A requirement of MessageBunker that we store the user’s credentials, encrypted of course, so that we can access their mailbox for archiving. Wherever possible, we look for alternative solutions that allow for improved security and privacy. Gmail offers one such solution.
MessageBunker can be granted a token by Gmail with the end-user’s permission, that needs refreshing hourly. This token can be used to log in. The process is known as ‘oAuth’ as is fairly common on the web, but this is the only implementation for IMAP that we are aware of.
When a user creates a new archive on MessageBunker, we send them to Google to give us permission to access their Gmail. We then get a confirmation back and a token we can use to log in.
The user does not need to reveal their password and can revoke our access to their Gmail account at any time, without the need to change their password, or alter any other systems that are accessing the account.