Google says Manager has "known security problems"?

Hi, I am trying to set up the custom SMTP server to use my Gmail account, but received this error message:

(I blanked out my Google username.)

I then received the following email from Google:

So is Manager a “less secure app”?

Or am I just doing something wrong?

SSL and portnumber 587 does not match.
Should be SSL and portnumber 465 according to info from Google:

See Google’s explanation here: Allowing less secure apps to access your account

Manager does not support Port 465 because of security concerns. Search the forum. There have been several discussions of problems with gmail login procedures.

Actually not supporting port 465 has nothing to do with security. Port 465 is as secure as 587. The difference is about how secure connection is established but both ports will give you the same level of security.

Now, as for Google complaining about less secure apps. What they mean by that is that is your Gmail password is your password to your entire Google account.

Google dislikes their users entering Google passwords anywhere else but login screens run by Google. In this instance, you are entering your Google password in Manager. It’s not that Google doesn’t specifically trust Manager. Google doesn’t trust anyone who is not Google.

As a solution, Google established new authentication scheme which will allow you to send emails through Gmail without exposing your Google password to 3rd party. Manager doesn’t support this and most other applications don’t support it.

SMTP over SSL is secure (port 465 or 587). What is not secure is entering your Google password to Manager. Why? Because your Google password is stored in your accounting file and if you ever send this accounting file to someone else, they could potentially discover your password. If your Google password would be valid only for sending emails, then it is not a big deal. But your Google password can be used to log in into all Google websites which has privacy implications (e.g. someone could see your search history or youtube history)

So for this reason, Google doesn’t like users to do something that might be insecure and this is the case with Manager.

Solution? Create secondary Gmail account with different password which will be used just for sending emails only. Google will still complain about “less secure app” as a general precaution but that’s OK because you know what you are doing.

Not to distract from the OP’s question, but I thought that I would explain this point.

Port 465 is technically deprecated and the people who develop standards want people to use 587 Starttls. However they both use TLS - the SSL option on many programs does not necessarily mean SSL - the protocol being used could be SSL or TLS. Programmers just use the term SSL to mean select encryption.

Without getting too technical, after much research I went with Port 465 as the more secure option as the initial handshake of 587 is not secure.

In short both are equally secure (although as far as I am concerned port 465 is slightly more secure)- the prime reason why they want to deprecate port 465 is because you need two ports for encrypted/non encrypted whereas with port 587 only one port was needed. However, this is no longer relevant in my opinion as nobody should be use unencrypted connections anymore!

That’s just my two cents.

Thanks. I appreciate the information, even if I only understand half of it. Just when I think it’s safe to answer someone’s question about email problems, I am reminded why I should always steer clear. :confused:

Thanks, @lubos for your very clear explanation. I must admit, I was a bit unsettled by Google’s description of Manager, but am now reassured!

Thank you also to everyone else for their informative comments. It’s a fascinating subject.

fyi I use gmail with ssl 587 and smtp authentication and works fine