JACMail Version 4 Back to Home Page

JACMail Version 4.0 is very similar to previous Versions. I was forced into adding TLS (Transport Layer Security) support when my ESP (Telus) moved to the Gmail platform. TLS 1.0 & 1.1 are both considered deprecated, and only a small portion of TLS 1.2 supports PFS (Perfect Forward Secrecy), so this version of JACMail only supports TLS 1.3 using curves ECDH_P256, ECDH_384, or ECDH_521.

Gmail & others enforce the use of TLS on their platform. They say that it makes your email more secure, but as the name suggests, TLS only protects your email during a single transport leg. Not all MTAs (Mail Transport Agents) support it, and mail is stored on the servers unencrypted. The only way to truly protect your email is end-to-end encryption, but not having access to the email contents would make spam filtering next to impossible. To be truly secure requires end-to-end encryption and enforced sender authentication. The primary purpose of TLS in this situation is to make it difficult for hackers to learn your password (difficult but not impossible).

JACMail is an Email Client Program designed to allow fast and efficient recovery of email from a POP3 server, and the sending of email through an SMTP server. It is primarily oriented towards text based messaging with attachments, and does not directly support highly formatted HTML based email or embedded objects. It receives and stores both text/plain and text/html messages. JACMail does not support HTML directly, but offers a single click export to your default browser for viewing. Virtually all malware and most spam is distributed using HTML because HTML offers executable scripts. JACMail does support attachments and spell checking.

An online help file is available here. Although it is for the original version, from a user's perspective it is essentially the same.

Setting up an email account can be a bit challenging at times. To make it easier, routines have been provided to test POP3 on port 995 and SMTP on port 465. JACMail does not support port 587 (STARTTLS). Although "Allow less secure Apps" still works with Gmail, there have been strong hints that Gmail will soon stop offering this feature. A good alternative is 2FA (2 Factor Authentication) and App Password. App Password is a 16 byte random string assigned by Gmail.

When checking for mail, you are prompted to enter the password. This is done once per session. Gmail requires sender authentication as well. When you enter the SMTP Password, a Base64 encoded User/Password string is saved, and that is why the Password field appears blank. Because the 16 byte App Password can be difficult to remember, a feature has been added to extract the password by using [Ctrl-p]. Note that you don't have to use the same account for both POP3 and SMTP. I would be doing this myself, but my third party supplier does not support TLS 1.3 yet.

Gmail's implementation of POP3 is a little different than standard implementations. Rather than allow the user to decide what messages have been viewed, it tags messages that have been viewed via POP3. This is separate from messages that have been viewed by the browser. That means that you cannot download messages to more than 1 client via POP3, and deleting messages via POP3 becomes redundant. To delete messages from the server, use the browser version.

Back to Top

| Home Page