Category POP Peeper

Important Gmail-Oauth2 news

As of April 23, 2025, Gmail accounts accessed in POP Peeper will require you to use an app password instead of Oauth2. It is strongly recommended that you switch to app passwords as soon as possible (and before April 23); you can do this with your current version of POP Peeper. If your Google account already has two-factor authentication (2FA) enabled, creating an app password is a very simple process; but otherwise, you will need to setup 2FA which may take an extra 2-15 minutes. Google will make it seem like you must provide your phone number, but this is not mandatory as the guide will explain. The Esumsoft guide for setting up 2FA and app passwords is provided here:
https://www.esumsoft.com/pop-peeper/faq/?q=GmailAppPw

POP Peeper v5.6 will be released soon which has updates related to these changes (such as removing Oauth2 as an option for Gmail and providing in-app links to help guide you through creating app passwords). POP Peeper v5.6 will be able to use Oauth2 for your existing Gmail accounts and will continue to work until the deadline or if an account requires you to re-authenticate. New accounts added into POP Peeper will require you to use an app password.

To determine if your POP Peeper account is using Oauth2 or a password:
v5.5 or older: edit the account in POP Peeper; the dropdown to the right of your “Login name” will either be “Oauth2” or “Password”. You need to switch to “Password” if it’s currently “Oauth2”.
v5.6 or newer: edit the account in POP Peeper; if you see a disabled control that says “Password” to the right of your “Login name”, this means that Oauth2 is still being used and you need to update your password (if there’s an existing password, it could be your main password which Gmail no longer accepts and so you may still need to create a new app-password and use it to replace your existing password in POP Peeper). The disabled “password” control will be removed after you save a password. The following image shows a case where Oauth2 is still being used because the “Password” dropdown is visible but disabled:

POP Peeper v5.6 – Oauth2 still in use
POP Peeper v5.6 – Password being used (no disabled “password” above “confirm”)

Why is this necessary?

POP Peeper first introduced Oauth2 support in v4.2 (June 20, 2016). Oauth2 is considered more secure for various reasons, such as the email client not needing to store your password. Over the last few years, Google started requiring a CASA review (“Cloud App Security Assessment”) for certain activities that used Oauth2, including access to Gmail. This review was first required for POP Peeper in 2024; it was an extremely stressful and time-consuming process, but POP Peeper passed the assessment and this is why Oauth2 was still available. This was mentioned in the POP Peeper v5.5 released announcement.

The need for the CASA review came around again this year, but this time Google required the use of 3rd party assessors which had fees of over $700 USD; this is a reduced rate from several thousands of dollars because of a partnership with Google. Based on the experience so far, it is reasonable to believe that the reduced rate will only be available for a limited time and will not be offered for future required assessments. The vast majority of people running POP Peeper use it for free and POP Peeper does not bring in enough money to absorb this fee on top of all the other expenditures (such as web hosting and code signing), especially considering that this is just one email service of thousands (albeit, probably the most popular one).

This was not an easy decision to make, but it came down to the resources (time and money) involved with the CASA review, especially with the alternative of using app passwords. Using Oauth2 does not provide any special privileges, it is only used to log into your email account. Google could (and, in my opinion, should) allow email clients to use Oauth2 without requiring the CASA review for this very reason. Considering that there is an alternative method that allows the same level of access to your email which Google claims is less secure, the necessity of the CASA review seems questionable, and that’s especially true for desktop apps like POP Peeper where your data goes directly between your computer and the server.

Recap

This only affects POP Peeper’s capability to login using Oauth2 for Gmail. It does not affect other services that use Oauth2 (Outlook, Yahoo, AOL). You can still use POP Peeper to access Gmail by using an app passwords

POP Peeper v5.5.1 released

Download: https://www.esumsoft.com/download/

v5.5.1 is a maintenance update, which fixes a couple of bugs that won’t affect most people who are already running v5.5.

Primarily, this fixes a bug in v5.5 when using the -UpdateEncrypt command-line when an account is password-protected.

Secondly, several issues have been addressed when the SSL plugin isn’t available (including a bug that affected auto-updating the SSL plugin).

It is also recommended that you read the release notes for v5.5 if you are upgrading from a previous version.

POP Peeper v5.5 released

This update has several security updates as well as a lot of fixes and minor updates.

You can download POP Peeper v5.5 here: https://www.esumsoft.com/download/
The Version History is also available on the download page.

Important: Because of the security updates (improved encryption), data saved in this version is not backward-compatible with previous versions. What this means is that once you update to v5.5, you should not restore the program files of an older version (e.g. v5.4.6) without also restoring a backup of the data files.

OpenSSL has been updated to v3.0. v1.1 is no longer being updated. OpenSSL v3.0 was chosen because it will be supported until September 2026, whereas support for v3.1/v3.2 ends in 2025.

Sensitive data is now encrypted using a more powerful and standard algorithm. This includes your login information as well as message data.

Norton 360 users have reported some issues with v5.5; specifically with the ‘Data protector’ module in Norton. Norton may prevent the Installer from installing the program and there may be other issues once running (e.g. reporting problems when saving certain file attachments such as .pdf). It is recommended that you add POP Peeper and the installer to the white list / exclusion list in Norton. A report has been submitted to Norton.

Windows XP — it has been reported that OpenSSL v3 no longer works on Windows XP. v3 is required for POP Peeper v5.5+, so it is recommended that you stay on POP Peeper v5.4.6 if you have Windows XP.

Behind-the-scenes changes

Digital signature — since the last release, Esumsoft has obtained a new provider for the code signing/digital signature. This change took significant effort to replace the old procedure and this change may be why Norton360 is reporting potential issues. ie. Norton may think it’s suspicious that the provider has changed. The good news is that Esumsoft has paid for a 10-year subscription, so if that is the problem, it shouldn’t be a problem again anytime soon. I hope that it also shows my commitment to POP Peeper and all other existing and future Esumsoft products.

Google / CASA Tier 2 security assessment — Google now requires a rigorous security review for apps that access your email and login with Oauth2. This review process is why many apps (not just email) have chosen not to use Oauth2 or are using ways to circumvent it. I am pleased to announce that POP Peeper has recently passed the assessment and is verified. This means that POP Peeper is one of the limited, independent email clients that can continue to use OAuth2 when logging into your Gmail accounts.

POP Peeper v5.4.5 released

Download POP Peeper

See what changed

Notable changes since the last official release:

  • Voice Notifier can now show additional voices: Enable “Additional voices” on the “General” page and then access the list on the “Notification” page (in Voice Notifier settings).
  • Fix for Yahoo IMAP issue showing empty headers for messages containing attachments (Yahoo server bug)
  • Fix for cases when messages were removed from the server externally and POP Peeper didn’t detect this

Voice Notifier — to add new voices, follow these basic steps:

1) Open the Windows start menu and type and open “Speech settings”
2) Click “Add voices” (bottom) and install whatever voices you want
3) In POP Peeper, go to main menu: Tools / Voice notifier -> settings
4) Enable “Include additional voices” on the General page
5) Go to the “Notification” page and you should now see the voices available that you installed on step #2

Outlook SMTP Oauth2 error

Outlook’s SMTP server currently has an issue with Oauth2. It may be temporary but it has already lasted several days at this point. It should be fixed by Outlook eventually, but to fix this immediately, you can switch POP Peeper to use the password method instead of Oauth2:

  1. Edit the account in POP Peeper
  2. To the right of your “Login name”, change the selection to “Password”
  3. Make sure that you have the correct password entered
  4. Press “Update” to save and then you should be able to send any queued messages (press “Check Mail”)

Gmail and POP Peeper

As of October 3, 2022, the Oauth2 method used by POP Peeper v4.x is being phased out by Gmail and Oauth2 for Gmail accounts will no longer work. It is possible that accounts will continue to access email until you need to re-authenticate Oauth2, but it’s recommended that you switch to a solution before that happens. POP Peeper v5 supports the new Oauth2 method that Gmail requires.

Update: Older Windows OS’s (e.g. Windows 7) may not support the mechanism required to support the Oauth2 login required by Gmail (even with POP Peeper v5 unless POP Peeper is launched with elevated/admin privileges). In this case, it’s recommended that you use the “app password” option (note that for “app password” this is a substitute for Oauth2; you should set the option in POP Peeper to use “password” instead of “Oauth2” in the dropdown to the right of your “Login name”).

If you are using Windows 10 or better, it is recommended that you upgrade to POP Peeper v5 and use Oauth2. Otherwise, if you are using Windows 7 (for example), using the app password is recommended; however, Gmail does require you to enable 2-Factor Authentication to use app passwords.

  1. Update to POP Peeper v5: https://www.esumsoft.com/download/
  2. Use an app password: https://support.google.com/accounts/answer/185833?hl=en

POP Peeper v5.4.1 released

Download POP Peeper

See what changed

Notable changes since the last official release:

  • Oauth2 support for POP3 (Gmail, Yahoo, AOL)
  • “Prior unread” has been added as an available view-message toolbar button and an option for delete action; note: “prior” is used instead of “previous” for width considerations
  • Configuration files added for @verizon.net and updated for AT&T-based domains
  • Plus Pack: Sent Mail Viewer adds keyboard shortcuts to access the Message/Account/Folder lists (Ctrl+1, Ctrl+2, Ctrl+3) as there was no other way to access these lists via keyboard

POP Peeper v5.2.2 released

Download POP Peeper

See what changed

Notable changes since the last official release:

  • Right-clicking on a message in the list has a new ‘Search’ sub-menu which allows convenient search for sender and subject
  • The ‘Oauth2’ button in Edit-account has been changed to a dropdown for better transparency; you can still reset Oauth2 by re-selecting Oauth2 from the dropdown
  • Skin Notifier: Hovering your mouse over the notifier will prevent it from fading/sliding out