From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Tim Cross Newsgroups: gmane.emacs.devel Subject: Re: gmail+SMTP(only) (oauth2) Date: Sat, 21 May 2022 11:09:19 +1000 Message-ID: <877d6f1wci.fsf@gmail.com> References: Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="18977"; mail-complaints-to="usenet@ciao.gmane.io" User-Agent: mu4e 1.7.21; emacs 28.1.50 To: emacs-devel@gnu.org Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Sat May 21 03:58:20 2022 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nsENn-0004no-Fd for ged-emacs-devel@m.gmane-mx.org; Sat, 21 May 2022 03:58:19 +0200 Original-Received: from localhost ([::1]:43824 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1nsENl-00038l-WD for ged-emacs-devel@m.gmane-mx.org; Fri, 20 May 2022 21:58:18 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]:42260) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1nsEMx-0002Sg-AJ for emacs-devel@gnu.org; Fri, 20 May 2022 21:57:28 -0400 Original-Received: from mail-pf1-x42d.google.com ([2607:f8b0:4864:20::42d]:36527) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1nsEMt-0002Ig-Js for emacs-devel@gnu.org; Fri, 20 May 2022 21:57:25 -0400 Original-Received: by mail-pf1-x42d.google.com with SMTP id u15so9056233pfi.3 for ; Fri, 20 May 2022 18:57:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=references:user-agent:from:to:subject:date:in-reply-to:message-id :mime-version; bh=vQxH9+g4LyxWc8aoZvahET3hXWzA3Lh81hH8rN0phfQ=; b=HEV2GL9GZf1J55/grX8c6cIwsYiZvr95dfnp1axpaxqrGjmD6OZiIHzU2CpoPT7vRC 7syteNNEj1Hmaegox72NWYbVaCsZFYea5fdDpEHV1/LE6Kyod0JGAOMha1ASdNe5AEJn ceXGIUBdmyAmquDfMy23kf4uX5pe3qnnf2AN0JEsS8N45FD5hMELfP1EfyK9zBrnV3m8 0BuBoLhc2tBWVxL5FClRv+1UEYjNAe4JiqTVMzWw3HMayWo8MjK2QAndJlyHNisW6UGi V+edmZ8OF/aYO4y0I1mTXGqFDY5pNw+WaVfWH8GJ8cbY76M1Fpig0WnZQjQb1D1TPQBu wQaw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:references:user-agent:from:to:subject:date :in-reply-to:message-id:mime-version; bh=vQxH9+g4LyxWc8aoZvahET3hXWzA3Lh81hH8rN0phfQ=; b=3OyZSzF3GUXKxGZWMT7mNH8xmj7t6vuyHtfA5wG+PmEsXme5FBPoiECljaq9+eaXnF gWduIdypPmLt4+OshLhcx5mOkKkviwmUuQVew+Jt/UlvyEr+XHZaromxgU5KAKWVLB6T RMM7bTsGW9T0zzv/6j3L/wnZFVSF/WFoSXytzKGm+n2RJbYPa1ARWOzG10wF0y+BGUNT uB14P0A105DuBnpn9KQsMm3GMoAs25dBTGVxq104zc8iRexWZqahPfcYLhz4TK5nR/XY hMEs1+ZtdZYAvDICmBjelGb/oaiWWxQFiA0jqYoQVW32cVQW2VsElVZ95piTM9QPMDZ+ xQtg== X-Gm-Message-State: AOAM531SsI+/98hCgXiJTFFpei1GHmP0nEaG1uvoWNYyfYQ6Mc6cpSvm IzFAUSiciXJ6qfV7ZcQo70i78D0iS1U= X-Google-Smtp-Source: ABdhPJz35WqPCzxOck+LL4MOgpc/c+MW4vB+7b+zGr6qarIYQxluJDNVgkG8eWggMK1gWlpzGrXlIQ== X-Received: by 2002:a65:48c5:0:b0:3c5:fe30:75dd with SMTP id o5-20020a6548c5000000b003c5fe3075ddmr10573025pgs.269.1653098240402; Fri, 20 May 2022 18:57:20 -0700 (PDT) Original-Received: from dingbat (220-235-29-41.dyn.iinet.net.au. [220.235.29.41]) by smtp.gmail.com with ESMTPSA id e8-20020a170902744800b001618644d8b5sm368248plt.154.2022.05.20.18.57.18 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 May 2022 18:57:19 -0700 (PDT) In-reply-to: Received-SPF: pass client-ip=2607:f8b0:4864:20::42d; envelope-from=theophilusx@gmail.com; helo=mail-pf1-x42d.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.io gmane.emacs.devel:290023 Archived-At: Richard Stallman writes: > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > > However I have been warned that the message should have a from field > > with a domain of my university. (@mat.ucm.es for example). > > > Now I could either use > > > 1. The smtpmail (or sendmail) program of my linux machine (not sure > > about MacOS > > > 2. Or use a SMTP service that allows me to use a different form > > field, once the address has been verified. Gmail did this in the > > past (and maybe still does it). > > > In any case I have been warned that my mails could be blacklisted. > > That is rather unclear. Do you mean that > (1) if you fail to have the right From field, your emails could > be blocked, or > (2) regardless of the From field, your emails could be blocked? This is all related to various spam prevention schemes used by SMTP servers these days. In a nutshell, there are various widely used schemes which verify the IP address and/or domain of the originating SMTP server is part of or associated with the domain in the from header address. This is often achieved based on DNS records, such as an MX record. The result is, if there isn't some verifiable relationship between the SMTP server and the domain in the from header, it is likely the message will be blocked by many SMTP servers. The matter is made worse in that many of the SMTP servers which will allow you to set an arbitrary domain in your from header are already considered suspect as these are also often servers legitimately associated with sending spam. Many SMTP servers won't allow you to set an arbitrary from header or will only allow you to set the header to a specific domain based on your IP address. Just to try and be clear for the very last time here. There is NO 100% free/libre solution to using gmail for email. There are some solutions which will minimise the amount/frequency of need to use non-free/libre software, but none which eliminate it. However, adopting Google as the email provider for an organisation does NOT mean the organisation uses Google's 'standard' gmail authentication/authorisation infrastructure. Often, especially for larger organisations, the organisations own identity management infrastructure will be used. Unfortunately, few identity management solutions are free/libre and only a handful exist which are classified as open source. This means there is no solution which will work across the board. Each organisation will need to be assessed individually. Using Google to host your email services is NOT the same as using Google's gmail service. When an organisation announces they will be moving their email service to google, you cannot assume this will mean it is going to be equivalent to Google's gmail service. (same holds for organisations which adopt Office365 as their email service provider). Therre will likely be some commonality, but there could also be significant differences. Technically, email can be forwarded to a different service. This is an optional feature which may or may not be allowed by the owning organisation. Most organisations will not permit this and it is an option which is generally discouraged by most security professionals. Even when allowed, it tends not to work well due to the way modern spam prevention techniques work. If an organisation adopts Google as their email service provider, it is not equivalent to using gmail as your email service provider. While the data may use/share some of the same physical infrastructure, the policies and procedures, as well as the authentication and authorisation processes, can be significantly different. If you are using 'real' gmail, you can minimise your use of non-free/libre software by setting up application passwords. This only needs to be setup once and after that, you can use whatever SMTP and IMAP client you want. It is likely Google will remove application password support at some point in the future, but at this time, they have not flagged any definite plans to do this. It would be expected they will provide a significant transition period if and when such plans are announced. Application passwords may or may not be available with organisations which use Google to host their email services. This will depend on the policies of the organisation, the level of integration and the authentication/authorisation approach adopted by the organisation.