> Unless your domain is setup to use strict SPF and then this will fail randomly
Sure - but most people don't have this, and the goal is to get people to put in their SMTP credentials at some point anyway. Just doesn't have to be in their very first email.
> And do people really give their IMAP credentials to a web app?
Yep. We take security seriously and only end up tracking emails that match up with sales/leads in Close.io. For an entire company, their CRM data is often more important than an individual's inbox anyways - and we want to reduce the data entry necessary in common sales processes.
Sure - but most people don't have this, and the goal is to get people to put in their SMTP credentials at some point anyway. Just doesn't have to be in their very first email.
> And do people really give their IMAP credentials to a web app?
Yep. We take security seriously and only end up tracking emails that match up with sales/leads in Close.io. For an entire company, their CRM data is often more important than an individual's inbox anyways - and we want to reduce the data entry necessary in common sales processes.