For a while now, I've had a problem with my email account. Messages would come in, I'd get a notification on my phone. Then, a few seconds later, the message would be marked as seen. This left me with an inbox where I could no longer easily see which messages I've seen and which were new.

I tried to find the cause for this behavior and started looking at my email client and my launcher. I was suspecting that either of them had some 'smart' (read: unintended) feature that caused the emails to be marked as read before:

• FairEmail because it has a shitton of settings (a good thing), some of which relates to how notifcations are handled and when emails should be set to seen under certain conditions.
• NiagaraLauncher because it has a smart notification summary which I thought could mess with notifications and in turn with the emails

Both of these suspicions turned out to be false, when I asked this question on the fediverse. I got a very plausible and disturbing possible answer by NumberHill:

Just to be safe, you should probably change your mail account password and regenerate your client tokens if you have any.

This hit me like a ton of bricks. After changing the password of my mail account, my emails would no longer be magically be set to seen. So I'm suspecting that somebody has been reading my email over IMAP for over a month. They could not log into my email account through the webmailer because of TOTP, but they knew my password and could read every mail I got.

Just a few days ago I saw somebody recommending not using email clients at all and instead relying on the providers' webmailer for access and laughed at it.

What's so inherently insecure about using clients? Everybody does that, right?

This has been a weird experience for me, but it also taught me that a strong password is not enough, given enough time.

I will be changing my passwords regularly from now on, at least for critical services like email.