Mail.app raises concerns by using unsecured connection to Gmail

In March of 2025, users of macOS Sequoia 15.3.2 reported issues with Apple's Mail.app connecting to Gmail via an unencrypted port. Typically, Mail.app users expect their accounts to be configured automatically without the need for manual adjustments. However, a significant number of users began to notice that the application was attempting to access Gmail's IMAP server, specifically 'imap.gmail.com', using port 143. This situation raised concerns due to the implications of using such an unsecured connection for email communication. Many users found that their other accounts—such as iCloud or self-hosted IMAP accounts—did not exhibit this behavior, leading to a perception that this issue was unique to Gmail accounts. The observations were facilitated by the use of a network monitoring tool called Little Snitch, which revealed that the Mail.app was transmitting data over non-secure channels. Users started to question if it was Mail.app's settings or Google's servers that were instigating the insecure connection attempts. With the growing emphasis on digital security, the expectation among users is that applications will default to secure settings, particularly for widespread services like Gmail. Yet, in this case, users were perplexed as to why Mail.app would not ensure secure connections by default. Given this troubling situation, users were considering their options. Blocking Mail.app from connecting over port 143 entirely was one possible response, while others sought additional settings or hidden commands that could enforce secure connections exclusively via port 993 (used for IMAPS). This dilemma highlights a broader issue regarding email security practices and the responsibilities of both application developers and service providers like Google. Users express dissatisfaction over the lack of transparency in these connections and the default behaviors of Mail.app when setting up email accounts. This unexpected behavior has not only caused frustration among users but also sparked discussions in online communities about the impact of software updates on user experience and security. Without adequate communication from Apple or Google, users were left to navigate their concerns alone, resulting in an online search for answers. As digital communication becomes more prevalent, the necessity for secure, encrypted channels becomes increasingly crucial, prompting dialogues about the standards companies implement to protect user data.