go-gomail / gomail

The best way to send emails in Go.
MIT License
4.37k stars 577 forks source link

Sign-in attempt prevented #49

Closed jonpchin closed 8 years ago

jonpchin commented 8 years ago

Hello I am using your gomail to login to Gmail to send activation emails for my website. However I got this in my email saying:

"Sign-in attempt prevented

Hi xxxxxx, Someone just tried to sign in to your Google Account xxxxxxx@gmail.com from an app that doesn't meet modern security standards.

"We strongly recommend that you use a secure app, like Gmail, to access your account. All apps made by Google meet these security standards. Using a less secure app, on the other hand, could leave your account vulnerable."

How do I make my signing attempt more secure? I used the standard d := gomail.NewPlainDialer("smtp.gmail.com", 587, "xxxx@gmail.com", secretpass) to send the gmail. Any tips?

jonpchin commented 8 years ago

I turned off the option in Gmail to allow "less secure apps" and it works now. But I still feel a little worried about my app being "less secure". Is there any way to make it more secure?

pedromorgan commented 8 years ago

This is probably to do with the "ssh/encrypt" stuff...tls etc...

alexcesaro commented 8 years ago

You have to implement the XOAUTH2 authentication mechanism. It is not as difficult as it sounds.

I might have it somewhere. I will try to find it.

jonpchin commented 8 years ago

If its just google being paranoid then don't sweat it. I just wanted to make sure I wasn't making myself wide open to hackers.

alexcesaro commented 8 years ago

You received this email because you are using your Google Account password to send emails. Which means your password is somewhere in your code or in a configuration file.

If you don't want to use the "less secure apps" option, you can create an App password and use that password in your code. This password have restricted permissions and can be revoked anytime so it is more secure.