Emacs 26, Wanderlust, and modern Gmail authentication

For sometime now, I’ve rejected the idea of using Emacs as an email or IRC client — the idea that someone else can modify one of my precious Emacs buffers whenever they wanted was not highly appealing.

I’ve recently began a new stage of my career where I am leading teams, and it is usually when my time lessens that I begin to realize inefficiencies in my workflow. One of those is email: either I end up using a clunky mail client, or I keep a couple Gmail tabs open in my browser at all times. I decided to revisit mail in Emacs using the Wanderlust package.

First, get Emacs 26. There’s no real reason not to, and this time when you go to compile the program, if there is any reason mail might not work, the ./configure step will let you know. (Wanderlust didn’t work for me in previous versions probably because of reasons the configuration file now brings up). In my case, I required the flag --with-mailutils .

After you have Emacs 26, this blog post gets most of the Wanderlust setup right, but I’ll duplicate that information here just in case the URL ever goes down: https://box.matto.nl/emacsgmail.html

Install Wanderlust (package name is wl) using MELPA. Afterwards, create a .folders file in your home directory with this content:

%inbox  "inbox"
+trash "Trash"
+draft "Drafts"

Then add this into your Elisp, replacing <accountname> with your email username (like cooluser102) on two of the lines below:

;; wanderlust
(autoload 'wl "wl" "Wanderlust" t)
(autoload 'wl-other-frame "wl" "Wanderlust on new frame." t)
(autoload 'wl-draft "wl-draft" "Write draft with Wanderlust." t)

;; IMAP
(setq elmo-imap4-default-server "imap.gmail.com")
(setq elmo-imap4-default-user "<accountname>@gmail.com")
(setq elmo-imap4-default-authenticate-type 'clear)
(setq elmo-imap4-default-port '993)
(setq elmo-imap4-default-stream-type 'ssl)

(setq elmo-imap4-use-modified-utf7 t)

;; SMTP
(setq wl-smtp-connection-type 'starttls)
(setq wl-smtp-posting-port 587)
(setq wl-smtp-authenticate-type "plain")
(setq wl-smtp-posting-user "<accountname>")
(setq wl-smtp-posting-server "smtp.gmail.com")
(setq wl-local-domain "gmail.com")

(setq wl-default-folder "%inbox")
(setq wl-default-spec "%")
(setq wl-draft-folder "%[Gmail]/Drafts") ; Gmail IMAP
(setq wl-trash-folder "%[Gmail]/Trash")

(setq wl-folder-check-async t)

(setq elmo-imap4-use-modified-utf7 t)

(autoload 'wl-user-agent-compose "wl-draft" nil t)
(if (boundp 'mail-user-agent)
(setq mail-user-agent 'wl-user-agent))
(if (fboundp 'define-mail-user-agent)
(define-mail-user-agent
'wl-user-agent
'wl-user-agent-compose
'wl-draft-send
'wl-draft-kill
'mail-send-hook))

Run the wl command, and use your normal Gmail password despite the fact that it won’t work. Google’s current form of authentication is not compatible with older pieces of software that use traditional IMAP authentication, and shortly after the failed authentication attempt, you’ll get an email from Google explaining the situation.

Now is where it gets interesting. You are going to need to loosen and tighten security at the same time to get this to work:

  1. There is a link in that email for “allowing access to less secure apps.” Go ahead and do that.
  2. Afterwards, enable two factor authentication on your Google account: https://support.google.com/accounts/answer/185839?hl=en
  3. Now, create an app-specific password for Wanderlust (and despite Google’s warnings, save it for later): https://support.google.com/accounts/answer/185833?hl=en

Now try rebooting Wanderlust and using your new password. Voila! You’ll have email… just make sure not to add every email in your Gmail into your email database, because things could get slow.

You’ll need to keep the app-specific password around, and there are a number of password managers both within and outside of Emacs that could do that for you.

Is Wanderlust going to be my permanent email setup in Emacs? Is this really the best way to do email in Emacs? Not sure yet, but the first step to figuring that out is to get something working.

Edit 07/18/2018: If you administer your own domain with Google, you can actually *enforce* the standard albeit less secure verification for all users, allowing them to authenticate with Wanderlust using their regular password. I do not recommend this, but it is an option: https://support.google.com/a/answer/6260879?hl=en