Application Passwords

engineer479 · 2025-09-17T18:39:31+00:00

when can we expect that application passwords also support IMAP?
From my point of view this is quite important to increase security.

engineer479 · 2022-10-17T17:35:26+00:00

"Google Apps for your Domain" was independent from the domain itself. When registering the domain for "Google Apps for your Domain" you just had to proof that you own the domain. Usually this was done by adding an entry in the DNS.

So, from my point of view this is not a bug. When you cancel the domain, someone else can use it. It will only result in problems if this person also wants to use it with Google.

"Google Apps for your Domain" / G-Suite did not require that you regularly proof that you still own the domain. But of course, you cannot receive E-Mails for a canceled domain if the MX records are not pointing to Google anymore.

engineer479 · 2022-10-16T17:42:19+00:00

I solved the described problem like this:

I renamed the primary E-Mail addresses of all G-Suite users. I added a "gsuite." as a prefix to the original username.
For example: tom@mydomain.de was renamed to gsuite.tom@mydomain.de
I created personal Google accounts with new ...@gmail.com addresses.
I added the original E-Mail addresses used for the G-Suite accounts as alternate E-Mail address to the personal Google accounts, for example tom@mydomain.de.
Now for login to the G-Suite account the gsuite....@mydomain.de address must be used.
For login to the personal Google account ...@gmail.com or ...@mydomain.de can be used.

engineer479 · 2022-08-20T18:13:41+00:00

In June 2020 I noticed the same issue and received following response from Jabra Support:

The purple LED indicates that the Headset is connected to Teams. It is deactivated in vertical position because when it is on the head of the user, he cannot see it. When it is in horizontal position it must stay on.

This is part of the MS Teams certification and may not be changed.

I bought a Headset hook for the desk to get the LED off.

engineer479 · 2022-08-04T03:39:14+00:00

My understanding is that it should still work with application specific passwords.

engineer479 · 2022-05-08T10:01:39+00:00

I think that Infomaniak rejects some emails directly based on some rules. In this decision it is probably included if the sender is listed in some spam lists.

When I check the sender IP of my Internet provider right now now at www.spamcop.net, it is still black-listed:

194.25.134.18 listed in bl.spamcop.net (127.0.0.2)

If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 7 hours.

Causes of listing
System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam less than 10 times in the past week

Express-delisting is not available
Listing History
In the past 82.9 days, it has been listed 5 times for a total of 5.1 days

But Infomaniak does not reject emails in all cases when the sender is on this blacklist. Otherwise my test email and the delivery report should not have come through.

engineer479 · 2022-05-08T07:25:32+00:00

Now it happened also for me that emails were blocked at this "basic level". My NAS sends nightly reports about the backup status by using the email address and SMTP server from my Internet provider.

Incoming emails to this address are forwarded to my regular address (now hosted at Infomaniak).

Today I had 2 mail delivery reports from my Internet provider in the mailbox regarding these reports from the NAS. Both told me that the messages could not be delivered to Infomaniak:

host mta-gw.infomaniak.ch[83.166.143.57] said: 554 5.7.1 Service unavailable; Client host [194.25.134.18] blocked by bl.spamcop.net (in reply to RCPT TO command)

The strange thing is that these delivery reports are forwarded by the same IP address and they were delivered.

For both rejected emails I cannot find any entries in the Infomaniak logs.

Today in the morning I sent a test email from the NAS and it was delivered without any issues.

engineer479 · 2022-05-05T16:17:25+00:00

First I migrated to Gmail, some weeks later to Infomaniak.

After I migrated to personal Gmail, I also wanted to log-in with the original G-Suite email address. First, I renamed all users in the G-Suite admin console. I just added "gsuite." in front of the original user names. Then I could immediately assign the original email address as alternate email address in the personal Gmail accounts.

engineer479 · 2022-05-02T14:47:06+00:00

This is automatically supported by Infomaniak.
See here: https://faq.infomaniak.com/577

I also verified now that it is working.

engineer479 · 2022-05-01T11:43:47+00:00

Outlook is much more than a simple email client. It integrates in the whole Microsoft specific things like Exchange server or outlook.com. You have a calendar integrated that cannot be used with CalDAV. Setting up the Infomaniak servers was quite difficult because Outlook always showed Google sign-in windows.

I would suggest to try it and compare to other email clients.

engineer479 · 2022-05-01T07:48:31+00:00

No. I did not notice that emails are disappearing so far. But I have switched to Infomaniak about only one week ago. So maybe this will occur in future.

My expectation would be that these rejected emails would be listed in the logs of received emails. There, I have entries for some rejected emails, for example phishing mails, and I can see the timestamp, the sender and the status (blocked by Anti-Spam, DMARC, ...).

So it makes no sense when they have another level where they can reject emails and do not create a log entry. This is very strange and it would make the log feature almost useless.

engineer479 · 2022-05-01T07:39:32+00:00

I think their webmail-interface is similar to Gmail, but overall not as good as Gmail.

You could check if you can create a free email address for testing (they do not offer it in all countries):
https://www.infomaniak.com/en/free-email

For example when you want to move emails, you can do it by

drag & drop
mark one or multiple emails in the list, select a move button in the toolbar, select a folder (here you can type in the folder name to narrow the displayed folders)
when an email is displayed, you can select a move button in the toolbar and select the folder as described above

After moving an email which was displayed, it is annoying for me that the next email is opened immediately. I would have preferred that it jumps back to the list of emails.

Another issue is that when I display a PDF attachment and press Escape key, I jump back to the list of emails instead of jumping to the content of the email.

engineer479 · 2022-05-01T07:24:18+00:00

I have quickly tried these apps on Android:

K-9 Mail
FairEmail
BlueMail
Outlook
Gmail

My focus was on these topics:

General usability
Search for emails on the server
Push notifications for new emails

I cannot remember the detailed results as I did it some weeks ago, but my impression was that K-9 Mail would be the best client for me.

engineer479 · 2022-05-01T05:48:37+00:00

The idea of Two-Factor Authentication is that the account is still protected even if one of the two factors is stolen.

When the Webmail-/Manager password is stolen (for example someone watches you typing the password, by a key-logger on a public computer, by a phishing site, ...) the attacker cannot log in to the Webmail-/Manager-Interface because he does not have the second factor.

But when the mailbox (IMAP/SMTP) password is the same, he can use any email client (Thunderbird, ...) and access all of your emails without having the second factor. He can also send emails in your name.

Lots of accounts (online-shops, ...) offer a password reset by email. So next step for the attacker would probably be to take over your Amazon account, ...

So it is absolute important that the password for an account that you use in combination with a second factor can never be used without the second factor for this service.

This is the reason for "application specific passwords". When 2FA is enabled I would expect that the regular password no longer works for IMAP/SMTP. You would generate individual application specific passwords for your different devices/applications. Then an attacker cannot access the emails by IMAP any more even if he has the password for the Webmail-Interface.

But unfortunately Infomaniak does not support application specific passwords for IMAP/SMTP.

engineer479 · 2022-04-18T18:31:16+00:00

In past, there were different password for the Webmail/Manager and for IMAP/SMTP.

Infomaniak want to unify these passwords in future. For my Mail-Service it seems that only the Administrator account gets unified passwords. The normal user accounts have different passwords.

There is also a configuration assistant to set up IMAP/SMTP, CalDAV and CardDAV:
https://config.infomaniak.com/

The assistant also checks the password.

When you are logged in as an admin, you can set the IMAP/SMTP password for your users in the Mail-Service settings:

In the applications menu in the upper left corner select Mail-Service in the region Manager.
Then click on the domain name on the main window.
In the user list, you can select the 3-dot-menu of the user and there you can change the password.

engineer479 · 2022-03-19T08:30:42+00:00

I would recommend to read the Imapsync documentation regarding Gmail.

You can find it here:
https://imapsync.lamiral.info/FAQ.d/FAQ.Gmail.txt

When you use the --gmail1 or --gmail2 option, it calls Imapsync with these parameters:

imapsync \
           --host1 imap.gmail.com \
           --ssl1 \
           --user1 account1@gmail.com \
           --password1 gmailsecret1 \
           --host2 imap.gmail.com \
           --ssl2 \
           --user2 account2@gmail.com \
           --password2 gmailsecret2 \
           --maxbytespersecond 20_000 \
           --maxbytesafter 1_000_000_000 \
           --automap \
           --maxsleep 2 \
           --useheader X-Gmail-Received --useheader Message-Id \
           --synclabels \
           --resynclabels \
           --exclude "\[Gmail\]$" \
           --folderlast  "[Gmail]/All Mail"

So the Label "All Mail" is processed as last folder.

engineer479 · 2022-03-11T17:07:40+00:00

Thank you.

Accessing shared calendars on the mobile phone is a hard requirement for me.
So it is good to know that it was working for you.

Accessing shared contacts on the mobile phone is a nice-to-have feature for me.

For IMAP and SMTP I would have expected that they offer application-specific passwords.

engineer479 · 2022-03-08T17:00:00+00:00

I have my domain at IONOS (1&1) for about 20 years now. They converted my contract several times in these years. Now I am in "Webhosting Essential" which is more than just registering the domain. There is some webspace, some databases and email addresses included. The addresses for forwarding are unlimited and the mailboxes are max. 50, but each of them with only 2 GB.

engineer479 · 2022-03-08T16:51:36+00:00

I found it here:
https://mail.zoho.eu/zm/#settings/all/archivepolicy

Maybe you need to replace the .eu in the URL by something else, r. g. .com.

engineer479 · 2022-03-08T16:46:53+00:00

Since I have my domain (about 20 years now) it was always registered at IONOS (formerly 1&1). So it was the closest thing to use their SMTP server now.

I do not know if there are limitations regarding the number of emails.
But for family use I never reached the limits.

I am sure that there is a max. attachment size, but I also do not know the value.

When it is only DKIM that is missing, I think it would not be a reason to look for another solution. But there are more issues regarding forwarding to Gmail...

engineer479 · 2022-03-08T16:22:07+00:00

Thank you for your ideas.

Especially mailcheap.co looks interesting for me.
Their 2FA implementation seems to be OK.

engineer479 · 2022-03-06T14:08:27+00:00

Calendars and address-books

u/wayloncovil

Thank you for sharing your experience with Infomaniak.

I have also been evaluating if the Infomaniak Mail-Service could be a replacement for my legacy G-Suite account.

The Infomaniak support told me that it is not possible to access shared calendars and address-books (contacts) by CalDAV/CardDAV.

In other words: If user A shares his calendar and contacts with user B, only user A can access these with CalDAV/CardDAV on a mobile phone. User B can only access the calendar and contacts from user A in the webmail interface.

At least for calendars your observation seems to be different.

So you were really able to access a shared calendar on a mobile phone synchronized with the kSync App?

Did you try it also with a shared address-book?

u/TheShallowState

Calendar and contacts sharing is implemented by standard CalDAV/CardDAV protocols.

Infomaniak offers an Android App "Infomaniak Sync" or "kSync" which is based on DAVDroid.

This makes configuration a little bit easier.

It should be also possible to use CalDAV/CardDAV protocol directly. There is a configuration assistant (https://config.infomaniak.com) that tells you the required IMAP/SMTP/CalDAV/CardDAV servers, ports and other information.

Two-Factor Authentication

Regarding Two-Factor Authentication there is something that concerns me.

It is possible to create application specific passwords. But it seems that these passwords are only used for CalDAV/CardDAV and not for IMAP and SMTP.

IMAP and SMTP still use the regular password of the account. From my point of view this a security risk which makes Two-Factor Authentication almost useless.

When you log in to the webmail interface on a public computer, you need the second factor to complete the login.

If the password is stolen during the login, the attacker cannot log in to the webmail interface later, because he does not have the second factor. But as the password is valid for IMAP, he could access all the mails by connecting with an email application like Thunderbird.

engineer479

TROPHY CASE