[Solved] Access WebMail(i.e:”Mail.com”) Emails Over Basic HTML Version WebSite From Basic/TB WebBrowser [closed]

by


Most of the WebMail service providers with free-service support basic/mobile web-browser and ofcourse supports general/full web-browser.
These type of service provider’s web-mail-servers can detect user’s (client-side) web-browser software, by detecting the User-Agent string & can switch & transfer to that mode of specific web-pages.

TB = THUNDERBIRD . TB is an EMAIL CLIENT type of software program/app . TB also uses Mozilla Firefox Web-Browser engine/core for the TB web-browser TAB . Webmail services / websites can be used inside TB’s web-browser tab . In this way, email related external access & information remains inside same software program/app, and security / firewall rules can be set bit more easily.

Below solution # 1 worked on basic lightweight web-browser, so it partially answers your question’s 1st part,
and solution # 2 is the answer for your 2nd & 3rd part of the question.

SOLUTION # 1 :
Web Access Based Solution For Basic Web-Browsers:
In basic web-browser “qutebrowser” (with JS support) just goto https://www.mail.com/ website.

  • “Mail.com” web-servers will detect your browser & approximate location & connect your browser into appropriate web-servers related to those, just enable JS for only 7 sites/addresses shown in below, that should be sufficient, to access (view, send, receive) your emails.
  • I have tested “qutebrowser” v1.13.1 on MacOSX Catalina (64bit-only macOS) & it works fine, by the way qutebrowser installer for MacOSX is 144MB as it includes all dependencies, & so it uses half-gigabyte space after decompress.
  • if your basic/lightweight web-browser does not support JS, then this solution # 1 will not work, So wait for someone else to answer with a solution for that problem.

SOLUTION # 2 :
Website/webmail/Web-Service Access Based Solution For Thunderbird (Email-Client):
this solution/process is the preferred way, as mentioned in above/OP’s Question.
Tested + worked on Thunderbird ( v68.12.1 ).

  • Load “BrowseInTab” Thunderbird addon : Thunderbird > Tools > Addons > in “Find More Extensions” box, type: BrowseInTab
    click on [ + Add To Thunderbird ] button > “Add” > restart Thunderbird.

    • Also load “Open Tab” Thunderbird addon : Thunderbird > Tools > Addons > in “Find More Extensions” box, type: Open Tab
      click on [ + Add To Thunderbird ] button > “Add” > restart Thunderbird.

  • now send a HTML-formatted email (not plain-text Email) , into any one of the email-address (or email account) that is already setup in your Thunderbird, in that email you must send an URL LINK, this link: https://www.mail.com/
    If you need to connect to a different site, then change above site.

  • goto Thunderbird “Preferences”/”Options”/Settings > Privacy > goto “Web Content” section.
    Thunderbird - Preferences - Privacy - Web Content - Exceptions
    it should by-default have the option “Accept Cookies From Sites” unselected, for now keep it like that, (if not unseleted, then unselect it), in that row in right side, there is a button [ Exceptions ], click on that, then type-in (or copy from here) each of below web-address (URL) into the “Address of Website” textbox, & then press [ Add ]/[ Allow ] button, after all 7-sites are entered, then press [ Save Changes ]:

    Mail.com (Mobile/Basic Version) web-service:

    1. https://www.mail.com/
    2. https://3c-lxa.mail.com/
    3. https://dl.mail.com/
    4. https://mailderef.mail.com/
    5. https://navigator-lxa.mail.com/
    6. https://epimetheus.navigator-lxa.mail.com/
    7. https://home.navigator-lxa.mail.com/
    8. https://lps.navigator-lxa.mail.com/
    9. https://trackbar.navigator-lxa.mail.com/
    10. https://plus.mail.com/
    11. https://wa.mail.com/
    12. https://js.ui-portal.de/
    13. https://img.ui-portal.de/
    14. https://nct.ui-portal.de/
    15. https://s.uicdn.com/
    16. https://login.mail.com/
    • Above list is valid for users in (southern) California, USA.
    • NOTE: some of the above web-addresses (or URL(s) or site-addresses) may be DIFFERENT for your location.
    • FF = Firefox . TB = Thunderbird.
    • EXCEPTION / EXCLUSION LIST (BASIC/MOBILE VERSION) : How To Obtain Basic/Mobile Version Service URLs ? To find out, what exact URLs/sites are used by BASIC or MOBILE version web-service (for-example: “Mail.com”), you will have to load “NoScript“, “User-Agent Switcher“, “User-Agent Switcher and Manager” addons on a regular FF=Firefox web-browser . Start TB, send yourself one HTML based email with an URL/LINK in it, either this URL/LINK: “http://UserAgentString.com/” or this “https://what-is-my.com/browser/user-agent/” , open that message/email in TB , right-click on url/link , click-on “Open Link in New Tab” , TB will open the URL/LINK in a new browser-tab inside TB . Copy user-agent string code of your TB that will be shown there . Open another browser-tab in FF , and set/change that FF tab’s User-Agent string by using the User-Agent switching/changing addon, & set/change default User-Agent string of FF into the User-Agent string code obtained from TB . Then visit the “https://www.Mail.com/” website in that FF tab , Mail.com website/web-service will provide web-pages to Firefox tab, based on Thunderbird’s User-Agent string code that we setup in FF earlier . One by one allow+add URLs which MUST be approved/allowed in NoScript addon, for the Mail.com web-service to work . Now we have a list, this is the EXCEPTION LIST for using basic/mobile web-service.
    • add “Mail.com” web-addresses in NoScript addon except for the number 4 & 5 . When you will “sign-in” into “https://www.Mail.com/” website, then you will see, immediately after sign-in with correct email-address & correct password, that, Firefox web-browser’s URL bar is showing a slightly different website address, MAY BE its not exactly same as number 4 shown as above, write down the part after the word “navigator-” or the “3c-” . So this new part of server-name word is what you have to use after the “navigator-” for the above URL/web-address # 4 in your case, and use that same part also after the “3c-” for the URL # 5 . So now you know & can enter the correct URL # 4 & 5 , so enter those inside the Thunderbird’s Cookie EXCEPTION list.

  • goto the received email which has the link https://www.mail.com/
    in Thunderbird (TB) > right-click on that link > you will see an new option "Open Link in New Tab", use that, a new browser Tab will open up in Thunderbird.

  • now you can access (view, receive, send) your emails on “Mail.com” site itself directly, from your Email-client program, over port-443 based secured+encrypted (HTTPS + TLS/SSL) connection.

  • This Tab in TB should stay open, when you close/open TB next time.

  • regularly clear TRACKING-DATA (aka: COOKIES) inside TB.

  • Since you’re using (basic browser) web browser tab(s) inside Thunderbird, & it will not-only connect with primary webmail website, but will also connect with too many different types of websites, So you MUST also install protection addon : AdBlock (or alternative) addon to stop intrusive/annoying/data-stealing ADs. I prefer to use uBlock-Origin addon. But user may Allow simple or Text based small ADs which do not steal (your data) & has obtained your specific permission.

If you/user want to use “Mail.com” mail services normally, thru default general full version web UI (user-interface), but inside the Thunderbird browser-tab (or inside other minimal or basic web-browser), then, also allow these URLs (along with previous 7-URLs in above), as “Mail.com” uses these for full version UI:

  • Mail.com (Full/default Version) web-service:
    17. https://i0.mail.com/
    18. https://cats.navigator-lxa.mail.com/
    19. https://password.mail.com/
    20. https://wa.ui-portal.de/
    21. https://ogs.ui-portal.de/
    22. https://Account-lxa.Mail.com/
    23. https://MyAccount.Mail.com/
    24. https://mobileMailDeref.Mail.com/
    25. https://api.taboola.com/
    26. https://cats-tam.ui-portal.de/
    27. https://uim.tifbs.net/
    28. https://cdn.taboola.com/
    29. https://js-sec.indexWW.com/
    30. https://AddressBook.Navigator-lxa.Mail.com/
    31. https://ooEditor.Mail.com/
    32. https://ADclient.uimServ.net/
    You may/should AVOID adding below:
    33. Advertisements from https://c.Amazon-ADsystem.com/ , 34. location tracking from https://GeoLocation.OneTrust.com/, usage profiling+tracking,etc from 35. https://www.GoogleTagServices.com/ , 36. https://www.GoogleTagManager.com/

If you look into above multiple web-services, it can be very easily said, “Mail.com” DO NOT RESPECT USER’s PRIVACY-RIGHTS, AND “Mail.com” IS VIOLATING+ABUSING PRIVACY-RIGHTS , they are sharing PRIVATE data with too many ESP (external-service-providers) (aka: TPSP = 3rd-party service providers), vendors, etc , using too many APIs from ESP/TPSP, vendors, etc.

If your phone sends your voice, fingerprint, face, etc your PRIVATE biometric data outside of your phone into remote server for processing or whatever, then that is huge THEFT & STEALING AND Violation+Abuse of Privacy-Rights , because phone can use builtin+INTERNAL software, tools, etc for processing.

So similar way, the services that for-example: “Mail.com”, a WebMail service provider needs, those must be used+processed INSIDE the “Mail.com” SERVERS (inside Mail.com’s premise & under their control), their ESP/TPSP/vendors,etc can have remote access into their software (inside “Mail.com” server), but not any access into user’s PRIVATE DATA/database, etc . Private data must not travel/copied outside of “Mail.com” servers . So “Mail.com” should create different sub-domain for their each ESP/TPSP/vendor,etc.

If a person/entity really wishes to NOT violate/abuse human-rights , then there are always (many) ways for that.

OAUTH:
various (remote) web-service & other online service providers may/often use OAuth (OAuth 2.0, etc) based verification to allow user to sign-in/login into their site/service-site from user’s/client’s software . OAuth verification process need to save a token as a Cookie inside your web-browser software , this process uses HTTPS/443 protocol based connection via a web-browser . If your web-browser blocks cookies, to create safety, from tracking cookies of various human-rights violating websites/web-services, etc , then you/user have to allow OAuth verification related specific cookies by adding specific OAuth verification related websites/webservices, into your web-browser’s Cookie/Script EXCEPTION LIST . After that OAuth verification related sign-in/login will succeed & an approved token as a cookie will be saved . OAuth verification may use one or few more extra web-sites/URLs from your (remote) service provider, than the sites that are generally used for a general login/sign-in . When this token/cookie is saved & available inside a client software, then it can be used to verify user’s client-software (that i connecting with (remote) service provider) for various other protocol based services, for-example: IMAP/POP3, SMTP mail-server services, IM(instant-messaging) chat network services, etc, etc.

Normally without OAuth, user have to verify from the client software’s connection into the (remote) web-server that it is indeed he himself (or she herself) is accessing the (remote) web-services, by providing the password (web-service access main/master password) as a proof each time, or by saving this main/master password inside the software . So if this client software is hacked or a backdoor/bug/vulnerability is found then harmful entity may/will also have the main/master password and takeover your account . But this risk can be reduced, by saving a token/cookie instead of the main/master password, and use that token/cookie to prove that its you who is accessing the service from that client software . If you suspect there was a remote access event occurred in your computer/device, then just clear saved token/cookie/password, & re-verify via OAuth to save a new token/cookie . Harmful entity when obtains the token/cookie can access your some data, but not all data, as other sensitive data access (may) require entering main/master password.

So even OAuth has weakness1, 2, 3 & strength1, so use wisely where & when appropriate . When its used with other SECURED process only THEN it can be better.

Client software/app which cannot handle web-browser connection to use OAuth, for those type of app/clients, you can go into your web-service provider’s website, find-out the section that allows to generate/create a TP(Third-Party) App Access Key (AAK) code, or Secure Mail Key (SMK) code, etc . This type of (app access key) code should be used as password in/with your client-software, then main/master-password remains safe . This is much better solution than OAuth.
Some service-providers will allow you to use (app) access-key in your client-software first, then they will also allow to use OAuth if you need-to.

TB = Thunderbird .

EXCEPTION / EXCLUSION LIST (OAUTH RELATED) : First, please follow the procedure shown in above “Mail.com” section on How to find-out & add EXCEPTION to allow BASIC/MOBILE VERSION based access service by using a basic web-browser (or by using builtin browser-tab inside TB email-client software).
Then Begin OAuth verification process in your client software , open OAuth verification URL in a web-browser (or open inside TB’s builtin browser-tab) , in bottomside near app border AND in topside URL bar, you will see which web-sites it is attempting to connect or connecting, etc , either take screen-shot picture(s) whenever URL/website changes by pressing specific screenshot buttons , or write down each URLs when URL changes.
If only one extra site/website is needed for OAuth, then after adding that one site (in EXCEPTION list) , oauth verification will complete, but as it is still not yet inside the Exception list, OAuth will not succeed , So add the URL/website in web-browser’s (or TB’s) Cookie/Script EXCEPTION list . And again initiate OAuth verification in your client software/app . this time it will succeed.
If oauth verification need to use multiple sites, then you will also have to add multiple times different URLs in EXCEPTION list, and you also have to initiate oauth verification process multiple times from client software.
When oauth succeeds then you’re done.
Time to share that list with others (please mention if 2FA option was enabled in your case or not).
Share only URL portion, not the portion that is after the left-side first single / slash: https://websiteURL.com/

For example, below pictures showing OAuth verification process during adding a new mail-account inside Thunderbird email client software.

  • after pressing the “Done” button during adding/creating New Mail-Account in Thunderbird=TB , TB email client software has initiated OAuth2 verification process in browser-tab
    Thunderbird - After Pressing Done Button For Creating/Adding New Mail Account - OAuth2 Verification Proceces Began Inside Browser-Tab
  • after adding few more yahoo related URLs into Exception-list, Yahoo asking user to Sign-In with Yahoo main/master password, to verify & find-out indeed an authentic user has initiated this process or not
    Thunderbird - Yahoo asking user to Sign-In with main password
  • Yahoo verifying user is authentic or not with 2FA type of verification, showing 2FA verification options
    Thunderbird - Yahoo verifying user is authentic or not with 2FA type of verification
  • Yahoo sending 2FA notification in their Yahoo Mail mobile app in user’s smartphoneYahoo Mail mobile app on Android - Yahoo sends notification in mobile app, To obtain permission from user
  • Yahoo asking user to approve TB client/app for OAuth
    Thunderbird - Yahoo Asking User To Approve Thunderbird Client/App
  • Thunderbird email client app is approved & added into authorized/approved app list, and it can be seen (via Firefox) inside Yahoo Mail web-access site’s Recent Activity section
    Firefox - Yahoo's Recent Activity section showing Thunderbird as approved/authorized app
  • Even though in above picture, the URL https://api.login.yahoo.com/ is shown, but actually i needed to approve only https://jsapi.login.yahoo.com/ in EXCEPTION list.
  • in below goto Yahoo section to see which exact URLs were approved & needed for OAuth2.0
    End of OAUTH section.

Yahoo (Basic/Mobile Version) web-service:
This section contains info on what needs to be allowed in Thunderbird basic-browser tab, to access Yahoo “free” emails over their webmail web-service interface, to do basic functions: view new emails, or send emails. Below # 1 site is the webmail login/access site.

  1. https://mail.yahoo.com/ Mail.Yahoo.com
  2. https://login.yahoo.com/
  3. https://s.yimg.com/
  4. https://data.mail.yahoo.com/
  • List is valid for users in (southern) California, USA, so it will be different based on different location. If you have Yahoo app on your phone, Yahoo may send user-sign-in event verification notice in it, once you select “yes” or allow it, basic browser in TB should take you to yahoo Inbox . NoScript on Firefox was used to obtain the list . Above list will be further different if you use their basic-HTML version site. List will be different if you’ve subscribed/changed your account into a different type of account. List will be different if you’ve enabled 2FA for your account . Follow above “Mail.com” section to apply it.

Yahoo also has these MOBILE (aka: BASIC-service friendly, aka: BASIC/HTML version) access sites:
https://login.yahoo.com/?.src=ym&lang=&done=https%3A%2F%2Fmail.yahoo.com%2Fneo%2Fb%2Flaunch
https://m.yahoo.com/
https://us.m.yahoo.com/p/mail

For accessing Yahoo emails via “OAuth2” authentication-method, just add these two URLs as cookie [ Exceptions ] in TB,etc email-clients:
https://login.yahoo.com/
https://api.login.yahoo.com/

For accessing Yahoo emails via their full-version (web mail access) website inside Thunderbird’s (or Firefox’s) browser-tab , use above four URLs and below URL list . These will be slightly different based on your/user’s location, etc.
Thunderbird - WebSite/URL Exceptions To Allow/Block Cookies

Microsoft Outlook/Hotmail/Live,etc (Basic/Mobile Version) web-service:
This section contains info on what needs to be allowed in Thunderbird basic-browser tab, to access MS Outlook/Live/Hotmail “free” emails over their webmail web-service interface, to do basic functions: view new emails, or send emails. Below # 1 site is the webmail login/access site.

  1. https://outlook.live.com/ Outlook.Live.com
  2. https://login.live.com/
  3. https://logincdn.msauth.net/
  4. https://outlook-1.cdn.office.net/
  • List is valid for users in (southern) California, USA, so it will be different based on different location. NoScript on Firefox was used to obtain the list . List will be further different if you use their basic-HTML version site. List will be different if you’ve subscribed/changed your account into a different type of account. List will be different if you’ve enabled 2FA for your account . Follow above “Mail.com” section to apply it.

Microsoft mail services also has these Mobile (aka: Basic-service friendly, aka: BASIC/HTML version) webmail access sites:
https://mssl.mail.live.com/m/?bfv=wm
https://mobile.live.com/hm
https://profile.live.com/contacts?bfv=um
https://mail.live.com/m
https://wls.live.com
https://mobile.msn.com/pocketpc/

For accessing emails thru “OAuth2” auth-method , use/add above four URLs & below one URL in TB’s Cookie [ Exceptions ] list:
5. https://login.microsoftonline.com/

For accessing emails thru full-version webmail access website, lots of URLs need to be added into Exception list.

Push Microsoft to use TLS/SSL based encryption security, instead of StartTLS encryption security, as TLS/SSL is far far more secured+safer than StartTLS.

GMail (Basic/Mobile Version) web-service:
This section contains info on what needs to be allowed in Thunderbird basic-browser tab, to access Gmail (from Google) “free” emails over their webmail web-service interface, to do basic functions: view new emails, or send emails. Below # 1 site is the webmail login/access site.

  1. https://mail.google.com/ (To access, goto: mail.Google.com)
  2. https://accounts.google.com/
  3. https://ssl.gstatic.com/
  4. https://www.gstatic.com/
  • List is valid for users in (southern) California, USA, so it will be different based on different location . NoScript on Firefox was used to obtain the list . List will be further different if you use their basic-HTML version site. List will be different if you’ve subscribed/changed your account into a different type of account. List will be different if you’ve enabled 2FA for your account . Follow above “Mail.com” section to apply it.

GMail also has these Mobile (aka: Basic-service friendly, aka: BASIC/HTML version) webmail access sites:
https://mail.google.com/mail/u/0/h/1pq68r75kzvdr/?v%3Dlui
https://m.gmail.com/
https://mail.google.com/mail/x/gdlakb-/gp/
https://mail.google.com/a/[Your-Domain]/x/1gjikl11t3cl1
https://www.google.com/ig/mobile?output=pda

For accessing GMail/Google-Mail emails via “OAuth2” authentication-method , add these three URL exceptions in TB,etc email-client’s cookie Exception list:
https://accounts.google.com/
https://ssl.gstatic.com/
https://www.gstatic.com/

For accessing emails thru full-version webmail access website (inside TB), lots of URLs need to be added into Exception list.

For doing Hangouts CHAT securely inside TB via using google’s hangouts website/web-service , Copy+paste add+allow below URLs into TB’s Cookie-Exception list . Do not use (Thunderbird) TB’s Google-Talk (GTalk) based chat account/connection, because that DOES NOT USE SECURE/ENCRYPTION PROTOCOL PROPERLY, So Your MAIN Password Will Be Exposed Or At Risk . Use “Hangouts” web-service inside TB’s web-browser TAB, which can connect securely into Google’s GTalk/XMPP chat network.
Access/signin web-service site: Hangouts.Google.com
https://hangouts.google.com/
https://accounts.google.com/
https://myaccount.google.com/
https://ogs.google.com/
https://clients6.google.com/
https://clients4.google.com/
https://chat-pa.clients6.google.com/
https://chat-pa.clients4.google.com/
https://people-pa.clients6.google.com/
https://people-pa.clients4.google.com/
https://signaler-pa.clients6.google.com/
https://signaler-pa.clients4.google.com/
https://ssl.gstatic.com/
https://www.gstatic.com/
https://apis.google.com/
https://aa.google.com/
https://0.client-channel.google.com/ (You will have to add multiple of these servers, by changing “0” into other numbers: 1, 2, 3, 4, 5, … etc, Add upto atleast 30 . Which exact one will be used, depends on which one is free & randomly selected by google to serve your connection)

solved Access WebMail(i.e:”Mail.com”) Emails Over Basic HTML Version WebSite From Basic/TB WebBrowser [closed]