but as I wrote it is a good read
> and mostly says what you summarized.

The point is that there really isn't a "protocol", really.  Google
borrowed and adapted a real IETF protocol, wrapping it into Web content
and turning it into something rather different.  I haven't looked
very closely at the SASL XOAUTH2 write-up on Google's GMail site, 
but I'd be surprised if it were rigourously specified _and_ that Google
is exactly compliant.  That's admittedly just a hunch, based on knowing
the way coders tend to work, and based on Google, Inc.'s lack of
incentive to take that very seriously.  I of course may have guessed
wrong, and I hope I did.

> Self hosted or commodity rented email servers do not provide the
> slightest level of anonymity and email are frequently used for
> "authentication".

To be sure.

I _tend_ to be so militantly non-anonymous that, well:

:r! dig -t loc linuxmafia.com +short
37 25 53.825 N 122 11 52.128 W 15.00m 1m 10000m 10m

See also the contact information on my personal Web page, plus the "ICBM
address".  But of course I'm not denigrating anonymity, not in the

> I've found that gmx.net and yandex.ru still provide free email
> through pop3/smtp. 

Indeed, that's the way I'd solve that problem, too.  Take advantage of
the fact that it's a big world, and that not everyone is sharing data.

More information about the conspire mailing list