Changes to Gmail security policy

Any Gmail users who have their account set to collect mail from a remote server may have noticed that they now receive a security warning when sending or receiving mail.

At the start of April, Google implemented a new security policy as described at

Although this is listed as only affecting administrators, in reality it affects anyone who collects mail remotely using Gmail. So what does this mean for end users?

Anyone connecting via mail.DOMAIN or smtp.DOMAIN will now find that the connection is refused as being insecure. This is because regardless of what your domain name is, the security certificate that Gmail finds is that of the name of the server.

For shared services (WordPress Hosting, Professional and Universal) this should be set to for incoming mail and for outgoing. For resellers this should be set to for both incoming and outgoing (where XXX is your actual server number).

Gmail should automatically use the correct ports and protocols – the user name will stay as your full email address and the password will be the password for the mailbox you are trying to collect mail from.