Skip to main content


Google caught by Gmail's spam-filter

Guess what showed up in my Gmail spam-box today. A (genuine) Security Alert from Google!


#spamfilter #security #gmail #google #bug
Meanwhile, I get the same email when I try to check my email with the built-in email client on my flip phone that doesn't run Android. Gee, I wonder why?
I do have the "allow less secure apps" thing enabled -- I need it to use literally any desktop email client that I could possibly use since Google thinks they're all not secure. I don't see why *disabling* it would allow me to sign in on what is pretty much just the same thing but on a flip phone...

As for the security thing: I use Free (as in speech) Software exclusively and tend to stick with software which has a large community around it, so I would argue that as long as I have my email client set to use an encrypted connection (preferably with TLS), I'm fairly secure regardless of what Google thinks. No security is absolute anyway, not even OAuth.

I can't really speak for the security of my flip phone, I doubt it's fully open source. I tried using it exactly once for email when I really needed to access my email in public and didn't have my laptop with me -- not that it did me any good since Google blocked it as "suspicious". I was trying to imply that the reason Google blocked it was probably because it wasn't a Google-approved device (e.g. those running Android).
Oh, I see. In that case you already know all about it.

The reason I got the notification just now was, I gave my credentials to the hot-chilli service to set up an XMPP bridge. Google blocked it and asked "was this you?"; when I said "yes, it was me" and tried again it worked. You could see if that works. But I wouldn't be surprised if Google is also blocking access for non-Google-approved devices as you said. They're certainly trying very hard (calling it "less secure apps" and all).
The problem with telling Google "this was me" is having web access, which is marginal at best on a flip phone. I really only wanted it for a telephone anyway, and this was a one-off event for me.

Personally, I don't trust a company that's into tracking me and using me as their product to tell me what's secure and what's not...