tutanota | email service with a strong focus | Email library

by tutao TypeScript Version: tutanota-ios-release-3.114.1 License: GPL-3.0

X-Ray Key Features Code Snippets Community Discussions(4)Vulnerabilities Install Support

kandi X-RAY | tutanota Summary

tutanota is a TypeScript library typically used in Messaging, Email applications. tutanota has no bugs, it has no vulnerabilities, it has a Strong Copyleft License and it has medium support. You can download it from GitHub.

Tutanota is an email service with a strong focus on security and privacy that lets you encrypt emails, contacts and calendar entries on all your devices.

Support

Quality

Security

License

Reuse

Support

tutanota has a medium active ecosystem.

It has 5347 star(s) with 496 fork(s). There are 172 watchers for this library.

There were 10 major release(s) in the last 12 months.

There are 689 open issues and 3243 have been closed. On average issues are closed in 566 days. There are 12 open pull requests and 0 closed requests.

It has a neutral sentiment in the developer community.

The latest version of tutanota is tutanota-ios-release-3.114.1

Quality

tutanota has 0 bugs and 0 code smells.

Security

tutanota has no vulnerabilities reported, and its dependent libraries have no vulnerabilities reported.

tutanota code analysis shows 0 unresolved vulnerabilities.

There are 0 security hotspots that need review.

License

tutanota is licensed under the GPL-3.0 License. This license is Strong Copyleft.

Strong Copyleft licenses enforce sharing, and you can use them when creating open source projects.

Reuse

tutanota releases are available to install and integrate.

It has 14069 lines of code, 1004 functions and 1410 files.

It has medium code complexity. Code complexity directly impacts maintainability of the code.

Top functions reviewed by kandi - BETA

kandi has reviewed tutanota and discovered the below as its top functions. This is intended to give you an instant insight into tutanota implemented functionality, and help decide if they suit your requirements.

Create DOMPurifier .
Parses an event tokenizer .
bRC constructor .
Initialize the initial state of the initial state .
Returns a unit .
Deflated state information
Translate a block of text into a string .
Fills the window with the random buffer .
Parse route .
Update nodes

Get all kandi verified functions for this library.

tutanota Key Features

No Key Features are available at this moment for tutanota.

tutanota Examples and Code Snippets

No Code Snippets are available at this moment for tutanota.

Community Discussions

Trending Discussions on tutanota

How to Handle 26-Byte Secret for Time-based One Time Password?

Send/Receive/View/Access WebMail(i.e:"Mail.com") Emails Over Basic HTML Version WebSite From Basic WebBrowser

Nodemailer with Tutanota Mail in Node.js

SPF Record for Multiple DKIMs (including MX)

QUESTION

How to Handle 26-Byte Secret for Time-based One Time Password?

Asked 2022-Apr-02 at 04:15

Secret of Time-based One Time Password are usually 16-byte base32 encoded string. e.g. GitHub 2FA.

But for some scenario, it has 26 bytes long. e.g. Tutanota OTP. Often in lower case with whitespaces, like: vev2 qjea un45 3sr4 q4h3 ais4 ci

I tried with the TOTP algorithm implemented in dgryski/dgoogauth and tilaklodha/google-authenticator. Both can handle 16-byte secret well, but got error for 26-byte secret.

e.g. for 16-byte secret VEV2QJEAUN453SR4:

...

ANSWER

Answered 2022-Apr-02 at 04:15

A base32 encodes every 5 bits of input bytes into base32 character, go base32 use The RFC 4648 Base 32 alphabet (A-Z, 2-7). When decode a string to bytes, each base32 character input will be mapped to a 5 bit index then recompose to bytes.

In your example "VEV2QJEAUN453SR4Q4H3AIS4CI", the previous "VEV2QJEAUN453SR4" was already valid input, it is a 16 char input, and 5 bit * 16 is 80 bit so it can be resolved into 10 bytes output. Now let us just look at the rest "Q4H3AIS4CI", 10 char -> 5 * 10 = 50 bits, the previous 40 bits can be decode to 5 bytes, but the last 2 char "CI" leads 2 bit remainder

Source https://stackoverflow.com/questions/70389299

QUESTION

Send/Receive/View/Access WebMail(i.e:"Mail.com") Emails Over Basic HTML Version WebSite From Basic WebBrowser

Asked 2020-Dec-26 at 02:49

QUESTION(s) : (1) How can users or I have direct-access (aka: view, send, receive, etc capacity) for web-emails/web-mails (i.e:"Mail.com") , from simple/basic/lightweight/mobile web-browser thru/over secure/encrypted connection and by using their plain/basic/lite/lightweight/mobile HTML version based web-service/WEBSITE/SITE ?
and (2) What Other Alternative Web-Mails Solutions (preferably: free solutions) I/User Can Use To Send/Receive Emails ?
and (3) Which Sites/URLs Need To Be Added In Cookie-Or-Script EXCEPTION List, To Allow Communication With Web Mail Servers ?
END-OF-QUESTION.

DETAILS:
( PLEASE AVOID / SKIP READING BELOW ,
if you have NO time to read more info, or if you have NO-respect that i/someone can have different preferences/choices, etc, or if you don't want to figure-out 1orMore solutions for my/user's problems, or avoid/skip when you don't want to helpout )

abbr : i.e.=in-example . aka=also-known-as .

Why using "Mail.com" ? Instead of using all of these ( Mail.com, HushMail, ProtonMail, Tutanota, Zoho-Mail, Mailfence, iCloud, Excite-Mail, etc ) WebMail based mail/email service providers (ESP/MSP) NAME AGAIN & AGAIN , here i will use only "Mail.com" to refer to all/any of these webmail based ESP/MSP.

BASIC WEBMAIL(s) / WEB-EMAIL(s) SERVICE EXAMPLES:
Few EXAMPLEs of simple/plain HTML version based website/webservice to access emails, which is also known as basic webmail/webemail service, etc.

GMAIL : any user can access "GMail" (from Google) emails over their secured & plain HTML version site, by using below link:
https://mail.google.com/mail/u/0/h/1pq68r75kzvdr/?v%3Dlui
and to use Standard version (with all features) back again, this can be used:
https://mail.google.com/mail/u/0/?nocheckbrowser
Reference for "GMail": https://support.google.com/mail/answer/15049?hl=en

GMail also allows free access by using these mail-server services:
IMAPS imap.gmail.com:993 or POP3S pop.gmail.com:995,
and SMTPS smtp.gmail.com:465(TLS/SSL),
Note: select Connection-Security: TLS/SSL, Auth-Method: "Normal Password".

YAHOO : any user can access "Yahoo" emails over their secured & plain HTML version site, by using below link:
https://login.yahoo.com/?.src=ym&lang=&done=https%3A%2F%2Fmail.yahoo.com%2Fneo%2Fb%2Flaunch
and to access "Yahoo" emails over standard HTML version site:
https://login.yahoo.com/?.src=ym&lang=&done=https%3A%2F%2Fmail.yahoo.com%2F

Yahoo emails can also be accessed for free by using free IMAPS+POP3S+SMTPS mail-server services directly from Email-Client programs, more info: https://en-global.help.yahoo.com/kb/SLN4075.html
IMAPS imap.mail.yahoo.com:993 or POP3S pop.mail.yahoo.com:995,
and SMTPS smtp.mail.yahoo.com:465(TLS/SSL),
Note: select Connection-Security: TLS/SSL, Auth-Method: OAuth2.

Hotmail/Outlook/Live/MSN/etc : Microsoft(MS) Outlook/Hotmail/Live/etc free email service(s) can be accessed for free on "Live.com" or "Outlook.Live.com" website(s) . The "Outlook.Live.com" site includes an option (which is available after login via standard-HTML mode) to access site/service over "Light Version" mode , Once/when that is set/enabled then MS webmail service allows to access emails over plain HTML site.

And MS also allows free IMAPS+POP3S+SMTPS mail-server access, which can be used from plain email-clients, for accessing emails of free email-account (or free microsoft account). To access emails use the info from "MSN" line shown here: https://support.microsoft.com/en-us/office/pop-and-imap-email-settings-for-outlook-8361e398-8af4-4e97-b147-6c6c4ac95353
IMAPS imap-mail.outlook.com:993 or POP3S pop-mail.outlook.com:995,
and SMTPS smtp-mail.outlook.com:587(startTLS),
Note: select Connection-Security: TLS/SSL, Auth-Method: "Normal Password". As normal-password goes thru TLS/SSL encrypted connection so its fine & secure (if its using strong encryption).
Tell/Inform Microsoft to SWITCH from STARTTLS into TLS/SSL, as TLS/SSL is more secure than STARTTLS . STARTTLS can be abused^{1, 2, 3, 4} to violate Privacy-Rights of users: to STEAL-from Or SPY-on users.
QUESTION: Can "Live.com" (Outlook/Hotmail/Live,etc) free emails be accessed over plain-HTML site by using a specific URL (like something that is similar to Yahoo/Google) without enabling the "LightVersion"-option ?

End-of-EXAMPLES.

WEBMAIL¹:
WebMail/WebService access is needed into online webmail based email/mail service providers (ESP/MSP).
"Mail.com" MSP seems to NOT-provide any free IMAPS/POP3S based services to free-accounts holders to get/view their received emails, and neither provides any free SMTPS service(s) to send emails outward from free-accounts . So it appears that, only free options i/user with free-accounts have, are to use their services either thru "Mail.com" website from any web-browser, or access their site thru their own "Mail.com" app . And their official app also does not have any option to use PGP/OpenPGP/GPG/SMIME based secured emails.

Another problem is, "Mail.com" Or it's parent-company seems to use too many other micro web-services from too many other sub-domains, etc !!!
"Mail.com" & its sub-domains are not DNSSEC+DANE signed, so users cannot be 100% sure if they are using authentic site/service.
So i (and users) need to know How to easily send+receive+view "Mail.com" emails from simple/BASIC/LIGHTWEIGHT WEB-BROWSER, by using secured/encrypted connection but over plain-HTML or lightweight-HTML version of web-email web-service from "Mail.com".
It will also be okay, if "Mail.com" can be directly accessed (for free-accounts) from email-client programs (i.e: Thunderbird, SeaMonkey, etc) by using some addons on the email-client, e.g: BrowseInTab, ThunderBrowse, WebApp, WebMail, etc . Do you know of any other/better addons ? ( this wud be my preferred way for accessing "Mail.com" )
And please also share info with me+users about same for other (major) online Email Service Providers, if you know & if you want to.
Please assume i'm using a very simple & basic (or lightweight) web-browser, or pls assume i'm using a very basic email-client program.
Similar to "Mail.com", these following email-service (webmail / web-service based) providers also do not provide free IMAPS/POP3S/SMTPS access to free email-account users, but provide only HTTPS(port-443) protocol based web-service/web-access (webpage based email access) for free , So they are "webmail"-providers . Many users from below email-services also need a solution (to my top-side question), to access emails by using email-service provider's basic/plain HTML version website to use from basic/lightweight web-browser software or to use from basic/lightweight email-client software.
- Webmail-providers: HushMail, ProtonMail, Tutanota, Zoho-Mail, Mailfence, iCloud, Excite-Mail, etc.
  But these service providers should provide atleast POP3S+SMTPS protocol based access for free, as those 2-protocols are minimum & being used atleast from 1984, and needed for accessing emails from email-client software, and also needed to easily send+receive secure (signed or encrypted or encrypted+signed) emails.

WEBMAIL ACCESS INTO SELF-HOSTED MAIL-SERVER:
Another major/big usage & need of having web-access for emails (aka: webmail, aka: web-browser based access) : in my case, its for accessing MY-OWN SELF-HOSTED^{1, 2} (small) MAIL-SERVER , And similarly many other users & teams & groups, etc also need to have web-access into emails, either for their business or for their own project or simply for their own personal/private usage, by SELF-HOSTING.

Such mail-servers (comparison) usually use open-source & free software, and owner/user often/usually use less-powerful or overloaded SERVER computers, and often/usually many mail-servers do not have a widely accepted public-CA (certificate-authority) based SSL/TLS cert/certificate configured for it (and may instead use a simple free self-signed TLS/SSL-cert ) , and some mail-servers also get overloaded because of extra memory-usage & extra computing resources consumed by virus/malware/spamware checker, scanner,etc software.
- Recently, free SSL/TLS certs from a CA : LE(Let's-Encrypt ^{1, 2}) has been widely used, (and even more recently another new-comer CA : ZS(ZeroSSL ¹) is becoming popular over its ease of usage) . So LE based SSL/TLS cert has began to increase encryption usage in Web+Email servers & so user's (and server owner's) Privacy is increasing.
- And, if individual or small-business or small-group/team based mail-server operator wants to, then they/he/she can avoid execessive protocols by reducing usage of specific 4-protocols : IMAP4S/993, POP3S/995, Mail-Submission/587, Mail-Submission-Over-TLS/465,
  and instead they/he/she can increase usage of 2-protocols : HTTPS/443 protocol based webmail to interact with end-users, & SMTPS/25 protocol to send emails-to (or receive emails-from) remote (mail) servers.
- Users can easily create Mail-Servers with these free (and open-source) mail-server-bundle (aka: mail-server-suite, aka: mail-server-package, aka: mail-server-stack) : Mail-in-a-Box , MailCow (for Docker) , Modoboa, Usermin(webmail), iRedMail+iRedAdmin (opensource edition of this combo only has four features), etc.
- There are also many (open-source) server-admin (aka: hosting server control panel) type of software, which can also create full-featured mail-server (and also many other servers) : Webmin+Virtualmin , GNUpanel, ISPConfig, etc, etc . You may also see a Comparison of server control panel in wikipedia site, or here.

BASIC WEB-BROWSER:
A lightweight/plain/simple HTML site/website usually uses very simple basic/plain HTML, may use simple CSS styles, may use very very less JS(JavaScripts) or No JS at all, does not use any Flash/Java or any other objects/medias, etc.

BASIC HTML WEB-SERVICE:
A plain-HTML site/website/web-service is usually tuned/optimized to work on a small-scale or light-footprint web-browsers that usually supports minimum+safe standard (or latest/best) security (encryption/decryption) protocols, but lightweight browsers usually do not have advanced viewing/interface support/capabilities (that is, they may lack big/wide screen, so lightweight web-browsers need to show less elements to make minimal items meaningful for the User so that User can use it by touch/tap/mouse), and lightweight browsers often/usually running on a device which has very-less computing-resources available (or low-speed or low FLOP/S microprocessor), etc constraints.
More info on lightweight web-browsers:
https://en.wikipedia.org/wiki/Comparison_of_lightweight_web_browsers
More info on mobile web-browsers:
https://en.wikipedia.org/wiki/Mobile_browser

"Email-Clients" means, a type of program, which allows to receive/send/view emails. More info: https://en.wikipedia.org/wiki/Comparison_of_email_clients

PORTS FOR EMAIL-SERVICES:
Internet or computer-network connection ports used by email/mail handling systems:
ISP = Internet Service Provider, they also provide Mail Service, so they are also MSP.
MSP = Mail Service Provider. For example: online mail/email service provider, webmail/web-email service provider, etc.
IMAPS/IMAP or POPS/POP service are used to view/get emails (from mail-server into user's (email) client software/app). SMTP service is used to send emails.
PROTOCOL(aka: Service) : PORT# ;
IMAPS/IMAP4S : 993 (encrypted) ; IMAP/IMAP4 : 143 (not-encrypted, usually not-private) ;
POPS/POP3S : 995 (encrypted) ; POP/POP3 : 110 (not-encrypted, usually not-private) ;
SMTP/SMTPS : 25 (usually used for Email Server To Server communication, can be encrypted or not-encrypted, depends on email-server software capability, and it is usually allowed in business-class ISP connections, and usually not-allowed in residential-class ISP connections, Email-clients used inside business-class connections can use port 25 to send emails) ;
SMTPS/SMTP (Mail-Submission) : 587 (usually for Email-Clients in residential ISP connections, and usually STARTTLS encrypted, but it may use non-encrypted protocol) ; If your ISP/MSP uses STARTTLS then tell/push them to switch into TLS/SSL, as TLS/SSL is more secure than STARTTLS . STARTTLS can be abused^{1, 2, 3, 4} to violate Privacy-Rights of users: to STEAL-from Or SPY-on users ;
SMTPS/SMTP (Message Submission Over TLS protocol) : 465 (usually for Email-Clients in residential-class connections, and usually TLS/SSL encrypted) ;
HTTPS (Secure-HTTP) : 443 (webmail. web-service. SSL/TLS encrypted. For accessing (view, receive, send) emails by using web-browsers) ;
HTTP : 80 (not-encrypted, not-private) (Avoid using it) ;

When info/msg is sent/received by using Not-Encrypted protocol(s) or by using unencrypted (aka open) protocol(s), in such case, email/message contents can be immediately viewed+stored+cached by anyone in the middle, so private-info is not-private anymore.

By the way, my question is NOT about an Email's message (or email body or content) viewing (or writing) formats or choices like these: "Plain Text" Email, or, "HTML" Email.

EXTRA INFO:
( PLEASE AVOID / SKIP READING BELOW,
if you have NO time to read more info, or if you have NO-respect that i/someone can have different preferences/choices, etc )

Encrypted protocols help to protect information/data privacy, when info/data is transiting/going thru Internet, in-between User's (local) device/computer and remote web server (or remote service provider). Encrypted protocols can keep data private+secured for some short amount of time, until the encryption is weakened/cracked/broken after some time by using various reckless schemes/backdoors by violating user's Privacy-Rights, these schemes/backdoors are also discovered+accessed by many other harmful & more-reckless entities/persons.

If regular person or their children have no "cloth"-protection of their body, & only special-group & rich can have "cloth" (or special+rich are also purposefully removing their cloth), then, those special & rich won, and achieved the harm on regular person (e.g: virus infections, sun-burn/cancer, social-chaos from nudity, hospital+pharma industries make more money, only special/rich/corrupt persons are allowed to do unethical & immoral closed-door secret discussions that affects billions of people, etc backward+uncivilized) . "Encryption" is like "Cloth" in internet, & more. We all must have cloth(real-world)+encryption(cyber-world) . All internet devices can have varieties of encryption software, no special hardware is needed for encryption, just math based encryption can work fine on all devices, So all must use one of the available encryption from a common set of encryption , we must work-on real innovative+constructive ways (instead of backward ways or thief's ways) to fix & make sure cloth+encryption not-abused by anyone, but definitely Not by going backward by breaking,removing, backdooring,weakening it , such removal^{steller-wind, prism, echelon, xkeyscore, USA-spy-on-UN} of real-encryption has endangered security & privacy of data & human life/safety support/depending systems, etc, that is why Privacy-Rights has high priority & placed at number 4th place as 4th-Amendment^{ACLU, Law.Cornell.Edu, B} in USA-Constitution (1791) . UN/EU also supports Privacy-Rights (1948 Article-12 section of UDHR, also 2014 Res-69/166, etc), all member-states signed/agreed with it.
With Guns,Powers(Lawfares/Abusive-Laws/Impunities) mainly in the hand of one major race of Police/LawEnforcement/JusticeDept side, have created massive civil inequalities & massive systematic crimes+corruption, and it empowered harmful racism, etc, etc , So Guns,Powers,Lawfares,etc need to be equal for all side and all must have equal+same+easy access , that is why we have 2nd-Amendment in 2nd highest priority place . One person or only some-people cannot be above the Law . Law must be applied equally on anyone & all, whoever will meet the Law's criteria . If all cannot have same set of Guns,tools,etc, and, if all do-not have same & easy equal-access to those , then one solution is : all must give-up those Guns,tools,etc & also sacrifice access to those , to create equality & justice for all . Disarming people from their self-protection tools is not-good, only bad people/dictator benefits from absence of those tools, bcuz then they know they do not have to fear people when they will commit more crime or abuse more pople or loot more money from people . All People need training/education on these responsibility, (for example: to handle Vehicles/Cars, driving training+test(s) are needed, right ? so to handle those tools, training+tests are also needed ) , and LawEnforcement person needs to have ATLEAST 10-TIMES MORE TRAINING+TEST & atleast 10-TIMES MORE HUMANITY INSIDE THEIR BRAIN+HEART , TO REALLY "SERVE-&-PROTECT" PEOPLE INSTEAD OF "STEAL-&-KILL" their life/privacy,etc . All human need regular/frequent TEST for (real-world) eligibility to carry/have/access these tools to response+stop attacks by evil-people who are inside the country . Similarly, All people must also have equal training & easy-access to similar tools to use inside internet(cyber-world) to response+stop attacks & data-theft by Evil-Corporations, evil-entities, evil-thief-agencies, etc that are inside the country.

End of EXTRA-INFO.

END OF DETAILS.

...

ANSWER

Answered 2020-Dec-26 at 02:49

Most of the WebMail service providers with free-service support basic/mobile web-browser and ofcourse supports general/full web-browser.
These type of service provider's web-mail-servers can detect user's (client-side) web-browser software, by detecting the User-Agent string & can switch & transfer to that mode of specific web-pages.

Below solution # 1 worked on basic lightweight web-browser, so it partially answers your question's 1st part,
and solution # 2 is the answer for your 2nd & 3rd part of the question.

SOLUTION # 1 :
Web Access Based Solution For Basic Web-Browsers:
In basic web-browser "qutebrowser" (with JS support) just goto https://www.mail.com/ website.

"Mail.com" web-servers will detect your browser & approximate location & connect your browser into appropriate web-servers related to those, just enable JS for only 7 sites/addresses shown in below, that should be sufficient, to access (view, send, receive) your emails.
I have tested "qutebrowser" v1.13.1 on MacOSX Catalina (64bit-only macOS) & it works fine, by the way qutebrowser installer for MacOSX is 144MB as it includes all dependencies, & so it uses half-gigabyte space after decompress.
if your basic/lightweight web-browser does not support JS, then this solution # 1 will not work, So wait for someone else to answer with a solution for that problem.

SOLUTION # 2 :
Website/webmail/Web-Service Access Based Solution For Thunderbird (Email-Client):
this solution/process is the preferred way, as mentioned in above/OP's Question.
Tested + worked on Thunderbird ( v68.12.1 ).

Load "BrowseInTab" Thunderbird addon : Thunderbird > Tools > Addons > in "Find More Extensions" box, type: BrowseInTab
click on [ + Add To Thunderbird ] button > "Add" > restart Thunderbird.
now send a HTML-formatted email (not plain-text Email) , into any one of the email-address (or email account) that is already setup in your Thunderbird, in that email you must send an URL LINK, this link: https://www.mail.com/
If you need to connect to a different site, then change above site.
goto Thunderbird "Preferences"/"Options"/Settings > Privacy > goto "Web Content" section.

it should by-default have the option "Accept Cookies From Sites" unselected, for now keep it like that, (if not unseleted, then unselect it), in that row in right side, there is a button [ Exceptions ], click on that, then type-in (or copy from here) each of below web-address (URL) into the "Address of Website" textbox, & then press [ Add ]/[ Allow ] button, after all 7-sites are entered, then press [ Save Changes ]:

Mail.com (Mobile/Basic Version) web-service:
1. https://www.Mail.com/
2. https://dl.Mail.com/
3. https://Login.Mail.com/
4. https://Navigator-lxa.Mail.com/
5. https://3c-lxa.Mail.com/
6. https://s.uiCDN.com/
7. https://js.ui-portal.de/
- Above list is valid for users in (southern) California, USA.
- NOTE: number 4 & 5 web-addresses (or URL(s) or site-addresses) may be DIFFERENT for your location.
- FF = Firefox . TB = Thunderbird.
- EXCEPTION / EXCLUSION LIST (BASIC/MOBILE VERSION) : How To Obtain Basic/Mobile Version Service URLs ? To find out, what exact URLs/sites are used by BASIC or MOBILE version web-service (for-example: "Mail.com"), you will have to load "NoScript", "User-Agent Switcher", "User-Agent Switcher and Manager" addons on a regular FF=Firefox web-browser . Start TB, send yourself one HTML based email with an URL/LINK in it, either this URL/LINK: "http://UserAgentString.com/" or this "https://what-is-my.com/browser/user-agent/" , open that message/email in TB , right-click on url/link , click-on "Open Link in New Tab" , TB will open the URL/LINK in a new browser-tab inside TB . Copy user-agent string code of your TB that will be shown there . Open another browser-tab in FF , and set/change that FF tab's User-Agent string by using the User-Agent switching/changing addon, & set/change default User-Agent string of FF into the User-Agent string code obtained from TB . Then visit the "https://www.Mail.com/" website in that FF tab , Mail.com website/web-service will provide web-pages to Firefox tab, based on Thunderbird's User-Agent string code that we setup in FF earlier . One by one allow+add URLs which MUST be approved/allowed in NoScript addon, for the Mail.com web-service to work . Now we have a list, this is the EXCEPTION LIST for using basic/mobile web-service.
- add "Mail.com" web-addresses in NoScript addon except for the number 4 & 5 . When you will "sign-in" into "https://www.Mail.com/" website, then you will see, immediately after sign-in with correct email-address & correct password, that, Firefox web-browser's URL bar is showing a slightly different website address, MAY BE its not exactly same as number 4 shown as above, write down the part after the word "navigator-" or the "3c-" . So this new part of server-name word is what you have to use after the "navigator-" for the above URL/web-address # 4 in your case, and use that same part also after the "3c-" for the URL # 5 . So now you know & can enter the correct URL # 4 & 5 , so enter those inside the Thunderbird's Cookie EXCEPTION list.
goto the received email which has the link https://www.mail.com/
in Thunderbird (TB) > right-click on that link > you will see an new option "Open Link in New Tab", use that, a new browser Tab will open up in Thunderbird.
now you can access (view, receive, send) your emails on "Mail.com" site itself directly, from your Email-client program, over port-443 based secured+encrypted (HTTPS + TLS/SSL) connection.
This Tab in TB should stay open, when you close/open TB next time.
regularly clear TRACKING-DATA (aka: COOKIES) inside TB.
Since you're using (basic browser) web browser tab(s) inside Thunderbird, & it will not-only connect with primary webmail website, but will also connect with too many different types of websites, So you MUST also install protection addon : AdBlock (or alternative) addon to stop intrusive/annoying/data-stealing ADs. I prefer to use uBlock-Origin addon. But user may Allow simple or Text based small ADs which do not steal (your data) & has obtained your specific permission.

If you/user want to use "Mail.com" mail services normally, thru default general full version web UI (user-interface), but inside the Thunderbird browser-tab (or inside other minimal or basic web-browser), then, also allow these URLs (along with previous 7-URLs in above), as "Mail.com" uses these for full version UI:

Mail.com (Full/default Version) web-service:
8. https://Account-lxa.Mail.com/
9. https://MyAccount.Mail.com/
10. https://mobileMailDeref.Mail.com/
11. https://api.taboola.com/
12. https://img.ui-portal.de/
13. https://cats-tam.ui-portal.de/
14. https://uim.tifbs.net/
15. https://plus.Mail.com/
16. https://mailDeref.Mail.com/
17. https://cdn.taboola.com/
18. https://Home.Navigator-lxa.Mail.com/
19. https://lps.Navigator-lxa.Mail.com/
20. https://trackbar.Navigator-lxa.Mail.com/
21. https://epimetheus.Navigator-lxa.Mail.com/
22. https://js-sec.indexWW.com/
23. https://AddressBook.Navigator-lxa.Mail.com/
24. https://ooEditor.Mail.com/
25. https://ADclient.uimServ.net/
You may/should AVOID adding below:
26. Advertisements from https://c.Amazon-ADsystem.com/ , location tracking from https://GeoLocation.OneTrust.com/, usage profiling+tracking,etc from https://www.GoogleTagServices.com/

If you look into above multiple web-services, it can be very easily said, "Mail.com" DO NOT RESPECT USER's PRIVACY-RIGHTS, AND "Mail.com" IS VIOLATING+ABUSING PRIVACY-RIGHTS , they are sharing PRIVATE data with too many ESP (external-service-providers) (aka: TPSP = 3rd-party service providers), vendors, etc , using too many APIs from ESP/TPSP, vendors, etc.

If your phone sends your voice, fingerprint, face, etc your PRIVATE biometric data outside of your phone into remote server for processing or whatever, then that is huge THEFT & STEALING AND Violation+Abuse of Privacy-Rights , because phone can use builtin+INTERNAL software, tools, etc for processing.

So similar way, the services that for-example: "Mail.com", a WebMail service provider needs, those must be used+processed INSIDE the "Mail.com" SERVERS (inside Mail.com's premise & under their control), their ESP/TPSP/vendors,etc can have remote access into their software (inside "Mail.com" server), but not any access into user's PRIVATE DATA/database, etc . Private data must not travel/copied outside of "Mail.com" servers . So "Mail.com" should create different sub-domain for their each ESP/TPSP/vendor,etc.

If a person/entity really wishes to NOT violate/abuse human-rights , then there are always (many) ways for that.

OAUTH:
various (remote) web-service & other online service providers may/often use OAuth (OAuth 2.0, etc) based verification to allow user to sign-in/login into their site/service-site from user's/client's software . OAuth verification process need to save a token as a Cookie inside your web-browser software , this process uses HTTPS/443 protocol based connection via a web-browser . If your web-browser blocks cookies, to create safety, from tracking cookies of various human-rights violating websites/web-services, etc , then you/user have to allow OAuth verification related specific cookies by adding specific OAuth verification related websites/webservices, into your web-browser's Cookie/Script EXCEPTION LIST . After that OAuth verification related sign-in/login will succeed & an approved token as a cookie will be saved . OAuth verification may use one or few more extra web-sites/URLs from your (remote) service provider, than the sites that are generally used for a general login/sign-in . When this token/cookie is saved & available inside a client software, then it can be used to verify user's client-software (that i connecting with (remote) service provider) for various other protocol based services, for-example: IMAP/POP3, SMTP mail-server services, IM(instant-messaging) chat network services, etc, etc.

Normally without OAuth, user have to verify from the client software's connection into the (remote) web-server that it is indeed he himself (or she herself) is accessing the (remote) web-services, by providing the password (web-service access main/master password) as a proof each time, or by saving this main/master password inside the software . So if this client software is hacked or a backdoor/bug/vulnerability is found then harmful entity may/will also have the main/master password and takeover your account . But this risk can be reduced, by saving a token/cookie instead of the main/master password, and use that token/cookie to prove that its you who is accessing the service from that client software . If you suspect there was a remote access event occurred in your computer/device, then just clear saved token/cookie/password, & re-verify via OAuth to save a new token/cookie . Harmful entity when obtains the token/cookie can access your some data, but not all data, as other sensitive data access (may) require entering main/master password.

So even OAuth has weakness^{1, 2, 3} & strength¹, so use wisely where & when appropriate . When its used with other SECURED process only THEN it can be better.

Client software/app which cannot handle web-browser connection to use OAuth, for those type of app/clients, you can go into your web-service provider's website, find-out the section that allows to generate/create a TP(Third-Party) App Access Key (AAK) code, or Secure Mail Key (SMK) code, etc . This type of (app access key) code should be used as password in/with your client-software, then main/master-password remains safe . This is much better solution than OAuth.
Some service-providers will allow you to use (app) access-key in your client-software first, then they will also allow to use OAuth if you need-to.

TB = Thunderbird .

EXCEPTION / EXCLUSION LIST (OAUTH RELATED) : First, please follow the procedure shown in above "Mail.com" section on How to find-out & add EXCEPTION to allow BASIC/MOBILE VERSION based access service by using a basic web-browser (or by using builtin browser-tab inside TB email-client software).
Then Begin OAuth verification process in your client software , open OAuth verification URL in a web-browser (or open inside TB's builtin browser-tab) , in bottomside near app border AND in topside URL bar, you will see which web-sites it is attempting to connect or connecting, etc , either take screen-shot picture(s) whenever URL/website changes by pressing specific screenshot buttons , or write down each URLs when URL changes.
If only one extra site/website is needed for OAuth, then after adding that one site (in EXCEPTION list) , oauth verification will complete, but as it is still not yet inside the Exception list, OAuth will not succeed , So add the URL/website in web-browser's (or TB's) Cookie/Script EXCEPTION list . And again initiate OAuth verification in your client software/app . this time it will succeed.
If oauth verification need to use multiple sites, then you will also have to add multiple times different URLs in EXCEPTION list, and you also have to initiate oauth verification process multiple times from client software.
When oauth succeeds then you're done.
Time to share that list with others (please mention if 2FA option was enabled in your case or not).
Share only URL portion, not the portion that is after the left-side first single / slash: https://websiteURL.com/...

For example, below pictures showing OAuth verification process during adding a new mail-account inside Thunderbird email client software.

after pressing the "Done" button during adding/creating New Mail-Account in Thunderbird=TB , TB email client software has initiated OAuth2 verification process in browser-tab
after adding few more yahoo related URLs into Exception-list, Yahoo asking user to Sign-In with Yahoo main/master password, to verify & find-out indeed an authentic user has initiated this process or not
Yahoo verifying user is authentic or not with 2FA type of verification, showing 2FA verification options
Yahoo sending 2FA notification in their Yahoo Mail mobile app in user's smartphone
Yahoo asking user to approve TB client/app for OAuth
Thunderbird email client app is approved & added into authorized/approved app list, and it can be seen (via Firefox) inside Yahoo Mail web-access site's Recent Activity section
Even though in above picture, the URL https://api.login.yahoo.com/ is shown, but actually i needed to approve only https://jsapi.login.yahoo.com/ in EXCEPTION list.
in below goto Yahoo section to see which exact URLs were approved & needed for OAuth2.0
End of OAUTH section.

Yahoo (Basic/Mobile Version) web-service:
This section contains info on what needs to be allowed in Thunderbird basic-browser tab, to access Yahoo "free" emails over their webmail web-service interface, to do basic functions: view new emails, or send emails. Below # 1 site is the webmail login/access site.

https://mail.yahoo.com/ Mail.Yahoo.com
https://login.yahoo.com/
https://s.yimg.com/
https://data.mail.yahoo.com/

List is valid for users in (southern) California, USA, so it will be different based on different location. If you have Yahoo app on your phone, Yahoo may send user-sign-in event verification notice in it, once you select "yes" or allow it, basic browser in TB should take you to yahoo Inbox . NoScript on Firefox was used to obtain the list . Above list will be further different if you use their basic-HTML version site. List will be different if you've subscribed/changed your account into a different type of account. List will be different if you've enabled 2FA for your account . Follow above "Mail.com" section to apply it.

Yahoo also has these MOBILE (aka: BASIC-service friendly, aka: BASIC/HTML version) access sites:
• https://login.yahoo.com/?.src=ym&lang=&done=https%3A%2F%2Fmail.yahoo.com%2Fneo%2Fb%2Flaunch
• https://m.yahoo.com/
• https://us.m.yahoo.com/p/mail

For accessing Yahoo emails via "OAuth2" authentication-method, just add these two URLs as cookie [ Exceptions ] in TB,etc email-clients:
• https://login.yahoo.com/
• https://api.login.yahoo.com/

For accessing Yahoo emails via their full-version (web mail access) website inside Thunderbird's (or Firefox's) browser-tab , use above four URLs and below URL list . These will be slightly different based on your/user's location, etc.

Microsoft Outlook/Hotmail/Live,etc (Basic/Mobile Version) web-service:
This section contains info on what needs to be allowed in Thunderbird basic-browser tab, to access MS Outlook/Live/Hotmail "free" emails over their webmail web-service interface, to do basic functions: view new emails, or send emails. Below # 1 site is the webmail login/access site.

https://outlook.live.com/ Outlook.Live.com
https://login.live.com/
https://logincdn.msauth.net/
https://outlook-1.cdn.office.net/

List is valid for users in (southern) California, USA, so it will be different based on different location. NoScript on Firefox was used to obtain the list . List will be further different if you use their basic-HTML version site. List will be different if you've subscribed/changed your account into a different type of account. List will be different if you've enabled 2FA for your account . Follow above "Mail.com" section to apply it.

Microsoft mail services also has these Mobile (aka: Basic-service friendly, aka: BASIC/HTML version) webmail access sites:
• https://mssl.mail.live.com/m/?bfv=wm
• https://mobile.live.com/hm
• https://profile.live.com/contacts?bfv=um
• https://mail.live.com/m
• https://wls.live.com
• https://mobile.msn.com/pocketpc/

For accessing emails thru "OAuth2" auth-method , use/add above four URLs & below one URL in TB's Cookie [ Exceptions ] list:
5. https://login.microsoftonline.com/

For accessing emails thru full-version webmail access website, lots of URLs need to be added into Exception list.

Push Microsoft to use TLS/SSL based encryption security, instead of StartTLS encryption security, as TLS/SSL is far far more secured+safer than StartTLS.

GMail (Basic/Mobile Version) web-service:
This section contains info on what needs to be allowed in Thunderbird basic-browser tab, to access Gmail (from Google) "free" emails over their webmail web-service interface, to do basic functions: view new emails, or send emails. Below # 1 site is the webmail login/access site.

https://mail.google.com/ mail.Google.com
https://accounts.google.com/
https://ssl.gstatic.com/
https://www.gstatic.com/

List is valid for users in (southern) California, USA, so it will be different based on different location . NoScript on Firefox was used to obtain the list . List will be further different if you use their basic-HTML version site. List will be different if you've subscribed/changed your account into a different type of account. List will be different if you've enabled 2FA for your account . Follow above "Mail.com" section to apply it.

GMail also has these Mobile (aka: Basic-service friendly, aka: BASIC/HTML version) webmail access sites:
• https://mail.google.com/mail/u/0/h/1pq68r75kzvdr/?v%3Dlui
• https://m.gmail.com/
• https://mail.google.com/mail/x/gdlakb-/gp/
• https://mail.google.com/a/[Your-Domain]/x/1gjikl11t3cl1
• https://www.google.com/ig/mobile?output=pda

For accessing GMail/Google-Mail emails via "OAuth2" authentication-method , add these three URL exceptions in TB,etc email-client's cookie Exception list:
• https://accounts.google.com/
• https://ssl.gstatic.com/
• https://www.gstatic.com/

For accessing emails thru full-version webmail access website, lots of URLs need to be added into Exception list.

Source https://stackoverflow.com/questions/63253091

QUESTION

Nodemailer with Tutanota Mail in Node.js

Asked 2020-Aug-09 at 14:56

I recently found the e-mail provider Tutanota, which I found trustworthy and which scored especially high on privacy. However, I cannot manage to run Nodemailer with Tutanota. Does anyone know which host and port Tutanota uses?

...

ANSWER

Answered 2020-Aug-09 at 14:56

For those who have encountered the same problem as me: It is not possible to send E-Mails with nodemailer and Tutanota Mail.

I have now switched to Zoho Mail. Sending mails is much easier with Zoho Mail and above all it works.

Source https://stackoverflow.com/questions/63288840

QUESTION

SPF Record for Multiple DKIMs (including MX)

Asked 2020-May-28 at 22:04

I know very little about mail server administration. I'm piecing together user guides. I've bought a domain name, and [paid] Protonmail which allows using a custom domain. I've had this working for a while, but now I'm having trouble extending it for another DKIM record.

Objectives:

Send and receive email using Protonmail from the custom domain
Send-only email from a Postfix server I'm running

In order to send/receive email using Protonmail through my domain name, I've set up the following TXT records:

...

ANSWER

Answered 2020-May-28 at 22:04

Ok, let's start debugging this anyways ... (quite frankly, this is not a programming question so superuser would have been the better choice there, but I like that you wanna host your own mail :) )

Your SPF record should look like the following. Your own domain is not needed, cause the SPF record is saved in it's DNS records. Otherwise, that would (but won't) build a loop.

Source https://stackoverflow.com/questions/61968628

Community Discussions, Code Snippets contain sources that include Stack Exchange Network

Vulnerabilities

No vulnerabilities reported

Install tutanota

You can download it from GitHub.

Support

For any new features, suggestions and bugs create an issue on GitHub. If you have any questions check and ask questions on community page Stack Overflow .

Find more information at: