Note: The email channel is a licensable feature of the system.
How email servers work: #
There are two types of email servers used within Contact:
- Internet Message Access Protocol (IMAP) is a protocol for retrieving emails from an email account on an email server.
- Simple Mail Transfer Protocol (SMTP) is a protocol for sending emails on behalf of an email account.
Within Contact an email server works as follows:
- An email account already exists for an email provider, such as Gmail or Microsoft.
- Contact configures a IMAP/SMTP connection to that email account so that emails using that account can be read or sent. To the end user, it appears that they are interacting directly with the email account, rather than with Contact.
How authentication works: #
When Contact connects to that email account using one of the protocols mentioned, it needs to authenticate the user credentials. Contact handles two types of authentication:
Basic Authentication:
This uses the username/email address and password that are associated with the email server to authenticate the user. For example, email address “test123@gmail.com”, with password “test”. These are configured by a company administrator in the Administrator Portal under Email > Email Servers, User and Password settings
- Note: Basic authentication is problematic both in that Contact needs the user password in plain text, which is not secure (unless an app-specific password is used), and in that this method is being phased out by email providers in preference for other, more “secure by default” options.
OAuth2 Authentication:
This uses the username/email address that is associated with the email server and a token provided by the email provider to authenticate the user. There are different OAuth2 authentication flows. Contact uses the “authorization code” flow.
In order to provide tokens to Contact a new tab will open in the web browser and the email provider will ask the administrator for the password. Once authenticated, the administrator is asked if they want to permit the “Contact” app to read/write emails on their behalf. When the administrator accepts, the email provider provides Contact with tokens that can be used to access the email account.
Using this method, Contact does not know about the user’s password. (The Password field is not displayed to the company administrator when they are setting up an email server (under Email > Email Servers) and they select OAuth2 as the Authentication Type.)
Related Content:
Email Server recommended settings