How do email clients “send later” without storing a password?What is the most reliable way to transfer emails without specific recipient support?Is it unsafe to allow apps other than Outlook to send email via the Exchange server?How (in)secure is POP/IMAP/SMTPEmail account password change via email-to-scriptHow webmail's authorisation should work?Reconcile IMAP4 RFC with No RC4 RFCWhat precautions should I take before letting users send email through my app?Active Directory “Forgot password” feature without email or textHow to harvest plaintext passwords from emails

Translate the French quote "Il n’y a pas d'amour, il n’y a que des preuves d’amour" to English?

How can I find out where to buy uncommon (for the location) items while traveling?

What is the difference between "mère" and "mère de famille"?

How can a bigfoot hide from satellites?

Lost Time at Motel?

What are these color strips for?

YALMIP-like modeling environment in Python

How can player characters, creatures and NPCs heal plants?

70's and probably older story sentient bears on Earth and "ape-like" refugees

Is CCing the manager in first e-mail regarding urgent matter considered escalation?

Would a warhorse allow its rider to approach a Dragon at all?

Does the amount owed listed in my account on irs.gov include both federal and state taxes owed?

What is the difference between chemical equilibrium and dynamic equilibrium?

Using a sealant to stop a toilet tank leak

Can Veil of Summer force an opponent to target their own creatures with Swift End when Lucky Clover is on the battlefield?

Substitute Unprintable ASCII Characters

Could dinosaurs breathe modern air?

How was the Luftwaffe able to destroy nearly 4000 Soviet aircraft in 3 days of operation Barbarossa?

Can I use toggle bolts to mount a tv on a barnwood wall?

Should I present forged documents in a Penetration Test/Red team engagement?

How can I simplify a radical in the numerator?

Physical interpretation of gamma matrices

If I fill a field through a dropdown menu in QGIS, will the content still be there in after importing the shapefile into a different GIS programme?

Are silicone socks safe?



How do email clients “send later” without storing a password?


What is the most reliable way to transfer emails without specific recipient support?Is it unsafe to allow apps other than Outlook to send email via the Exchange server?How (in)secure is POP/IMAP/SMTPEmail account password change via email-to-scriptHow webmail's authorisation should work?Reconcile IMAP4 RFC with No RC4 RFCWhat precautions should I take before letting users send email through my app?Active Directory “Forgot password” feature without email or textHow to harvest plaintext passwords from emails






.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;









39


















Email clients like Spark for macOS have a feature where a user can send an email later, at any given time, even when the computer is turned off. An SMTP server needs a password based authentication, though.



Does that mean that if I use Spark to send an email later, my password gets sent over to Spark servers in plaintext, so that they can authorize on the SMTP server later? Or is there a different method?






encryption passwords email smtp imap







share|improve this question




















  • 2





    I dont know how Spark works but you dont need the password in order to send an email. Its basically how graylist works

    – vx3r
    Sep 10 at 4:11






  • 21





    I dispute your premise that "an SMTP server needs a password based authentication", albeit that it is common for them to be set up that way.

    – Jon Bentley
    Sep 10 at 11:38







  • 4





    This could also be implemented using the Future Message Release extension for SMTP, though apparently that’s not what Spark is doing.

    – caw
    Sep 10 at 16:58











  • "even when the computer is turned off" - then who will send the email (later)?

    – i486
    Sep 13 at 10:49











  • @caw FMR sounds like good feature but I think the question is not for this. "Later" is later, not specific moment.

    – i486
    Sep 13 at 11:17

















39


















Email clients like Spark for macOS have a feature where a user can send an email later, at any given time, even when the computer is turned off. An SMTP server needs a password based authentication, though.



Does that mean that if I use Spark to send an email later, my password gets sent over to Spark servers in plaintext, so that they can authorize on the SMTP server later? Or is there a different method?






encryption passwords email smtp imap







share|improve this question




















  • 2





    I dont know how Spark works but you dont need the password in order to send an email. Its basically how graylist works

    – vx3r
    Sep 10 at 4:11






  • 21





    I dispute your premise that "an SMTP server needs a password based authentication", albeit that it is common for them to be set up that way.

    – Jon Bentley
    Sep 10 at 11:38







  • 4





    This could also be implemented using the Future Message Release extension for SMTP, though apparently that’s not what Spark is doing.

    – caw
    Sep 10 at 16:58











  • "even when the computer is turned off" - then who will send the email (later)?

    – i486
    Sep 13 at 10:49











  • @caw FMR sounds like good feature but I think the question is not for this. "Later" is later, not specific moment.

    – i486
    Sep 13 at 11:17













39













39









39


3






Email clients like Spark for macOS have a feature where a user can send an email later, at any given time, even when the computer is turned off. An SMTP server needs a password based authentication, though.



Does that mean that if I use Spark to send an email later, my password gets sent over to Spark servers in plaintext, so that they can authorize on the SMTP server later? Or is there a different method?






encryption passwords email smtp imap







share|improve this question














Email clients like Spark for macOS have a feature where a user can send an email later, at any given time, even when the computer is turned off. An SMTP server needs a password based authentication, though.



Does that mean that if I use Spark to send an email later, my password gets sent over to Spark servers in plaintext, so that they can authorize on the SMTP server later? Or is there a different method?






encryption passwords email smtp imap




encryption passwords email smtp imap






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Sep 10 at 3:27









NikxDaNikxDa

7531 gold badge3 silver badges10 bronze badges




7531 gold badge3 silver badges10 bronze badges










  • 2





    I dont know how Spark works but you dont need the password in order to send an email. Its basically how graylist works

    – vx3r
    Sep 10 at 4:11






  • 21





    I dispute your premise that "an SMTP server needs a password based authentication", albeit that it is common for them to be set up that way.

    – Jon Bentley
    Sep 10 at 11:38







  • 4





    This could also be implemented using the Future Message Release extension for SMTP, though apparently that’s not what Spark is doing.

    – caw
    Sep 10 at 16:58











  • "even when the computer is turned off" - then who will send the email (later)?

    – i486
    Sep 13 at 10:49











  • @caw FMR sounds like good feature but I think the question is not for this. "Later" is later, not specific moment.

    – i486
    Sep 13 at 11:17












  • 2





    I dont know how Spark works but you dont need the password in order to send an email. Its basically how graylist works

    – vx3r
    Sep 10 at 4:11






  • 21





    I dispute your premise that "an SMTP server needs a password based authentication", albeit that it is common for them to be set up that way.

    – Jon Bentley
    Sep 10 at 11:38







  • 4





    This could also be implemented using the Future Message Release extension for SMTP, though apparently that’s not what Spark is doing.

    – caw
    Sep 10 at 16:58











  • "even when the computer is turned off" - then who will send the email (later)?

    – i486
    Sep 13 at 10:49











  • @caw FMR sounds like good feature but I think the question is not for this. "Later" is later, not specific moment.

    – i486
    Sep 13 at 11:17







2




2





I dont know how Spark works but you dont need the password in order to send an email. Its basically how graylist works

– vx3r
Sep 10 at 4:11





I dont know how Spark works but you dont need the password in order to send an email. Its basically how graylist works

– vx3r
Sep 10 at 4:11




21




21





I dispute your premise that "an SMTP server needs a password based authentication", albeit that it is common for them to be set up that way.

– Jon Bentley
Sep 10 at 11:38






I dispute your premise that "an SMTP server needs a password based authentication", albeit that it is common for them to be set up that way.

– Jon Bentley
Sep 10 at 11:38





4




4





This could also be implemented using the Future Message Release extension for SMTP, though apparently that’s not what Spark is doing.

– caw
Sep 10 at 16:58





This could also be implemented using the Future Message Release extension for SMTP, though apparently that’s not what Spark is doing.

– caw
Sep 10 at 16:58













"even when the computer is turned off" - then who will send the email (later)?

– i486
Sep 13 at 10:49





"even when the computer is turned off" - then who will send the email (later)?

– i486
Sep 13 at 10:49













@caw FMR sounds like good feature but I think the question is not for this. "Later" is later, not specific moment.

– i486
Sep 13 at 11:17





@caw FMR sounds like good feature but I think the question is not for this. "Later" is later, not specific moment.

– i486
Sep 13 at 11:17










2 Answers
2






active

oldest

votes


















63



















Sparks stores your account credentials on their systems. This is also described in their privacy policy:




  1. INFORMATION WE COLLECT AND HOW WE USE THIS INFORMATION

Auth login or mail server credentials: Spark requires your credentials
to log into your mail system in order to receive, search, compose and
send email messages and other communication. Without such access, our
Product won’t be able to provide you with the necessary communication
experience. In order for you to take full advantage of additional App
and Service features, such as “send later”, “sync between devices” and
where allowed by Apple – “push notifications” we use Spark Services.
Without using these services, none of the features mentioned above
will function.







share|improve this answer


























  • But does it work the same with other services like Gmail or Outlook ?

    – Deunis
    Sep 10 at 8:57






  • 23





    @Deunis: It works for all mail providers you use with Spark. As for other providers which have this feature: on the one side providers like Google (Gmail) or Outlook (Microsoft) already have your credentials which you use for their own service. On the other side they have already authenticated that this mails comes from you and thus can send it later.

    – Steffen Ullrich
    Sep 10 at 11:29







  • 11





    @SteffenUllrich I hope Google (GMail) doesn't have my credentials but just a hash of my password. For something like „send later“ via other providers you really need the password.

    – BlackJack
    Sep 10 at 15:54






  • 8





    For platforms like Gmail such features can be implemented without actually storing your password. Gmail has OAuth authentication for 3rd party access. So the client just needs your permission (you will be redirected to Google account page for this) and then Gmail will send a cryptographic token that the client needs to store. The advantage of this is that at any time you can open your Google account page and revoke any token you no longer trust/need

    – slebetman
    Sep 11 at 9:02






  • 1





    Your credentials towards google are basically just for identifying you to google anyhow. Google could send anything they want in your name, anytime. if you don't sign your messages yourself with a key that google doesn't have there's no getting around that.

    – Lassi Kinnunen
    Sep 12 at 8:47


















12



















Any online service that acts on your behalf with other network services will normally need to store the credentials needed for those other services. While there are other ways to implement authenticate between services, such as OAuth2, in practice very few services implement such mechanisms. So when an online application needs to perform on your behalf, it mimics a client application like a web browser or mail client.



For example, personal finance applications (e.g. Mint) often provide a way to view all your financial accounts (bank accounts, credit cards, brokerages, mortgages, etc.) in one place. They require you to enter the username and password (and maybe even security questions) for each of those services, so that they can login and download the information.






share|improve this answer




























  • To be clear, keychain password's isn't stored in plaintext.

    – Alexander
    Sep 10 at 23:12






  • 1





    The question is about a service (spark) that sends emails on behalf of the OP when he has his computer off, using a third party mail provider. You are describing the process without taking into account the middleman.

    – Ángel
    Sep 11 at 0:47











  • @Ángel I didn't know what Spark is, the question says it's an email client, so I assumed it was a local application like Mail or Thunderbird.

    – Barmar
    Sep 11 at 14:39






  • 1





    But "even when the computer is turned off" should have been a clue :)

    – Barmar
    Sep 11 at 14:40











  • This is not necessarily true. Online services acting as a middleman could store an authorization token without storing the credentials themselves.

    – jamesdlin
    Sep 11 at 16:42












Your Answer








StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "162"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);














draft saved

draft discarded
















StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f216785%2fhow-do-email-clients-send-later-without-storing-a-password%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown


























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes









63



















Sparks stores your account credentials on their systems. This is also described in their privacy policy:




  1. INFORMATION WE COLLECT AND HOW WE USE THIS INFORMATION

Auth login or mail server credentials: Spark requires your credentials
to log into your mail system in order to receive, search, compose and
send email messages and other communication. Without such access, our
Product won’t be able to provide you with the necessary communication
experience. In order for you to take full advantage of additional App
and Service features, such as “send later”, “sync between devices” and
where allowed by Apple – “push notifications” we use Spark Services.
Without using these services, none of the features mentioned above
will function.







share|improve this answer


























  • But does it work the same with other services like Gmail or Outlook ?

    – Deunis
    Sep 10 at 8:57






  • 23





    @Deunis: It works for all mail providers you use with Spark. As for other providers which have this feature: on the one side providers like Google (Gmail) or Outlook (Microsoft) already have your credentials which you use for their own service. On the other side they have already authenticated that this mails comes from you and thus can send it later.

    – Steffen Ullrich
    Sep 10 at 11:29







  • 11





    @SteffenUllrich I hope Google (GMail) doesn't have my credentials but just a hash of my password. For something like „send later“ via other providers you really need the password.

    – BlackJack
    Sep 10 at 15:54






  • 8





    For platforms like Gmail such features can be implemented without actually storing your password. Gmail has OAuth authentication for 3rd party access. So the client just needs your permission (you will be redirected to Google account page for this) and then Gmail will send a cryptographic token that the client needs to store. The advantage of this is that at any time you can open your Google account page and revoke any token you no longer trust/need

    – slebetman
    Sep 11 at 9:02






  • 1





    Your credentials towards google are basically just for identifying you to google anyhow. Google could send anything they want in your name, anytime. if you don't sign your messages yourself with a key that google doesn't have there's no getting around that.

    – Lassi Kinnunen
    Sep 12 at 8:47















63



















Sparks stores your account credentials on their systems. This is also described in their privacy policy:




  1. INFORMATION WE COLLECT AND HOW WE USE THIS INFORMATION

Auth login or mail server credentials: Spark requires your credentials
to log into your mail system in order to receive, search, compose and
send email messages and other communication. Without such access, our
Product won’t be able to provide you with the necessary communication
experience. In order for you to take full advantage of additional App
and Service features, such as “send later”, “sync between devices” and
where allowed by Apple – “push notifications” we use Spark Services.
Without using these services, none of the features mentioned above
will function.







share|improve this answer


























  • But does it work the same with other services like Gmail or Outlook ?

    – Deunis
    Sep 10 at 8:57






  • 23





    @Deunis: It works for all mail providers you use with Spark. As for other providers which have this feature: on the one side providers like Google (Gmail) or Outlook (Microsoft) already have your credentials which you use for their own service. On the other side they have already authenticated that this mails comes from you and thus can send it later.

    – Steffen Ullrich
    Sep 10 at 11:29







  • 11





    @SteffenUllrich I hope Google (GMail) doesn't have my credentials but just a hash of my password. For something like „send later“ via other providers you really need the password.

    – BlackJack
    Sep 10 at 15:54






  • 8





    For platforms like Gmail such features can be implemented without actually storing your password. Gmail has OAuth authentication for 3rd party access. So the client just needs your permission (you will be redirected to Google account page for this) and then Gmail will send a cryptographic token that the client needs to store. The advantage of this is that at any time you can open your Google account page and revoke any token you no longer trust/need

    – slebetman
    Sep 11 at 9:02






  • 1





    Your credentials towards google are basically just for identifying you to google anyhow. Google could send anything they want in your name, anytime. if you don't sign your messages yourself with a key that google doesn't have there's no getting around that.

    – Lassi Kinnunen
    Sep 12 at 8:47













63















63











63









Sparks stores your account credentials on their systems. This is also described in their privacy policy:




  1. INFORMATION WE COLLECT AND HOW WE USE THIS INFORMATION

Auth login or mail server credentials: Spark requires your credentials
to log into your mail system in order to receive, search, compose and
send email messages and other communication. Without such access, our
Product won’t be able to provide you with the necessary communication
experience. In order for you to take full advantage of additional App
and Service features, such as “send later”, “sync between devices” and
where allowed by Apple – “push notifications” we use Spark Services.
Without using these services, none of the features mentioned above
will function.







share|improve this answer














Sparks stores your account credentials on their systems. This is also described in their privacy policy:




  1. INFORMATION WE COLLECT AND HOW WE USE THIS INFORMATION

Auth login or mail server credentials: Spark requires your credentials
to log into your mail system in order to receive, search, compose and
send email messages and other communication. Without such access, our
Product won’t be able to provide you with the necessary communication
experience. In order for you to take full advantage of additional App
and Service features, such as “send later”, “sync between devices” and
where allowed by Apple – “push notifications” we use Spark Services.
Without using these services, none of the features mentioned above
will function.








share|improve this answer













share|improve this answer




share|improve this answer










answered Sep 10 at 8:31









Steffen UllrichSteffen Ullrich

134k17 gold badges238 silver badges311 bronze badges




134k17 gold badges238 silver badges311 bronze badges















  • But does it work the same with other services like Gmail or Outlook ?

    – Deunis
    Sep 10 at 8:57






  • 23





    @Deunis: It works for all mail providers you use with Spark. As for other providers which have this feature: on the one side providers like Google (Gmail) or Outlook (Microsoft) already have your credentials which you use for their own service. On the other side they have already authenticated that this mails comes from you and thus can send it later.

    – Steffen Ullrich
    Sep 10 at 11:29







  • 11





    @SteffenUllrich I hope Google (GMail) doesn't have my credentials but just a hash of my password. For something like „send later“ via other providers you really need the password.

    – BlackJack
    Sep 10 at 15:54






  • 8





    For platforms like Gmail such features can be implemented without actually storing your password. Gmail has OAuth authentication for 3rd party access. So the client just needs your permission (you will be redirected to Google account page for this) and then Gmail will send a cryptographic token that the client needs to store. The advantage of this is that at any time you can open your Google account page and revoke any token you no longer trust/need

    – slebetman
    Sep 11 at 9:02






  • 1





    Your credentials towards google are basically just for identifying you to google anyhow. Google could send anything they want in your name, anytime. if you don't sign your messages yourself with a key that google doesn't have there's no getting around that.

    – Lassi Kinnunen
    Sep 12 at 8:47

















  • But does it work the same with other services like Gmail or Outlook ?

    – Deunis
    Sep 10 at 8:57






  • 23





    @Deunis: It works for all mail providers you use with Spark. As for other providers which have this feature: on the one side providers like Google (Gmail) or Outlook (Microsoft) already have your credentials which you use for their own service. On the other side they have already authenticated that this mails comes from you and thus can send it later.

    – Steffen Ullrich
    Sep 10 at 11:29







  • 11





    @SteffenUllrich I hope Google (GMail) doesn't have my credentials but just a hash of my password. For something like „send later“ via other providers you really need the password.

    – BlackJack
    Sep 10 at 15:54






  • 8





    For platforms like Gmail such features can be implemented without actually storing your password. Gmail has OAuth authentication for 3rd party access. So the client just needs your permission (you will be redirected to Google account page for this) and then Gmail will send a cryptographic token that the client needs to store. The advantage of this is that at any time you can open your Google account page and revoke any token you no longer trust/need

    – slebetman
    Sep 11 at 9:02






  • 1





    Your credentials towards google are basically just for identifying you to google anyhow. Google could send anything they want in your name, anytime. if you don't sign your messages yourself with a key that google doesn't have there's no getting around that.

    – Lassi Kinnunen
    Sep 12 at 8:47
















But does it work the same with other services like Gmail or Outlook ?

– Deunis
Sep 10 at 8:57





But does it work the same with other services like Gmail or Outlook ?

– Deunis
Sep 10 at 8:57




23




23





@Deunis: It works for all mail providers you use with Spark. As for other providers which have this feature: on the one side providers like Google (Gmail) or Outlook (Microsoft) already have your credentials which you use for their own service. On the other side they have already authenticated that this mails comes from you and thus can send it later.

– Steffen Ullrich
Sep 10 at 11:29






@Deunis: It works for all mail providers you use with Spark. As for other providers which have this feature: on the one side providers like Google (Gmail) or Outlook (Microsoft) already have your credentials which you use for their own service. On the other side they have already authenticated that this mails comes from you and thus can send it later.

– Steffen Ullrich
Sep 10 at 11:29





11




11





@SteffenUllrich I hope Google (GMail) doesn't have my credentials but just a hash of my password. For something like „send later“ via other providers you really need the password.

– BlackJack
Sep 10 at 15:54





@SteffenUllrich I hope Google (GMail) doesn't have my credentials but just a hash of my password. For something like „send later“ via other providers you really need the password.

– BlackJack
Sep 10 at 15:54




8




8





For platforms like Gmail such features can be implemented without actually storing your password. Gmail has OAuth authentication for 3rd party access. So the client just needs your permission (you will be redirected to Google account page for this) and then Gmail will send a cryptographic token that the client needs to store. The advantage of this is that at any time you can open your Google account page and revoke any token you no longer trust/need

– slebetman
Sep 11 at 9:02





For platforms like Gmail such features can be implemented without actually storing your password. Gmail has OAuth authentication for 3rd party access. So the client just needs your permission (you will be redirected to Google account page for this) and then Gmail will send a cryptographic token that the client needs to store. The advantage of this is that at any time you can open your Google account page and revoke any token you no longer trust/need

– slebetman
Sep 11 at 9:02




1




1





Your credentials towards google are basically just for identifying you to google anyhow. Google could send anything they want in your name, anytime. if you don't sign your messages yourself with a key that google doesn't have there's no getting around that.

– Lassi Kinnunen
Sep 12 at 8:47





Your credentials towards google are basically just for identifying you to google anyhow. Google could send anything they want in your name, anytime. if you don't sign your messages yourself with a key that google doesn't have there's no getting around that.

– Lassi Kinnunen
Sep 12 at 8:47













12



















Any online service that acts on your behalf with other network services will normally need to store the credentials needed for those other services. While there are other ways to implement authenticate between services, such as OAuth2, in practice very few services implement such mechanisms. So when an online application needs to perform on your behalf, it mimics a client application like a web browser or mail client.



For example, personal finance applications (e.g. Mint) often provide a way to view all your financial accounts (bank accounts, credit cards, brokerages, mortgages, etc.) in one place. They require you to enter the username and password (and maybe even security questions) for each of those services, so that they can login and download the information.






share|improve this answer




























  • To be clear, keychain password's isn't stored in plaintext.

    – Alexander
    Sep 10 at 23:12






  • 1





    The question is about a service (spark) that sends emails on behalf of the OP when he has his computer off, using a third party mail provider. You are describing the process without taking into account the middleman.

    – Ángel
    Sep 11 at 0:47











  • @Ángel I didn't know what Spark is, the question says it's an email client, so I assumed it was a local application like Mail or Thunderbird.

    – Barmar
    Sep 11 at 14:39






  • 1





    But "even when the computer is turned off" should have been a clue :)

    – Barmar
    Sep 11 at 14:40











  • This is not necessarily true. Online services acting as a middleman could store an authorization token without storing the credentials themselves.

    – jamesdlin
    Sep 11 at 16:42















12



















Any online service that acts on your behalf with other network services will normally need to store the credentials needed for those other services. While there are other ways to implement authenticate between services, such as OAuth2, in practice very few services implement such mechanisms. So when an online application needs to perform on your behalf, it mimics a client application like a web browser or mail client.



For example, personal finance applications (e.g. Mint) often provide a way to view all your financial accounts (bank accounts, credit cards, brokerages, mortgages, etc.) in one place. They require you to enter the username and password (and maybe even security questions) for each of those services, so that they can login and download the information.






share|improve this answer




























  • To be clear, keychain password's isn't stored in plaintext.

    – Alexander
    Sep 10 at 23:12






  • 1





    The question is about a service (spark) that sends emails on behalf of the OP when he has his computer off, using a third party mail provider. You are describing the process without taking into account the middleman.

    – Ángel
    Sep 11 at 0:47











  • @Ángel I didn't know what Spark is, the question says it's an email client, so I assumed it was a local application like Mail or Thunderbird.

    – Barmar
    Sep 11 at 14:39






  • 1





    But "even when the computer is turned off" should have been a clue :)

    – Barmar
    Sep 11 at 14:40











  • This is not necessarily true. Online services acting as a middleman could store an authorization token without storing the credentials themselves.

    – jamesdlin
    Sep 11 at 16:42













12















12











12









Any online service that acts on your behalf with other network services will normally need to store the credentials needed for those other services. While there are other ways to implement authenticate between services, such as OAuth2, in practice very few services implement such mechanisms. So when an online application needs to perform on your behalf, it mimics a client application like a web browser or mail client.



For example, personal finance applications (e.g. Mint) often provide a way to view all your financial accounts (bank accounts, credit cards, brokerages, mortgages, etc.) in one place. They require you to enter the username and password (and maybe even security questions) for each of those services, so that they can login and download the information.






share|improve this answer
















Any online service that acts on your behalf with other network services will normally need to store the credentials needed for those other services. While there are other ways to implement authenticate between services, such as OAuth2, in practice very few services implement such mechanisms. So when an online application needs to perform on your behalf, it mimics a client application like a web browser or mail client.



For example, personal finance applications (e.g. Mint) often provide a way to view all your financial accounts (bank accounts, credit cards, brokerages, mortgages, etc.) in one place. They require you to enter the username and password (and maybe even security questions) for each of those services, so that they can login and download the information.







share|improve this answer















share|improve this answer




share|improve this answer








edited Sep 11 at 17:07

























answered Sep 10 at 15:36









BarmarBarmar

5363 silver badges8 bronze badges




5363 silver badges8 bronze badges















  • To be clear, keychain password's isn't stored in plaintext.

    – Alexander
    Sep 10 at 23:12






  • 1





    The question is about a service (spark) that sends emails on behalf of the OP when he has his computer off, using a third party mail provider. You are describing the process without taking into account the middleman.

    – Ángel
    Sep 11 at 0:47











  • @Ángel I didn't know what Spark is, the question says it's an email client, so I assumed it was a local application like Mail or Thunderbird.

    – Barmar
    Sep 11 at 14:39






  • 1





    But "even when the computer is turned off" should have been a clue :)

    – Barmar
    Sep 11 at 14:40











  • This is not necessarily true. Online services acting as a middleman could store an authorization token without storing the credentials themselves.

    – jamesdlin
    Sep 11 at 16:42

















  • To be clear, keychain password's isn't stored in plaintext.

    – Alexander
    Sep 10 at 23:12






  • 1





    The question is about a service (spark) that sends emails on behalf of the OP when he has his computer off, using a third party mail provider. You are describing the process without taking into account the middleman.

    – Ángel
    Sep 11 at 0:47











  • @Ángel I didn't know what Spark is, the question says it's an email client, so I assumed it was a local application like Mail or Thunderbird.

    – Barmar
    Sep 11 at 14:39






  • 1





    But "even when the computer is turned off" should have been a clue :)

    – Barmar
    Sep 11 at 14:40











  • This is not necessarily true. Online services acting as a middleman could store an authorization token without storing the credentials themselves.

    – jamesdlin
    Sep 11 at 16:42
















To be clear, keychain password's isn't stored in plaintext.

– Alexander
Sep 10 at 23:12





To be clear, keychain password's isn't stored in plaintext.

– Alexander
Sep 10 at 23:12




1




1





The question is about a service (spark) that sends emails on behalf of the OP when he has his computer off, using a third party mail provider. You are describing the process without taking into account the middleman.

– Ángel
Sep 11 at 0:47





The question is about a service (spark) that sends emails on behalf of the OP when he has his computer off, using a third party mail provider. You are describing the process without taking into account the middleman.

– Ángel
Sep 11 at 0:47













@Ángel I didn't know what Spark is, the question says it's an email client, so I assumed it was a local application like Mail or Thunderbird.

– Barmar
Sep 11 at 14:39





@Ángel I didn't know what Spark is, the question says it's an email client, so I assumed it was a local application like Mail or Thunderbird.

– Barmar
Sep 11 at 14:39




1




1





But "even when the computer is turned off" should have been a clue :)

– Barmar
Sep 11 at 14:40





But "even when the computer is turned off" should have been a clue :)

– Barmar
Sep 11 at 14:40













This is not necessarily true. Online services acting as a middleman could store an authorization token without storing the credentials themselves.

– jamesdlin
Sep 11 at 16:42





This is not necessarily true. Online services acting as a middleman could store an authorization token without storing the credentials themselves.

– jamesdlin
Sep 11 at 16:42


















draft saved

draft discarded















































Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid


  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.

To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f216785%2fhow-do-email-clients-send-later-without-storing-a-password%23new-answer', 'question_page');

);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown









-

Popular posts from this blog

Distance measures on a map of a game The 2019 Stack Overflow Developer Survey Results Are Inmin distance in a graphShortest distance path on contour plotHow to plot a tilted map?Finding points outside of a diskDelaunay link distanceAnnulus from GeoDisks: drawing a ring on a mapNegative Correlation DistanceFind distance along a path (GPS coordinates)Finding position at given distance in a GeoPathMathematics behind distance estimation using camera

Image
Delete all lines which don't have n characters before delimiter How to manage monthly salary Deal with toxic manager when you can't quit Button changing it's text & action. Good or terrible? For what reasons would an animal species NOT cross a *horizontal* land bridge? Why do some words that are not inflected have an umlaut? Are there any other methods to apply to solving simultaneous equations? Does a dangling wire really electrocute me if I'm standing in water? Right tool to dig six foot holes? Is there a symbol for a right arrow with a square in the middle? Can a rogue use sneak attack with weapons that have the thrown property even if they are not thrown? What is the motivation for a law requiring 2 parties to consent for recording a conversation What is the accessibility of a package's `Private` context variables? Is "plugging out" electronic devices an American expression? Is there any way to tell whether the shot is g...
Read more

How to get a smooth, uniform ParametricPlot of a 2D Region?How to plot a complicated Region?How to exclude a region from ParametricPlotHow discretize a region placing vertices on a specific non-uniform gridHow to transform a Plot or a ParametricPlot into a RegionHow can I get a smooth plot of a bounded region?Smooth ParametricPlot3D with RegionFunction?Smooth border of a region ParametricPlotSmooth region boundarySmooth region plot from list of pointsGet minimum y of a certain x in a region

Image
Did "2001: A Space Odyssey" make any reference to the names of companies, or show any evidence of the existence of advertisements? Pros and cons of playing correspondence chess How do professors and lecturers learn to teach? Is it OK for a Buddhist teacher to charge their students an hourly rate for their time? Do insurance rates depend on credit scores? Why does California seem to have much more aggressive Consumer Protection and Safety Legislation? Query more than 50000 records Is this medieval picture of hanging 5 royals showing an historical event? Film about the USA being run by fake videos of the president after his kidnapping Is American Express widely accepted in Hong Kong? How many atoms in the hydrocarbon? How do you give spell casters xp? If a picture of a screen is a screenshot, what is a video of a screen? Is there any plausible in-between of Endotherms and Ectotherms? How can we save ourselves from large drops in stock price? How wo...
Read more

Genealogie vun de Merowenger Vum Merowech bis zum Chilperich I. | Navigatiounsmenü

Image
Merowenger MëttelalterFrankräich Genealogie vun de Merowenger Vu Wikipedia Op d'Navigatioun wiesselen Op d'Siche wiesselen D' Merowenger waren en Adelsgeschlecht, dat am fréie Mëttelalter a Frankräich geherrscht huet. Vum Merowech bis zum Chilperich I. | Merowech, ëm 451 Childerich I., † 482, als Kinnek vun de Franken 463 an 489 attestéiert, bei Tournai begruewen; ∞ Basina aus Thüringen Clovis I. (Chlodowech, Chlodwig), * 466, † 27. November 511, 482 Kinnek vun de Franken, begruewen an der Apostelkierch zu Paräis; ∞ I NN, eng adleg Fränkin; ∞ II 492/494 Chlothilde (Chrodihild), † 544, Duechter vum Chilperich II., Kinnek vun de Burgunder, begruewen an der Apostelkierch zu Paräis (I) Theuderich I. (Thierry I.), * géint 484, † Enn 533, Kinnek zu Reims 511-533; ∞ I Suavegotta, † virun 566; ∞ II ëm 517 NN, Duechter vum Sigismund...
Read more