I’ve been using Mailspring in my other computers just fine, recently reinstalled the OS and downloaded it again. When I tried logging in with Gmail it gave me this error:
This app is blocked
This app tried to access sensitive info in your Google Account. To keep your account safe, Google blocked this access.
Context
I can reproduce when trying to log in with Gmail, not sure about others.
I’m having the same issue. I have 2 google accounts connected, and have for a year or two.
Only one account is having this issue, but it’s preventing me from using Mailspring.
Would love to see a developer response in this thread. I’d love to continue to use Mailspring, but I won’t be able to go without a working email client for long. I’ve tried reinstalling, switching from a user to a system-wide flatpak, combed through my google settings to see if I could add an exception to allow connection. Don’t really have any other ideas.
I hope this gets addressed soon, Mailspring is the one email client I’ve been able to get used to, hoping I don’t need to switch.
I read around a bit and this doesn’t seem like something that can be bypassed by the user in google settings or anything. Seems more like Mailspring is not complying with newly enforced security standards by Google.
2 NO [ALERT] Application-specific password required: https://support.google.com/accounts/answer/185833 (Failure)
Basically you have to create an app specific password for Mailspring. Go to this link (Create and manage your app passwords - https://myaccount.google.com/apppasswords ) & create a new app password specific for mailspring. Name the app password whatever you want. Go nuts and name it something like “Mailspring” then you’ll be prompted with that one time password. Copy it with the spaces and everything included.
Now in Mailspring click the Reconnect button in red that you’re prompted with. It’ll give you a link and / or open a new browser window. Don’t connect that way, instead in the mailspring prompt with the link it provides hit the back button and reconnect the account using IMAP. In the Password field you would enter the password you created for the app from the link above. The account should reconnect after those credentials are entered. Just make sure you change the SMTP port to 465.
Interesting. I may give this a go, then. I’d moved on to Thunderbird (which is better than I’d remembered), so I may not return to Mailspring, but I did like it (when it worked)
I’m guessing this would likely solve the 2nd major issue I had with it: it was requiring me to reauthenticate each time I restarted (or logged in to) my OS.
Thank you finally i got mailspring working because I have used this for almost 3 years switching from Thunderbird. just use SMTP instead of Google login create app from https://myaccount.google.com/apppasswords and enter the password
Thank @ameddonado
It’s a shame such a major problem doesn’t get any attention from the team though. This is a strong reason for me to look for a better maintained alternative.
The app password workaround does not appear to work with custom domains. Unless I am missing something. Considering how good em Client is and how much better Thunderbird has become I can’t justify the 45+ minutes I have spent trying to setup only 1 of my 8 accounts. At this rate it will take an entire day just to get Mailspring setup with the basic email connections, nevermind all of the personilaztion.
Not worth it. Even Google doesn’t think this is a good idea!
Hey folks, thanks for your patience here - each year, Google requires that we go through a compliance process for continued access to the Gmail APIs. They’ve changed the process slightly every year - for 2021 and 2022, we paid a third party $15,000 for a several month security audit. In 2023 they didn’t ask us to do anything, and this year there’s a new process involving some automated code scanning and review.
I’m optimistic that Gmail OAuth will be restored in early September, but their process is heavily geared toward simple cloud-based integrations with Gmail and not desktop clients. They want us to “securely store OAuth credentials”, and it’s increasingly difficult to explain that we don’t store them at all, they’re saved in your computer’s keychain and never sent to the cloud.
Long story short:
I expect OAuth for Gmail will work again soon, once we’ve satisfied Google’s updated compliance requirements.
It appears that Google is not blocking all existing Gmail accounts that have authenticated with Mailspring already, so if you’re already logged in you may not need to take any action.
Sorry again for the hassle, I use Gmail with Mailspring myself so this has been very annoying. If you pay fo Mailspring Pro, email me at ben@foundry376.com, I’d be happy to refund your subscription.
Hey folks! Thanks for your patience - it looks like we’ll be through the CASA security audit with TAC Security in the next couple days, and you should be able to add Gmail accounts again very soon. Sorry for the hassle. I’m hopeful that Google sticks with this new process for a few years now that we’ve aligned the app and documentation.