Google is quietly killing Gmail's ability to fetch mail from third-party email accounts using POP3, a long-standing feature that has allowed users to consolidate multiple inboxes into a single Gmail interface. The change takes effect this month and also ends Gmailify, the companion feature that applied Gmail's spam filtering and inbox organization to linked third-party accounts.

Google buried the decision in a support note rather than making any formal announcement. The company's suggested workaround -- switching to IMAP -- doesn't work for all affected users. Users can still access third-party accounts through the Gmail mobile app, but the Gmail service itself will no longer retrieve messages from external providers.

An anonymous reader shared this post from the blog It's FOSS It has been more than two years since K-9 Mail (an open-source email client for Android) joined the Mozilla Thunderbird project. Instead of making a new mobile app from scratch, Mozilla decided to convert K-9 Mail slowly into the new Thunderbird Android app.

While we have known about it for some time now, we finally have something to test: Thunderbird for Android (Beta). Mozilla is looking for users to test it and plans a stable release at the end of October. The new Thunderbird app is now available on the Play Store as a beta version for user testing. So, we are closer to the stable launch than ever before.
The article includes a few screenshots of the app...

"For the functionality side, you can expect things like light/dark theme, email signature, unified inbox, ability to enable/disable contact pictures, threaded view, and opt out of data usage collection for privacy..."

Apple announced some major new features for Mail that finally bring the email app closer to parity with Gmail and other popular email clients. From a report: Perhaps the most useful will be an undo send feature, which will let you call back an email within 10 seconds of hitting the send button. A "remind me" feature will let you set a time for an email to come back to the top of your inbox. A new scheduled send feature that allows you to specify exactly when an email should go out. And Mail will even tell you when it thinks you've forgotten to include an attachment.

"The developer of the open source email client FairEmail pulled all of his applications from Google Play and announced that he would stop development," reports gHacks. The announcement comes shortly after the developer received an email from Google stating that they believed the app was spyware. From the report: FairEmail was a popular email client for Google's Android operating system that was free to use. It was privacy-friendly, had no limitations in regards to email accounts that users could set up in the app, supported unified inbox, conversation threading, two-way synchronizing, support for OpenPGP, and a lot more. Marcel Bokhorst, the developer of the application, announced major changes to the project yesterday on XDA Developers.

Earlier that week, Bokhorst received a policy violation email from Google stating that Google believed that the FairEmail application was spyware. The full statement has not been published, but Bokhorst believes that Google might have misinterpreted the use of favicons in the app. He resubmitted a new version of the application that had the use of favicons removed. The appeal he received as a response "resulted in a standard answer". While the content of the answer is unclear, it appears to have been a generic answer that Google Play Store developers have been frustrated with for a long time. Bokhorst decided to pull the application and all of his other applications from the Google Play Store. The apps won't be maintained and supported anymore according to the info.

Other factors played a role in Bokhorst's decision, including the discrepancy between answering thousands of support questions per month and the application's revenue, and the inability to do something against unfair reviews in the Google Play Store. He considered keeping the applications on GitHub, but this would result in an 98% loss of audience. Google also recently forced Total Commander's developer to remove the ability to install APKs from the File Manager.

If you're looking for an alternative email client, gHacks recommends the open-source app K-9 Mail.

Mail2World hosts mailboxes for 2,150,000 different domains, according to its web site, offering both "free, reliable email for everyone" and a $29.99-a-year "premium" service with a terabyte of storage (instead of the free level's 25 gigabytes), an ad-free inbox, and "premium"-level support.

"We appreciate your understanding as we work to fully restore email service as soon as possible," reads their most-recent tweet — from Thursday.

Slashdot reader C4st13v4n14 is not a happy customer: Since Tuesday evening local time, I haven't been able to access my primary email account. This is an alumni email account I've had for the last 22 years that's tied to all my accounts ranging from not only social media and IOT devices, but also banking, access to health services and contact with local and countrywide government authorities.

My country is highly digitised and virtually everything from taxes to buying or selling a house, paying bills, access to health records and correspondence with hospitals and GPs, driving licences, applying for welfare, and starting a business are online. I don't even get snail mail anymore, everything is sent to a digital mailbox I can access through a browser or app with two-factor authentication. Fortunately, all access control for public-facing services is via two-factor authentication or smartcards with secure certificates for the highly sensitive stuff.

Regardless, the ordeal has been quite distressing as I was unable to find any information about the outage; a little detective work was only giving vague ERR_CONNECTION_RESET and DNS errors. My main thought was that my account had somehow been compromised and even more worryingly, there were no reports online about it. Turning to Reddit, I was able to gather that the provider, Mail2World, had suffered a ransomware attack but had been very uncommunicative about the event. In terms of news coverage, there was basically none. Only one random news site had a short article about it. During the days without access, I was painstakingly moving accounts to my Gmail address and updating contact information for the really important stuff like governmental services. This morning, I got a tip that Jesse over at BlueScreen Computer had reached out to Mail2World and has been documenting the outage.

Since then, some email has started to show up in my mobile app and I'm able to access the web portal again, but I can't help but feel like the damage has been done. This is an account that I pay an annual fee for and have trusted to work until now. I also find being kept in the dark about something so fundamental in today's world like email to be both very concerning and completely unacceptable. In that regard, I'm hoping this will bring some coverage to the event.

I would also like any input you Slashdotters have on migrating to and navigating Gmail. The interface is unfamiliar to an old-school user like me who still uses Eudora to check and save a backup of everything.

By the way, I'd should also like to point out that both POP and SMTP are handled by servers at pangia.biz, and their website has also been unreachable during this. Instead of Gmail, maybe you would recommend a different provider or service altogether? My work email is fortunately completely separate as of a couple years ago and handled by one.com as they host my website. It works, but they aren't anything special really.
It's interesting to imagine the scope of this particular outage. "Our company's growing list of customers includes prominent organizations from around the world," brags the Mail2World web site, "such as publicly-traded corporations, leading academic institutions and some of the largest and most-recognized service providers."

But long-time Slashdot reader OtisSnerd has experienced even worse: This happened with Newsguy.com's email and NNTP offerings back in early September. I had my email address with them for 25 years, and my wife's email for almost 22. It turns out that Newsguy went chapter 7. Luckily we were using pop3 with MS Outlook, so we both still have all the old email. I already had another email account elsewhere, but my wife didn't. Took days to get all her changes made.

Cybercrime and computer security reporter Brian Krebs tells the story of a cybercrime group that compromises up to 100,000 email inboxes per day, and apparently does little else with this access except siphon gift card and customer loyalty program data that can be resold online. From the report: The data in this story come from a trusted source in the security industry who has visibility into a network of hacked machines that fraudsters in just about every corner of the Internet are using to anonymize their malicious Web traffic. For the past three years, the source -- we'll call him "Bill" to preserve his requested anonymity -- has been watching one group of threat actors that is mass-testing millions of usernames and passwords against the world's major email providers each day. Bill said he's not sure where the passwords are coming from, but he assumes they are tied to various databases for compromised websites that get posted to password cracking and hacking forums on a regular basis. Bill said this criminal group averages between five and ten million email authentication attempts daily, and comes away with anywhere from 50,000 to 100,000 of working inbox credentials.

In about half the cases the credentials are being checked via "IMAP," which is an email standard used by email software clients like Mozilla's Thunderbird and Microsoft Outlook. With his visibility into the proxy network, Bill can see whether or not an authentication attempt succeeds based on the network response from the email provider (e.g. mail server responds "OK" = successful access). You might think that whoever is behind such a sprawling crime machine would use their access to blast out spam, or conduct targeted phishing attacks against each victim's contacts. But based on interactions that Bill has had with several large email providers so far, this crime gang merely uses custom, automated scripts that periodically log in and search each inbox for digital items of value that can easily be resold. And they seem particularly focused on stealing gift card data.

"Sometimes they'll log in as much as two to three times a week for months at a time," Bill said. "These guys are looking for low-hanging fruit -- basically cash in your inbox. Whether it's related to hotel or airline rewards or just Amazon gift cards, after they successfully log in to the account their scripts start pilfering inboxes looking for things that could be of value." According to Bill, the fraudsters aren't downloading all of their victims' emails: That would quickly add up to a monstrous amount of data. Rather, they're using automated systems to log in to each inbox and search for a variety of domains and other terms related to companies that maintain loyalty and points programs, and/or issue gift cards and handle their fulfillment. Why go after hotel or airline rewards? Because these accounts can all be cleaned out and deposited onto a gift card number that can be resold quickly online for 80 percent of its value.

An anonymous reader shares a report: If you receive emails flagged as spam or see a warning that a message might be a phishing attempt, it's a sign that your email provider is scanning your emails. The company may do that just to protect you from danger, but in some situations it can delve into your communications for other purposes, as well. Google announced that it would stop scanning Gmail users' email messages for ad targeting in 2017 -- but that doesn't mean it stopped scanning them altogether. Verizon didn't respond to requests for comments about Yahoo and AOL's current practices, but in 2018 the Wall Street Journal reported that both email providers were scanning emails for advertising. And Microsoft scans its Outlook users' emails for malicious content. Here's what major email providers say about why they currently scan users' messages.

Email providers can scan for spam and malicious links and attachments, often looking for patterns. [...] You may see lots of ads in your email inbox, but that doesn't necessarily mean your email provider is using the content of your messages to target you with marketing messages. For instance, like Google, Microsoft says that it refrains from using your email content for ad targeting. But it does target ads to consumers in Outlook, along with MSN, and other websites and apps. The data to do that come from partnering with third-party providers, plus your browsing activity and search history on Bing and Microsoft Edge, as well as information you've given the company, such as your gender, country, and date of birth.

[...] If you're using an email account provided by your employer, an administrator with qualifying credentials can typically access all your incoming and outgoing emails on that account, as well as any documents you create using your work account or that you receive in your work account. This allows companies to review emails as part of internal investigations and access their materials after an employee leaves the company. [...] Law enforcement can request access to emails, though warrants, court orders, or subpoenas may be required. Email providers may reject requests that don't satisfy applicable laws, and may narrow requests that ask for too much information. They may also object to producing information altogether.

Adrianne Jeffries, Leon Yin, and Surya Mattu, reporting for The Markup: Pete Buttigieg is leading at 63 percent. Andrew Yang came in second at 46 percent. And Elizabeth Warren looks like she's in trouble with 0 percent. These aren't poll numbers for the U.S. 2020 Democratic presidential contest. Instead, they reflect which candidates were able to consistently land in Gmail's primary inbox in a simple test. The Markup set up a new Gmail account to find out how the company filters political email from candidates, think tanks, advocacy groups, and nonprofits. We found that few of the emails we'd signed up to receive -- 11 percent -- made it to the primary inbox, the first one a user sees when opening Gmail and the one the company says is "for the mail you really, really want."

Half of all emails landed in a tab called "promotions," which Gmail says is for "deals, offers, and other marketing emails." Gmail sent another 40 percent to spam. For political causes and candidates, who get a significant amount of their donations through email, having their messages diverted into less-visible tabs or spam can have profound effects. "The fact that Gmail has so much control over our democracy and what happens and who raises money is frightening," said Kenneth Pennington, a consultant who worked on Beto O'Rourke's digital campaign. "It's scary that if Gmail changes their algorithms," he added, "they'd have the power to impact our election."

An anonymous reader quotes a report from TechCrunch: Russia has told internet providers to enforce a block against encrypted email provider ProtonMail, the company's chief has confirmed. The block was ordered by the state Federal Security Service, formerly the KGB, according to a Russian-language blog, which obtained and published the order after the agency accused the company and several other email providers of facilitating bomb threats. Several anonymous bomb threats were sent by email to police in late January, forcing several schools and government buildings to evacuate.

In all, 26 internet addresses were blocked by the order, including several servers used to scramble the final connection for users of Tor, an anonymity network popular for circumventing censorship. Internet providers were told to implement the block "immediately," using a technique known as BGP blackholing, a way that tells internet routers to simply throw away internet traffic rather than routing it to its destination. But the company says while the site still loads, users cannot send or receive email. The way the KGB blocked ProtonMail is "particularly sneaky," ProtonMail chief executive Andy Yen said. "ProtonMail is not blocked in the normal way, it's actually a bit more subtle. They are blocking access to ProtonMail mail servers. So Mail.ru -- and most other Russian mail servers -- for example, is no longer able to deliver email to ProtonMail, but a Russian user has no problem getting to their inbox."

"That's because the two ProtonMail servers listed by the order are its back-end mail delivery servers, rather than the front-end website that runs on a different system," adds TechCrunch.

Mark Wilson writes: Ads in your inbox. Sounds like something you'd expect from the likes of Google or Yahoo, but Microsoft appears to be about to get in on the act as well. And we're not talking about online ads in your Outlook.com account -- we're talking about ads in the Mail app that's included with Windows 10. A new report says that Microsoft is currently testing ads with Windows Insiders, so it could be just a matter of time before they spread wider. In a support page, spotted first by news outlet Thurrott, Microsoft says, "Consistent with consumer email apps and services like Outlook.com, Gmail, and Yahoo Mail, advertising allows us to provide, support, and improve some of our products. We're always experimenting with new features and experiences. Currently, we have a pilot running in Brazil, Canada, Australia, and India to get user feedback on ads in Mail."

Update: ZDNet reports that Calendar app for Windows 10 is getting the same treatment.

An anonymous reader shares a report: CloudMagic, the makers of Newton, today announced that Newton Mail is being discontinued. The company is no longer allowing new users to purchase Newton Mail which costs $100 a year, and existing users will be provided with refunds. For those using the monthly subscription plan, it will immediately stop automatically renewing. And for those on the yearly subscription, you will be given a refund on a pro-rata basis. "We explored various business models but couldn't successfully figure out profitability & growth over the long term. It was hard; the market for premium consumer mail apps is not big enough, and it faces stiff competition from high-quality free apps from Google, Microsoft, and Apple," said Rohit Nadhani, the founder and CEO of CloudMagic. All of that makes sense -- when we have companies like Microsoft and Google making brilliant free email clients like Outlook Mobile and Inbox, there really is no space for paid apps like Newton on the market.

It has been nearly two weeks since researchers unveiled "EFAIL," a set of critical software vulnerabilities that allow encrypted email messages to be stolen from within the inbox. The Intercept reports that developers of email clients and encryption plugins are still scrambling to come up with a permanent fix. From the report: Apple Mail is the email client that comes free with every Mac computer, and an open source project called GPGTools allows Apple Mail to smoothly encrypt and decrypt messages using the 23-year-old PGP standard. The day the EFAIL paper was published, GPGTools instructed users to workaround EFAIL by changing a setting in Apple Mail to disable loading remote content. Similarly, the creator of PGP, Phil Zimmermann, co-signed a blog post Thursday stating that EFAIL was "easy to mitigate" by disabling the loading of remote content in GPGTools. But even if you follow this advice and disable remote content, Apple Mail and GPGTools are still vulnerable to EFAIL.

I developed a proof-of-concept exploit that works against Apple Mail and GPGTools even when remote content loading is disabled (German security researcher Hanno Bock also deserves much of the credit for this exploit, more on that below). I have reported the vulnerability to the GPGTools developers, and they are actively working on an update that they plan on releasing soon.

With Google recently rolling out a big revamp of Gmail to mixed reviews, we would like to know which email client you prefer. Are you a firm believe in the "inbox zero" idea -- that is, the approach to email management aimed at keeping the inbox empty, or almost empty, at all times? If you're looking for inspiration, Ars Technica recently published an article highlighting several different email clients used by the editors of the site: Are you the sort of person who needs to read and file every email they get? Or do you delight in seeing an email client icon proudly warning of hundreds or even thousands of unread items? For some, keeping one's email inbox with no unread items is more than just a good idea: it's a way of life, indicating control over the 21st century and its notion of productivity. For others, it's a manifestation of an obsessively compulsive mind. The two camps, and the mindsets behind them, have been a frequent topic of conversation here in the Ars Orbiting HQ. And rather than just argue with each other on Slack, we decided to collate our thoughts about the whole "inbox zero" idea and how, for those who adhere to it, that happens. Some of the clients floated by the editors include: Webmail, Airmail 3, Readdle's Spark, Edison Mail, Sparrow, Inbox by Gmail, and MailSpring.

Emil Protalinski via VentureBeat argues that "Windows Mail is unusable, and instead of improving it, Microsoft is looking to drive users away": Microsoft started forcing Mail to use Edge for email links in Windows 10 build 17623 last month. This week, the company started including Office 365 ads right at the bottom of the app. But even these poor decisions are just extra nails in the coffin. Windows Mail has difficulty sending and receiving email. No, I'm not exaggerating for effect. If you have an email open and Windows Mail detects that a new email has hit your inbox, you'll get a notification. Standard stuff. If, however, you then click on said notification, Windows Mail will take you to the open email message, rather than the one that you just clicked on. That's half of the time. The other half of the time this happens, Windows Mail will crash altogether. Apparently having one email open and trying to open another one that just came in is overwhelming for Windows Mail. But that's not the end of it.

Windows Mail is also notorious for not sending emails. Multiple times a week, I open an email, hit reply, type out a quick message, hit send, and alt-tab back to Chrome or Word. Any normal email client will send the message despite the app not being the active window. With Windows Mail, countless times I have wondered why I never got heard back to a specific reply, only to discover hours later, and completely by accident, that the message is still a draft. It's not even sitting in my outbox -- it's just a fucking draft. I end up debating whether to send the email hours late, or if it doesn't make sense to send it anymore. That's not a decision I should have to make. There are of course small features I would like to see added to Windows Mail, like being able to set formatted signatures (as opposed to just plain text), but that's hardly a priority. Windows Mail is unusable, which means Windows 10 doesn't come with an email client. That's incredibly sad.

Reader BrianFagioli writes: Today, Microsoft announced a new Gmail experience for Windows 10. While only available for Windows Insiders as of today, it uses the same concept as the Outlook mobile app, but for the Mail and Calendar apps. Microsoft will provide you with an arguably improved experience as long as you are OK with storing all of your Gmail messages in Microsoft's cloud. What types of features will the new experience offer? Things such as tracking packages, getting updated on your favorite sports teams, and a focused inbox. "To power these new features, we'll ask your permission to sync a copy of your email, calendar and contacts to the Microsoft Cloud. This will allow new features to light up, and changes to update back and forth with Gmail -- such as creation, edit or deletion of emails, calendar events and contacts. But your experience in Gmail.com or apps from Google will not change in any way."

Last week Google released E2EMail, "a Gmail client that exchanges OpenPGP mail." Google's documentation promises that "Any email sent from the app is also automatically signed and encrypted... The target is a simple user experience -- install app, approve permissions, start reading or send sending messages." Trailrunner7 quotes On The Wire: People have been trying to find a replacement for PGP almost since the day it was released, and with limited success. Encrypted email is still difficult to use and painful to implement in most cases, but Google has just released a Chrome plugin designed to address those problems. The new E2EMail extension doesn't turn a user's Gmail inbox into an encrypted mail client. Rather, it is a replacement that gives users a separate inbox for encrypted messages. The system is built on Google's end-to-end encryption library, and the company has released E2EMail as an open-source project.
Wired quotes a web security researcher who calls the open sourcing "a telltale sign the project isn't going anywhere. This is a way for them to get their work out there but to absolve themselves of future obligations." But Google's privacy and security product manager responds that they're tackling some very thorny issues like secure key handling, and "The reason we want to put this into the open source community is precisely because everyone cares about this so much. We don't want everyone waiting for Google to get something done."

Yahoo says it has fixed a severe security vulnerability in its email service that allowed an attacker to read a victim's email inbox. From a report on ZDNet: The cross-site scripting (XSS) attack only required a victim to view an email in Yahoo Mail. The internet giant paid out $10,000 to security researcher Jouko Pynnonen for privately disclosing the flaw through the HackerOne bug bounty, In a write-up, Pynnonen said that the flaw was similar to last year's Yahoo Mail bug, which similarly let an attacker compromise a user's account. Yahoo filters HTML messages to ensure that malicious code won't make it through into the user's browser, but the researcher found that the filters didn't catch all of the malicious data attributes.

New submitter Miche67 writes: As part of the July 2016 update to Office 365, Microsoft is adding several features across the board to Word, PowerPoint and Outlook. Word, however, is getting the biggest new features -- Researcher and Editor -- to improve your writing. "As its name implies, Researcher is designed to help the user find reliable sources of information by using the Bing Knowledge Graph to search for sources, and it will properly cite them in the Word document," reports Network World. "[Editor] builds on the already-existing spellchecker and thesaurus to offer suggestions on how to improve your overall writing. In addition to the wavy red line under a misspelled word and the wavy blue line under bad grammar, there will be a gold line for writing style." The new features are expected to be available later this year. In addition to the two new features added to PowerPoint last year -- Designer and Morph, Microsoft is offering Zoom, a feature that lets you easily create "interactive, non-linear presentations." "Instead of the 1-2-3-4 linear method of presenting slides, forcing you to place them all in the order you wish to display, presenters will be able to show their slides in any order they want at any time," reports Network World. "This way you can change your presentation order as needed without having to stop PowerPoint or interrupt the display." As for Outlook, Focused Inbox is coming to Office 365. Focused Inbox separates your inbox into two tabs. The "Focused" tab is where all of your high-priority emails will be found, while everything else will be in the "Other" tab. Outlook will learn from your behavior over time and sort your mail accordingly. In addition, @mentions are coming to Outlook 365 and Outlook for PC and Mac, "making it easy to identify emails that need your attention, as well as flag actions for others."

An anonymous reader writes: Yahoo! has fixed a cross-site scripting bug that would have allowed attackers to fully compromise email accounts just by sending a malicious email. To lose control over their accounts, victims needed only to open the email. The researcher who discovered the bug said, "The code would be automatically evaluated when the message was viewed. ... We provided Yahoo with a proof of concept email that would forward the victim user's inbox to an external website, and an email virus which infects the Yahoo Mail account and attaches itself to all outgoing emails. The bug was fixed before any known exploits 'in the wild.'" Yahoo!'s bounty program awarded $10,000 for the research.

schwit1 writes: The first rule of "Project Bookend" is that you don't talk about "Project Bookend." In retrospect, maybe the first rule should have been "you don't accidentally e-mail 'Project Bookend' to a news agency," because as the Guardian reports, one of its editors opened his inbox and was surprised to find a message from the BOE's Head of Press Jeremy Harrison outlining the UK financial market equivalent of the Manhattan project. Project Bookend is a secret (or 'was' a secret) initiative undertaken by the BOE to study what the fallout might be from a potential 'Brexit', but if anyone asked what Sir Jon Cunliffe and a few senior staffers were up to, they were instructed to say that they were busy investigating "a broad range of European economic issues." And if you haven't heard the term before, "Brexit" refers to the possibility of Britain leaving the EU -- one of the possible outcomes of an upcoming referendum.