Use the details below when configuring IMAP-to-IMAP migrations using our Email Migration tool in Client Connect. Unless otherwise stated:

• SSL/TLS port is 993 (recommended)
• Non-SSL/STARTTLS port is 143 (only if a provider specifically requires it)
• “SSL required” indicates whether the provider expects SSL/TLS on port 993

Notes

• Gmail/Google Workspace: IMAP must be enabled in mailbox settings. If 2-Step Verification is on, use an App Password for IMAP
• Microsoft 365: Modern auth is standard; for migration tools using basic auth, create an app password (if allowed) or use a migration method that supports OAuth
• Yahoo/AOL: With 2FA enabled, use an App Password
• iCloud: Requires an App-Specific Password

These are commonly encountered; settings can vary by plan or legacy system. If a connection fails, check the provider’s latest help page or your account portal.

Tip: Some ISP mailboxes are being phased out or require account re-verification before IMAP works. If credentials are correct but login fails, try webmail once to re-confirm the account, then retry the migration.

An app password is a one-time, auto-generated password you create in your email/security settings to let older apps or tools (like IMAP migration utilities, desktop mail clients, printers/scanners) sign in without your main account password. It’s used when your account has 2-Step Verification (2FA) or modern OAuth sign-in and the app can’t handle those flows.

• With 2FA on, your normal password alone isn’t enough
• Some apps can’t show the extra verification prompt (code/push)
• An app password acts as a special key that’s limited to IMAP/SMTP/POP and can be revoked at any time—safer than sharing your real password

• You turn on 2FA for the mailbox
• In the account’s security page, you generate an app password (a random 16–24-character string)
• In your migration tool or mail app, you enter:
  • Username: your full email address
  • Password: the app password (not your normal one)

• Scope: App passwords usually bypass 2FA only for legacy protocols (IMAP/SMTP/POP). They don’t grant access to the account’s web dashboard.
• Revocation: You can revoke an app password at any time without changing your main password.
• One per tool: For security, generate separate app passwords for each device/tool.
• Visibility: Most providers only show the app password once—copy it right away.

• Gmail / Google Workspace: Enable 2-Step Verification → Security → App passwords → choose “Mail” and your device, generate, paste into the migration tool.
• Microsoft 365 / Outlook.com: If the tenant/account allows it, enable 2-Step Verification → Security → Create a new app password. (Some organisations disable app passwords and require OAuth-based tools.)
• iCloud Mail: Turn on two-factor authentication for your Apple ID → appleid.apple.com → App-Specific Passwords → generate, then use with imap.mail.me.com.
• Yahoo / AOL: With 2-Step Verification on, go to Account Security → Generate app password.
• Zoho / Fastmail: Similar flow: enable 2FA → Security → App passwords.
• Proton Mail: Uses Proton Bridge instead of app passwords; Bridge provides its own IMAP/SMTP credentials locally.