Using smtp.gmail.com with Total Access Emailer
Gmail offers an SMTP server (smtp.gmail.com) to send emails from applications such as Total Access Emailer for Gmail.com addresses. By entering your Gmail address and password into the program's SMTP options, Total Access Emailer sends emails from that Gmail account within your Microsoft Access database.
Your users don't need to know the email account is being used, its password, the emails' FROM address, or even that emails are being sent. It can all be handled transparently.
Configuring Gmail to Allow Less Secure Apps
For a Gmail account to allow programs to send emails on its behalf, it must allow Less Secure Apps.
Detailed configuration instructions are provided on our Gmail Configuration page. This has worked for decades and allows Total Access Emailer and other Windows apps to send emails on behalf of your Gmail address.
Google is Ending Support for Less Secure Apps
Google announced that starting May 30, 2022, Less Secure Apps will no longer be supported and a more secure protocol using OAUTH 2.0 is required.
The protocol change impacts the security around your Gmail account. The Gmail password is no longer entered in the desktop application which is considered a security hole.
There are two new alternatives for supporting Gmail:
- Create a Google App Password for one email address
- Create a Google API Client ID (supports multiple emails and organization accounts)
If you create a Google API Client ID, a one time Google web page pops up for you to approve the application with your Gmail account. When approved, a token is provided to the application, and that's what it uses to send emails via SMTP.
FMS Enhancements to Total Access Emailer
New versions of Total Access Emailer are now available to support the enhanced security requirements for both Gmail options including the OAUTH protocol:
- Total Access Emailer 2022, Version 22.0, for Office/Access 365, 2021, and 2019
- Total Access Emailer 2016, Version 16.81, for Access 2016
- Total Access Emailer 2013, Version 15.81, for Access 2013
- Total Access Emailer 2010, Version 14.81, for Access 2010
Updated Options Form to Support Gmail with New Table
To support the new OAUTH requirements, the Options SMTP Settings tab in Total Access Emailer is updated. We also add a new table in your database to store the additional credentials. Like the other usysTEmailer tables, this can be in a back-end database that your front-end databases link to and share.
New Processes Anticipate Expired Tokens
The Gmail OAUTH token is used to make a connection with their SMTP server. That connection can expire and require a refresh, which Total Access Emailer anticipates and handles. If during an email blast, the token expires and cannot be refreshed, the email blast stops and returns the error so you can approve Total Access Emailer on your Gmail account again.
We do not know how often this occurs. Unused tokens supposedly expire after six months but it is not clear if tokens used more often remain valid shorter or longer.
Create a Google App Password
Google lets you create an App Password that eliminates the need to enter your actual Gmail password into an application. Visit our Create a Google App Password page for details.
The application needs to support the latest version of Transport Layer Security (TLS) which is included in Total Access Emailer 2022, and the X.81 versions of Total Access Emailer 2016 to 2010.
Create Your Own Google API Client ID
Google Will Not Approve Total Access Emailer or any Windows Program for SMTP
In April 2002, we submitted a request to Google for Total Access Emailer to be an approved application for sending emails with Gmail accounts. Google rejected our application from using SMTP with your Gmail account. In fact, they will not approve any applications that use SMTP for others.
They will approve applications that use their proprietary API to send emails, but it does not make sense for us to process emails completely differently for a specific SMTP provider.
Each Gmail Customer Needs to Create their Own Google API Client ID
Rather than FMS approving Total Access Emailer for your Gmail account, Google requires you to go through the process of creating your own Google API Client ID and specify the allowed API permissions and point you to their site.
Since this would be for your own use with the specific Gmail accounts you designate (up to 100), you do not need to go through the official Google approval process. If you have a paid Google account for your organization, your features and limits are more than free Gmail accounts and based on your terms with Google.
Visit our web page with step-by-step instructions for creating your ID: Google Gmail API Account for SMTP Server for Total Access Emailer
Future with Google/Gmail and SMTP on Windows
Google's new requirements and increased security make sense for web and especially phone applications which are approved apps with connections to Gmail for one email account for the device.
This is different from the Windows applications that Access databases and Total Access Emailer often support with multiple devices, users, and email accounts.
Google App Password May Work
If the App Password feature works the way the original Gmail password functioned with SMTP, then not much has changed and hopefully this is supported long-term.
Challenges with Google OAUTH Protocol
When the Google tokens expire, the user must re-enter the Gmail account values to approve Total Access Emailer again. This is not a big problem if:
- Tokens are valid if used more than once every six months.
- The user is the owner of the Gmail account and can enter the credentials when prompted.
It may be a problem if tokens expire more quickly.
It may be a problem if users running an Access database with someone else's Gmail account for its email features need to reauthorize it. This is especially likely for applications embedding the VBA programmatic interface of the Total Access Emailer Professional Version. The user may not even know that Total Access Emailer is running in the background and probably doesn't know the Gmail account being used or its password.
Works Now, Uncertain Future for Google SMTP on Windows
If generating the Google Client ID and abiding by their terms are acceptable, the new versions of Total Access Emailer will work, especially if you/your users know the Gmail account login to refresh it.
If you are deploying solutions to users who are not given the Gmail account and password, you need to consider what happens if Google's token fails to validate. At this time, we are not sure if or how often the Google token will fail to refresh after a Gmail account is authorized for it.
Recent Microsoft Office365 SMTP Security Enhancements
Note that Office365 increased their security requirements recently which we addressed with the launch of Total Access Emailer 2021 and X.8 releases for prior Access versions. Office365 added security while maintaining the SMTP standards and architecture to support Windows desktop solutions across multiple applications, PCs, users and locations. Office365 is an option if Google becomes too difficult to use. Similarly, SendGrid/Twilio on Azure also supports SMTP emails without Google's complexity.
Comments
1 comment
It says on the Google page https://support.google.com/accounts/answer/6010255
"Please note this deadline does not apply to Google Workspace or Google Cloud Identity customers. The enforcement date for these customers will be announced on the Workspace blog at a later date."
Doesn't Google Workspace count as sending out emails using Gmail?
Please sign in to leave a comment.