Security with Mail Attachment Downloader

Security with Mail Attachment Downloader

Support for TLS

The program supports TLS over IMAP and POP3 for transport security when connecting to a mail server. Only connections presenting valid certificates are accepted. This is turned on by default for most common mail servers and you can configure this if you are connecting to your own server. The program does not support the less secure STARTTLS protocol (refer here for reasons this is insecure). 

Support for OAuth

For Gmail the program supports OAuth in that we only store a long-lived token instead of your password on the system. To enable OAuth in Gmail, you will need to *disable* access to less secure apps

Secure storage of passwords and tokens

Moreover, all credential information (like passwords or tokens) are securely stored in the windows credential manager for the account on your local machine. That is, they can't be accessed or tampered with without the right authorization. 

Logging and external communications

No credential information (such as passwords or tokens) are logged on the system or sent elsewhere. For example, when you enable verbose logging, your password or tokens are never logged in the logging files. Moreover, there are no instances where the program will communicate any credential information to any external party, servers or entities outside of the system where it is installed except to the mail server that requires the credentials. 

Two factor authentication

In addition to this, you can enable two factor authentication for most mail service providers, in which case you will generate an application specific password. For gmail, refer here to generate an app specific password.

Questions?

If you have questions about security, please email us.

    • Related Articles

    • Troubleshoot: Attachment problems or issues -- send us logs

      Before contacting support, it is important that you follow these three steps and provide the following information: Version and build of the program you are on Brief problem description Steps to reproduce the issue and if it is intermittent or ...

    • Why does it download all my mail?

      The program identifies new mail based on when it last succesfully downloaded attachments. So when you run it for the first time, since no attachments have been downloaded yet, it will download all mail attachments in your email inbox after which it ...

    • Yahoo Mail IMAP connectivity problems or issues

      If you are trying to connect to Yahoo, the program needs a few settings changes to work. This is because while Yahoo has allowed certain popular email programs access, they are still working on providing OAuth enabled programs access to their mail ...

    • I received the "Google Account: sign-in attempt blocked" email?

      The program tries to log you in with your supplied password. Google has enabled higher security by default now, so when the program tries to connect with the password you supplied, Google will deny the login attempt even though your password may be ...

    • Office365 or Outlook permissions

      Access to Office365 or Outlook.com requires the use of Exchange Web Services (or EWS). This is the service that Mail Attachment Downloader connects to. The program uses secure modern authentication (OAuth 2) to connect to Microsoft servers. Once ...