An unofficial blog that watches Google's attempts to move your operating system online since 2005. Not affiliated with Google.

Send your tips to gostips@gmail.com.

April 3, 2013

Google Blocks Gmail's Mail Fetcher

Google has always added great security features that protect user accounts: from SSL access to most services, Google Safe Browsing, Gmail's spam and phishing filters to 2-step authentication, phone number verification and Gmail's account activity monitoring.

Sometimes Google's security features are extra paranoid and block Google's own services. I tried to use the mail fetcher feature from a secondary Gmail account and Google mentioned that the authentication failed (it's been enabled before). I entered the right password and Google still couldn't authenticate. Then Google started to show warnings in my main Gmail account, at the top of Google search pages and even sent an email and an SMS message: "Someone recently tried to use an application to sign in to your Google Account. We prevented the sign-in attempt in case this was a hijacker trying to access your account."

Google sent me to this page which says: "We detected activity on your Google Account from a location you don't usually sign in from." The IP address is 209.85.192.147 (mail-pd0-f147.google.com) and it's from United States. Obviously, it's Google's own IP address.




How to fix this issue? Go to this page, click "Yes" and "Yes - Continue". From the Google confirmation message: "As a security precaution, Google may prevent an application from accessing your account if it's the first time we've seen this application sign in to your account, or if it's attempting to sign in from a new location."


Then Google sends you to this page and you need to click "Continue" and "sign in using the application you want to authorize access to your account within the next ten minutes."


Unfortunately for Google, it wasn't even the first time when Gmail's mail fetcher was enabled. Google should find a way to make Gmail's mail fetcher work without having to jump through hoops.

9 comments:

  1. I agree that this should work without problem, but I wonder why you don't forward the mail from the secondary to the primary account. You can only use 5 POP accounts, but many forwards. Another benefit is that it is faster and does not depend on the timing of the mail-fetcher.

    ReplyDelete
    Replies
    1. Both features are useful and both should work well. Forwarding is useful for future messages, not for the existing messages. Google made auto-forwarding more complicated by requiring verification and now mail fetcher triggers security warnings. I forgot to mention that Google's email notification wasn't helpful because it suggested to change the password and didn't link to the page that allowed me confirm I want to use mail fetcher. The whole thing is unnecessarily complicated

      Delete
    2. No. Mail Fetcher is a service that circumvents lock in by providers that don't support mail forwarding. You can download and upload any Gmail via IMAP. There is no legitimate use case for the POP3-Fetcher if you have two Gmail accounts.
      It's as if you would refuse to close your pants with the zipper, deciding to use fixing pins instead and then complain that the needle is stinging you.

      Delete
    3. Does it really matter if there are better ways to centralize mail? Even Google says: "If you'd like to centralize all your email from different accounts into one Gmail account, use Mail Fetcher. You can download messages from up to five other email accounts, including accounts from Gmail and other email providers."

      It's a legitimate way to use this feature and it shouldn't be that complicated. That's all. It's as if I'm complaining about a Windows feature and you're suggesting to use Ubuntu because it's better.

      Delete
  2. I was going to say much the same thing, but you beat me to it.

    ReplyDelete
  3. I apologize ;-)
    From google to google the mail-fetcher is pretty useless, you should reserve that for legacy accounts which support nothing else.

    ReplyDelete
  4. I think that is good behaviour, in the other case attacker might be able to silently read somebody emails from his own account.

    Personally, I use forwarding and I think it's better solution.

    ReplyDelete
  5. Hi there,

    I used to work on this feature. We agree that authorising Gmail-to-Gmail mail fetching is kind of a mess right now - fixing it properly has never quite reached the top of our todo list because it's a rare use case. The right fix is for Gmail to use XOAUTH to fetch from other Gmail accounts, this would resolve the security issues that this system is preventing whilst giving a much better user experience.

    -mike

    ReplyDelete
  6. I recently had to change the password on one of my Gmail accounts that I was fetching from another gmail account. When I tried to set up the new password, the target email account failed to fetch, even when putting in the new password correctly. The source account produced warning messages that it needed permission to send emails to a "less secure app" - which is Gmail's own service!
    Try searching this issue, and all you get back is instructions on how to adjust gmail to serve "less secure apps" but nothing on how Gmail is blocking itself. This was the first thread I could find.

    ReplyDelete

Note: Only a member of this blog may post a comment.