Windows Live Mail a less secure app?

Live wrote:

"VanguardLH" wrote in message
...
Live wrote:

Otherwise, someone that knows more about POP, IMAP, and SMTP might
identify which commands would reveal what e-mail client connected to
the
server.

The headers of Stewart's post say
X-Newsreader: Microsoft Outlook Express 6.00.2900.2180

That's a header added for posts submitted via NNTP to a Usenet provider.
Eternal-September that Stewart uses is a Usenet provider, not an e-mail
provider. That is obviously a header to identify the *NNTP* client used
to compose the post. You won't find the header, if any, in Stewart's
posts submitted here in Usenet. This is Usenet, not e-mail. I was
requesting someone that uses OE as their *e-mail* client do a test to
see if OE adds an *e-mail* header that identifies his client (OE).

I use Windows Mail as my e-mail client on vista and I see the header
X-Mailer: Microsoft Windows Mail 6.0.6002.18197

That's not Outlook Express, is it.

winston wrote:

VanguardLH wrote:

I was requesting someone that uses OE as their *e-mail* client do a
test to see if OE adds an *e-mail* header that identifies [that client].

X-Mailer: Microsoft Outlook Express 6.00.2900.5931

Thanks for the update. Odd that Google thinks Outlook, WLM, and
Thunderbird are less secure than Outlook Express when Outlook Express
doesn't support TLS (unless SSL is enabled and port 25 is used). I'm
not sure Google's definition of "less secure" has anything to do with
transmission encryption. The same POP, IMAP, and SMTP commands are sent
by every e-mail client so that cannot be a measure of "less secure".
Someone mentioned that maybe Google is just trying to push their own
products while nuisancing users of non-Google apps, and that seems more
and more to be Google's most likely intent. If so, that would explain
why they would target the e-mail clients that produce the greatest
desktop e-mail volume (most e-mail traffic is from web apps).

Google doesn't define "less secure". If they did then maybe we users of
their service could figure out how to secure them; however, if all
Google uses is the name of the e-mail client than nothing done to the
e-mail client will satisfy Google's check on the e-mail client accessing
their service.

Without Google actually declaring what are their rules to determine what
is and is not secure, all we can do is guess. My guess that Google was
looking at a header to identify the e-mail client, and that the absence
of any such header makes Google blind to the e-mail client, is wrong.
We'll have to come up with other guesses as to Google's non-disclosed
rules on secure or not. I can understand why an e-mail provider doesn't
fully explain their anti-spam measures since they don't want to assist
spammers in circumventing the filters. There is no good reason why
Google would not detail on what criteria they base their judgment that
an app is secure or not. A likely reason is to surreptitiously push
users to Google's products.

Perhaps if lots of users sent feedback on Google's deliberate ambiguity
in describing this option then Google might make it more clear on how
they judge an app as secure or not.

https://support.google.com/accounts/.../6010255?hl=en

Click on "Not helpful at all" and leave some text saying you want
clarity in how Google determines if an app is secure or not.

VanguardLH wrote:
winston wrote:

If July '14 then ... then it must not be default Disabled.

Correct. "not be default Disabled" is "Enabled by default" (so less
secure apps ARE allowed).

A visit to the Google web mail UI didn't prompt

I not sure if it was an an interstitial page during webmail login or
perhaps it was something they showed as a blurb in the webmail page,
like they do with their Google+ blurb at the top or the Google Voice in
Hangouts blurb in the left pane (if you have a Google Voice account). I
remember Google showing it somehow about this option but that was a long
time ago. Maybe it was a temporary thing and Google changed their
minds. Maybe they removed it since "Allow less secure apps" being
enabled by default let everyone's setup work. I don't think anyone has
been tracking exactly when this option showed up, what was the default
when it was added, if Google changed their minds of when to change the
default for this setting, and if grandfathered accounts were handled
differently than for newly created accounts.

Setting in Google settings is 'enabled'

Yep, as mentioned before, but I'm no longer sure this is the current
default. Creating a new Gmail account would show what is the current
default setting. Google requires a mobile phone number to create a new
account and mine is already assigned to my old account as a security
option.

If the OP never changed this setting (as implied in his starter post)
and if it was a newly created account (somewhat implied by the OP, too)
then it appears Google changed their minds and made Disabled the default
for this setting (so less secure apps get blocked). It could be after
some date that Google decided to make Disabled the default this option
so less secure apps would get blocked by default and that is why the OP
hit the problem. For accounts that existed at the time Google added
this option, maybe they grandfathered them with Enabled as the default.

If the OP created a new account and made no changes to the settings of
his Google account then it appears Disabled is the default for "Allow
less secure apps". The OP will have to reply if this was the case for
him: new account, "Allow less secure apps" disabled by default. As for
you and I, it's possible Google grandfathered us in with Enabled as the
default (so Google didn't **** up probably the majority of their
existing users when they added the option). If the OP does not reply as
to whether the problem cropped up for a new account he just created,
someone will have to create a new Gmail account and then check what is
the default setting.

Well, we now know another datum on why logins may fail at Gmail.

If the prompt shows up on that Win7 drive while I update my other
software and utilities then I'll reply accordingly. Until then, it have
been something temporary...with Google things change overnight,
disappear, get modified with very little transparency.

Since the complaint of failed password is very marginal, it would stand
to reason that the only way to cause the failure is for a user to
physically change the setting manually forcing 'it' to occur.



--
...winston
msft mvp consumer apps

"VanguardLH" wrote in message
...
Live wrote:

"VanguardLH" wrote in message
...
Live wrote:

Otherwise, someone that knows more about POP, IMAP, and SMTP might
identify which commands would reveal what e-mail client connected to
the
server.

The headers of Stewart's post say
X-Newsreader: Microsoft Outlook Express 6.00.2900.2180

That's a header added for posts submitted via NNTP to a Usenet
provider.
Eternal-September that Stewart uses is a Usenet provider, not an
e-mail
provider. That is obviously a header to identify the *NNTP* client
used
to compose the post. You won't find the header, if any, in Stewart's
posts submitted here in Usenet. This is Usenet, not e-mail. I was
requesting someone that uses OE as their *e-mail* client do a test to
see if OE adds an *e-mail* header that identifies his client (OE).

I use Windows Mail as my e-mail client on vista and I see the header
X-Mailer: Microsoft Windows Mail 6.0.6002.18197

That's not Outlook Express, is it.

I have Outlook Express as my e-mail client on win8 and I see the header
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
So Google thinks that Windows Mail and Outlook Express are more secure
than Outlook, WLM and Thunderbird.

Live wrote:


I have Outlook Express as my e-mail client on win8 and I see the header
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
So Google thinks that Windows Mail and Outlook Express are more secure
than Outlook, WLM and Thunderbird.

The real questions would be g
- Are you using that 3rd party modified version of MSFT's OE with a
Google Gmail account. And if so, is it using POP3 or IMAP or both ?
- What are you're Google settings for the security settings discussed
in this thread (Less Secure apps etc.)


--
...winston
msft mvp consumer apps

Live wrote:

"VanguardLH" wrote in message
...
Live wrote:

"VanguardLH" wrote in message
...
Live wrote:

Otherwise, someone that knows more about POP, IMAP, and SMTP might
identify which commands would reveal what e-mail client connected to
the
server.

The headers of Stewart's post say
X-Newsreader: Microsoft Outlook Express 6.00.2900.2180

That's a header added for posts submitted via NNTP to a Usenet
provider.
Eternal-September that Stewart uses is a Usenet provider, not an
e-mail
provider. That is obviously a header to identify the *NNTP* client
used
to compose the post. You won't find the header, if any, in Stewart's
posts submitted here in Usenet. This is Usenet, not e-mail. I was
requesting someone that uses OE as their *e-mail* client do a test to
see if OE adds an *e-mail* header that identifies his client (OE).

I use Windows Mail as my e-mail client on vista and I see the header
X-Mailer: Microsoft Windows Mail 6.0.6002.18197

That's not Outlook Express, is it.

I have Outlook Express as my e-mail client on win8 and I see the header
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
So Google thinks that Windows Mail and Outlook Express are more secure
than Outlook, WLM and Thunderbird.

Okay, now you've got what is the header for Outlook Express, also
confirmed by winston.

I suspect it is not that Google thinks those desktop clients are more
secure but rather that Google doesn't bother to check for them; i.e.,
the list is incomplete or they don't care about low-volume clients that
are not supported (OE hasn't been supported since 2002 and WLM is a
legacy product which means it also is not supported). OE and
Thunderbird generate a very small amount of the total worldwide volume
of e-mail traffic. So it could be those clients are off Google's radar.
It could also be Google is trying to thwart spam that originates from
their e-mail service so they target those desktop clients that produce
the highest e-mail traffic from that platform. Without Google actually
defining what they mean by "less secure", it's us making "could be"
guesses as to what Google is doing.

I don't use e-mail apps on smartphones (I only have dumbphones since all
I want a phone to do is make and receive calls). Other than mentioning
some desktop e-mail clients that Google claims are less secure, their
statements indicate they are primarily focused on mobile device apps.
Because of limited memory and disk space, mobile apps have to be small
(i.e., they are not as robust as desktop apps). So it looks like Google
considers e-mail apps on mobile devices and the most common desktop
e-mail apps (which altogether are much smaller than e-mail traffic
generated by mobile device apps) as "less secure".

Since Google has delibertely left vague what means "less secure" means
I'm not going to believe them. They provide no foundation for their
claim. If the rule looks arbitrary then it probably is. Google wants
you to use their e-mail app or their webmail client. Since Google
doesn't produce a desktop e-mail program, that means you must surely
need to move to using your web browser to access Gmail using their
webmail client. Uh huh, sure. If not their webmail client then they
want you to use their mobile device app:

https://play.google.com/store/apps/d...gle.android.gm

From what I hear from others, Android's e-mail app sucks. None of the
articles that I looked suggesting e-mail apps for Android mention the
one that comes with Android.

You could go with their 2-step validation scheme and get a security key;
else, you'll be toting around a piece of paper with the backup codes --
which is the same [lack of] security as turning over someone's keyboard
to see the sticky notes with their passwords. Ah, but their security
key on USB won't work unless you use THEIR web browser (Google Chrome).
And, ah, you can't use any USB stick but only one that is FIDO Universal
2nd Factor (U2F) capable so you have to buy a FIDO USB security dongle
to use Google's security key to work only in Google Chrome.

So "less secure" apparently is anything not Google. That OE or any
desktop e-mail client (since Google doesn't make one) got missed is
probably a mistake waiting to be fixed. Not on their radar yet.

". . .winston" wrote in message
...
Live wrote:


I have Outlook Express as my e-mail client on win8 and I see the header
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
So Google thinks that Windows Mail and Outlook Express are more secure
than Outlook, WLM and Thunderbird.

The real questions would be g
- Are you using that 3rd party modified version of MSFT's OE with a
Google Gmail account. And if so, is it using POP3 or IMAP or both ?
- What are you're Google settings for the security settings discussed
in this thread (Less Secure apps etc.)


--
...winston
msft mvp consumer apps

The real question is whether OE and WM are more or less "secure"
than other e-mail clients and this question has been explained perfectly
by VanguardLH.

Live wrote:

". . .winston" wrote in message
...
Live wrote:


I have Outlook Express as my e-mail client on win8 and I see the header
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
So Google thinks that Windows Mail and Outlook Express are more secure
than Outlook, WLM and Thunderbird.

The real questions would be g
- Are you using that 3rd party modified version of MSFT's OE with a
Google Gmail account. And if so, is it using POP3 or IMAP or both ?
- What are you're Google settings for the security settings discussed
in this thread (Less Secure apps etc.)


--
...winston
msft mvp consumer apps

The real question is whether OE and WM are more or less "secure"
than other e-mail clients and this question has been explained perfectly
by VanguardLH.

Since others in a private MSFT forum have reported OE failing unless the
Google setting is configured for less secure clients, if you've a Gmail
account using OE without issue that Gmail setting is also configured as
less secure.

--
...winston
msft mvp consumer apps

Live wrote:

The real question is whether OE and WM are more or less "secure"
than other e-mail clients and this question has been explained perfectly
by VanguardLH.

Actually I'm just making guesses on Google's decisions. Google isn't
telling us what they mean by "less secure" so all we can do is guess.
Without details, to us Google's choices are arbitrary and surreptitious.

". . .winston" wrote in message
...
Live wrote:

". . .winston" wrote in message
...
Live wrote:


I have Outlook Express as my e-mail client on win8 and I see the
header
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
So Google thinks that Windows Mail and Outlook Express are more
secure
than Outlook, WLM and Thunderbird.

The real questions would be g
- Are you using that 3rd party modified version of MSFT's OE with a
Google Gmail account. And if so, is it using POP3 or IMAP or both ?
- What are you're Google settings for the security settings discussed
in this thread (Less Secure apps etc.)


--
...winston
msft mvp consumer apps

The real question is whether OE and WM are more or less "secure"
than other e-mail clients and this question has been explained
perfectly
by VanguardLH.

Since others in a private MSFT forum have reported OE failing unless the
Google setting is configured for less secure clients, if you've a Gmail
account using OE without issue that Gmail setting is also configured as
less secure.

--
...winston
msft mvp consumer apps

Google defines security in his own way.
It is not necessary to adopt his definition.

Live wrote:

". . .winston" wrote in message
...
Live wrote:

". . .winston" wrote in message
...
Live wrote:


I have Outlook Express as my e-mail client on win8 and I see the
header
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
So Google thinks that Windows Mail and Outlook Express are more secure
than Outlook, WLM and Thunderbird.

The real questions would be g
- Are you using that 3rd party modified version of MSFT's OE with a
Google Gmail account. And if so, is it using POP3 or IMAP or both ?
- What are you're Google settings for the security settings discussed
in this thread (Less Secure apps etc.)


--
...winston
msft mvp consumer apps

The real question is whether OE and WM are more or less "secure"
than other e-mail clients and this question has been explained perfectly
by VanguardLH.

Since others in a private MSFT forum have reported OE failing unless
the Google setting is configured for less secure clients, if you've a
Gmail account using OE without issue that Gmail setting is also
configured as less secure.

--
...winston
msft mvp consumer apps

Google defines security in his own way.
It is not necessary to adopt his definition.

Google's a person ?


--
...winston
msft mvp consumer apps

". . .winston" wrote in message
...
Live wrote:

". . .winston" wrote in message
...
Live wrote:

". . .winston" wrote in message
...
Live wrote:


I have Outlook Express as my e-mail client on win8 and I see the
header
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
So Google thinks that Windows Mail and Outlook Express are more
secure
than Outlook, WLM and Thunderbird.

The real questions would be g
- Are you using that 3rd party modified version of MSFT's OE with a
Google Gmail account. And if so, is it using POP3 or IMAP or both ?
- What are you're Google settings for the security settings
discussed
in this thread (Less Secure apps etc.)


--
...winston
msft mvp consumer apps

The real question is whether OE and WM are more or less "secure"
than other e-mail clients and this question has been explained
perfectly
by VanguardLH.

Since others in a private MSFT forum have reported OE failing unless
the Google setting is configured for less secure clients, if you've a
Gmail account using OE without issue that Gmail setting is also
configured as less secure.

--
...winston
msft mvp consumer apps

Google defines security in his own way.
It is not necessary to adopt his definition.

Google's a person ?


--
...winston
msft mvp consumer apps

"its definition" is ok?

"Live" wrote in message ...

". . .winston" wrote in message
...
Live wrote:

". . .winston" wrote in message
...
Live wrote:

". . .winston" wrote in message
...
Live wrote:


I have Outlook Express as my e-mail client on win8 and I see the
header
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
So Google thinks that Windows Mail and Outlook Express are more
secure
than Outlook, WLM and Thunderbird.

The real questions would be g
- Are you using that 3rd party modified version of MSFT's OE with a
Google Gmail account. And if so, is it using POP3 or IMAP or both ?
- What are you're Google settings for the security settings
discussed
in this thread (Less Secure apps etc.)


--
...winston
msft mvp consumer apps

The real question is whether OE and WM are more or less "secure"
than other e-mail clients and this question has been explained
perfectly
by VanguardLH.

Since others in a private MSFT forum have reported OE failing unless
the Google setting is configured for less secure clients, if you've a
Gmail account using OE without issue that Gmail setting is also
configured as less secure.

--
...winston
msft mvp consumer apps

Google defines security in his own way.
It is not necessary to adopt his definition.

Google's a person ?


--
...winston
msft mvp consumer apps

"its definition" is ok?

I mean "its" in place of "his".

Live wrote:

Google defines security in his own way.
It is not necessary to adopt his definition.

You don't get a choice how an e-mail provider defines security. It's
their service, their resource, their property, not yours. Yes, you
definitely have to adopt Gmail's definition of security. The only
choice you get is to turn on/off the "Allow less secure apps" option.
Also, with Gmail, you have NO CHOICE to disable their anti-spam filter.
It is always on and you cannot disable it.

On Wed, 29 Apr 2015 11:01:49 +0300, Live wrote:

"Live" wrote in message ...

". . .winston" wrote in message
...
Live wrote:

". . .winston" wrote in message
...
Live wrote:

". . .winston" wrote in message
...
Live wrote:


I have Outlook Express as my e-mail client on win8 and I see the
header
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
So Google thinks that Windows Mail and Outlook Express are more
secure
than Outlook, WLM and Thunderbird.

The real questions would be g
- Are you using that 3rd party modified version of MSFT's OE with a
Google Gmail account. And if so, is it using POP3 or IMAP or both ?
- What are you're Google settings for the security settings
discussed
in this thread (Less Secure apps etc.)


--
...winston
msft mvp consumer apps

The real question is whether OE and WM are more or less "secure"
than other e-mail clients and this question has been explained
perfectly
by VanguardLH.

Since others in a private MSFT forum have reported OE failing unless
the Google setting is configured for less secure clients, if you've a
Gmail account using OE without issue that Gmail setting is also
configured as less secure.

--
...winston
msft mvp consumer apps

Google defines security in his own way.
It is not necessary to adopt his definition.

Google's a person ?


--
...winston
msft mvp consumer apps

"its definition" is ok?

I mean "its" in place of "his".

That works better :-)

"His" and "her" (or "hers") usually look like people in idiomatic
English.

--
Gene E. Bloch (Stumbling Bloch)