[Update] G Suite limiting access to less secure apps starting October 30, 2019

The bastards HATE people using something like thunderbird, because then you don't have to log into goog with your web browser and they have a harder time tracking the shit out of you.

They already make it hard to find the 'Allow less secure apps' for individuals and it takes about 4 clicks or so to do it -- if you can find the damn setting.

Next they'll turn off the setting for individuals.

thats why one should self host. maybe little bit of work but results in smiling face. take it as chance to switch.

@kmj Actually, I don't have any domains with MX at google anymore. Haven't for quite a while.
I still get a flurry of emails, because the new admins didn't bother to change the email addresses from mine (or do much other work either usually).
Back in 2004 or so postfix and I were drowning in spam and I couldn't train beysian, clamav etc. fast enough to please. For many years now I only send out mail, never receive it.
Not sure I want to go back to that headache.
There is tutanota, protonmail.

a well configured spamassasin plus a few other things and there are no problems with incoming mails.

@kmj It was 2004-2005 and I haven't bothered since.
I am being pushed toward it again though. I'm grandfathered in for a free domain at zoho, so I just keep making my friends free emails with imap to get them off google, but... Zoho won't be far behind copying gmail I'm sure.

@gemlog The thing I hate most about this is that they never specify why it's not 'secure'. It's obvious it's not the real reason they make it a pain, and now are disabling it.

@violet We all know why they don't want you to use pop/imap: because it evades tracking.
They are simply moving from discouraging (with very dark patterns for normal users) to being more heavy-handed about it.

@gemlog @violet and to think, people still ask us why we still run our own MTAs in 2019

ofc, endgame for google is to just blanket stop taking mail from people like us, as opposed to shadowbanning; comcast already does this

oh well, fuck ‘em, we already burned this bridge when we didn’t get on facebook by 2013 and at this point we don’t see how there’s much more damage to be done

@alexis @gemlog @violet this. We've been having so many issues with getting email from our selfhosted email server to Gmail users. It goes well for a while, and bam all of a sudden mail isn't delivered anymore. Never a clue as to why, no error reports or anything. SPF, DMARC and DKIM are all configured correctly.

Google is truly ruining email.

@Gina @alexis @violet Even if you have all those things in place, I found that 2-3 times a year google will suddenly stop accepting your mail. You look frantically around for the reason and find ... Nothing! You wait 2-3 days and they suddenly start accepting your mail again! Damn irritating.
Also could happen with a mailing list: all those guys will only accept some many emails/ip/24hrs. This is what keeps e.g. Mailchimp in business.

@gemlog Many people won't have an option, but I'm going to start pushing and others on people I know.

@moondoggy That's another very good option and I should have mentioned it moondoggy.
See my public apology to @aran


Alternatives to gmail.

In addition to there are also and
Both have a free option and include encryption as well.

I had a hashtag in mind for this post, but declined to use it in case Music Squirrel was about.

@onepict @moondoggy @Framasoft
Yeah, framasoft is great. Another site with ethical alternatives to things is

@gemlog Posteo doesn't allow custom domains, which feels like a lock-in attempt. Tutanota doesn't support IMAP, so no 3rd party apps. Protonmail might be compromised, as the degree to which the it's owned and/or controlled by US entities is never disclosed.

There's no ideal email provider, I'm afraid. :(

I had to look up posteo after buddy linked it, so I have no opinion. Posteo supports “sender aliases” if you set an SPF record. They say storing unencrypted MX info violates your anonymity.

Tutanota says "IMAP or POP because it does not support the end-to-end encryption." Technically true, but I've used enigma for years with tbird.

I believe protonmail is swiss based no?

I haven't used postfix to rx since ~2005, but maybe it's time again (spam was grinding me down finally).

@gemlog I'm not sure how SPF crutches for recipients might help me use fully functional email on my own domain. If that's what Posteo themselves suggest... I might start thinking bad things about them. :)

And I know what all of them say, it's always the same.

Bottom line is, Posteo is no replacement for G Suite. Maybe for private Gmail users, who suddenly became obsessed with complete anonymity. But certainly not for business accounts.

@gemlog Tutanota does not allow 3rd party clients. They are building their own instead, including desktop, which they humbly place alongside Evolution and Thunderbird. :)

Although I'm not sure they allow setting up multiple accounts or non Tutanota providers.

This service does look much better than others, but having multiple email apps on all devices or switching apps altogether just to accommodate Tutanota feels a bit wrong, tbh.

@gemlog Protonmail is formally based in Switzerland, but has had investments from American entities, including non-tech ones. They do not disclose the amount to which Protonmail controlled by Americans. Maybe it's nothing serious, but it does make one wonder.

@SeventhMagpie You aren't wrong to wonder now-a-days. Corporations are global octopuses and the usa and the other 5 eyes are into *everything*.

@SeventhMagpie I've such txt entries for things like mailchimp for clients.
If you want a gsuite that isn't google and to map mx, then all I can think of is zoho.
I use for one of my domains for mail, but I'm grandfathered in for the mx and however many users. You'd have to check pricing.
Their only virtue would be being 'not google', but they have the same business model, obviously.
I didn't fully realize your needs. If you just want to escape goog, then zoho is it.

@gemlog I'm not a business at this moment, but I use my family domain with G Suite.

Also, a good source for tested and reviewed secure email services:

Also, I meant to say and ran out of space, if nothing else, all those solutions have the virtue of being NOT GOOGLE, plus they are all better one way or another.
None of those 3 are so bad as to stop someone from quitting gmail.
Personally I have MX records mapped to Zoho, who use basically the same playbook as google, but I'm grandfathered in for unlimited emails. I find it's good for creating backup accounts for friends to use to retrieve passwords.
I will go back to postfix.

@gemlog What they would hate even more, is if you just stopped using any of their services.

I have a lot of 'google-guilt' to deal with. I'm old and, back in the day, I drank the kool-aid and believed that here was a company with a GNU-like philosophy - and maybe Sergey and Larry really were 'do no evil' back then. Who knows?
Anyhow, I turned a lot of ppl on to things like gmail; both among my friends and among clients :-(
These days I work hard to anti-evangelise goog and get ppl off things like gmail, but it's hard.
Some of those ppl use FB ffs...

@gemlog I seem to recall it isn't that hard to implement the authentication step required. Like, Evolution did it...

@BalooUriza Steps.
- just fill in the blanks in tbird; it fails
looks like bad account name or password
- re-enter info; fails. repeat...
Some give up at this point: success for google!
- learn you need to 'allow unsecure'. log in to gmail, click gear icon. waste time looking. not there.
- learn to click your name and 'account'

@BalooUriza - mosey around. find the option at the very bottom of the page. click thru 2 warnings about how dangerous it is
- try tbird again. suddenly you are back in google forcing passwd and more warnings. 2/2
Yep. Easy. Any normal user could do that.

@BalooUriza forgot: first you need to enable pop/imap (Warnings!) which is beneath the gear symbol

@gemlog No, I mean, go look at how Evolution handles Google accounts and tell me why Thunderbird can't do that.

@BalooUriza OK, I will, but I think we're talking about two different things?
If not, big kudos to Evolution devs! :-)
< time passes >
That looks nearly identical to what thunderbird does.
It would still require logging into gmail and making the changes I outlined.
I haven't used or even thought of evolution for over a decade. How long since you did it? It would require some serious remote exec magic today. I think originally (2004) even POP was defaulted On at gmail.

@gemlog Yeah, it's nowhere near that complicated. You might want to try a recent (~3 years or newer) evolution and see how it reacts to Google accounts. It's really easy even with 2FA.

@BalooUriza OK, I surrender! :-)
I'll take it as read at your word, but no one I know uses evolution or gnome, so it may be a while until I confirm it for myself.
Also, the shenanigans they are now pulling with 'less secure apps' is only a few years old as well. About 2016 I think, not sure.

@BalooUriza That I don't know. I have been tethered with the likes of beepers, pagers and cellphones for most of my life, but the idea of willingly giving my phone number to a corporation is a non-starter. Currently I don't even have a cell phone with a sim card. If someone wants me at their beck and call they can pay for it.
Mind you ppl look at me like I've got 2 heads when I say I don't have one :-)
But just a few years ago I had 5. 3 on me all the time. So intrusive!

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!