MozillaZine

Anyone else got this from Yahoo?

User Help for Mozilla Thunderbird
Zosimos
 
Posts: 163
Joined: April 23rd, 2004, 12:12 pm
Location: Ohio, USA

Post Posted August 25th, 2020, 8:00 am

Looks like Yahoo is doing something to their email system. I hope it means better security, but there is a major hurdle to get there.

We love that you love using your Yahoo Mail. And we want to make sure you always have the best experience. That’s why we’re reaching out today.

We’ve noticed that you’re using non-Yahoo applications (such as third-party email, calendar, or contact applications) that may use a less secure sign-in method. To protect you and your data, Yahoo will no longer support the current sign-in functionality in your application starting on October 20, 2020. This means that you will need to take one of the steps below to continue using Yahoo Mail without interruption.

But don’t worry, you have options. Find an option that works best for you below:

Option 1: We recommend that you access your email using our free Yahoo Mail app for iOS and Android or simply go to mail.yahoo.com to access Yahoo Mail on the web.

Option 2: Keep your current, non-Yahoo app, BUT follow a few steps to get it to sync with our secure sign-in method. The steps vary across different email applications, but in most cases, you will have to remove your Yahoo account from the app and then add it back again to update the sign-in security. Use the links below to follow the specific steps for your current application:

iOS Mail
Gmail
Samsung Mail
Others


Option 3: You can generate a one-time, unique password that will allow you to sign in to your account using your non-Yahoo email application. Once created, this password will continue to allow your app to securely sync your Yahoo email unless you sign out (or are signed out) from your app. You can find instructions on how to do this here.

If you want more details on these changes, please visit our help page. If you’ve already taken action, we’d like to think you haven’t read this far, but if you have . . . we sure appreciate the diligence!

Thanks for rocking that Yahoo Mail address!

Yours in your inbox,
The Yahoo Team


I hope it is possible to 'upgrade' to this new login without deleting all of your existing mail in your IMAP client? (Thunderbird in my case, of course...)

WaltS48

User avatar
 
Posts: 4526
Joined: May 7th, 2010, 9:38 am
Location: Pennsylvania, USA

Post Posted August 25th, 2020, 12:45 pm

Many users got it, and I got one from AOL for my AOL account.

I'll probably use Option 3.
Linux Desktop - AMD Athlon(tm) II X3 455 3.3GHz | 8.0GB RAM | GeForce GT 630
Windows Notebook - AMD A8 7410 2.2GHz | 6.0GB RAM | AMD Radeon R5

tanstaafl
Moderator

User avatar
 
Posts: 47171
Joined: July 30th, 2003, 5:06 pm

Post Posted August 25th, 2020, 7:07 pm

I never got that email. My Yahoo IMAP account is configured to use OAuth2 as the authentication method in the accounts server settings. You don't need to delete and add the account again to change the authentication method in Thunderbird. Is switching to Oauth2 option 2?

hopalongrock
 
Posts: 41
Joined: October 7th, 2017, 11:19 am

Post Posted August 26th, 2020, 3:48 am

I got those emails from Yahoo and AOL, although I have POP3 and Oauth2.
I'll wait, and see what happens, but option 2 is sympathetic to me, but ....
It may also work further without any change, if necessary I possibly will try to create an account in a new profile, and watch what is different - although I don't think TB will create anything different.

epp
 
Posts: 21
Joined: October 23rd, 2011, 7:38 am
Location: U.S.A.

Post Posted August 26th, 2020, 4:54 am

Option 3 is the best route. You do not have to delete the account from Thunderbird, SeaMonkey, or your non-AOL/Yahoo app.

Follow the instructions provided to generate the new password for your third-party software or aop and simply change the password for the account in the software/app. Works perfectly.

If you're using OAuth2 already, then I think you are all set. I believe the e-mail was sent to those users using third party apps not using OAuth2, using the same credentials that are used to login via the web site.
Fedora 32

hopalongrock
 
Posts: 41
Joined: October 7th, 2017, 11:19 am

Post Posted August 26th, 2020, 5:34 am

The Option 3 section in the Yahoo/AOL email contains:

"You can generate a one-time, unique password" and " allow your app to securely sync your Yahoo email unless you sign out (or are signed out) from your app."
Maybe every TB session is a new login, and needs a new one-time password, I don't know.

Interesting, I have OAuth2 and yet I got the emails, but perhaps these emails were sent by mistake in my case.

snailcoach
 
Posts: 35
Joined: May 19th, 2016, 1:16 pm

Post Posted August 26th, 2020, 9:53 pm

As option 2 indicates '. . .as in most cases, you will have to remove your Yahoo account from the app and then add it back again to update the sign-in security.'

It's likely not everyone has to remove and re-add their account(s)? I checked Yahoo!'s help page but wasn't able to determine if the one time unique password is needed for every login.

For some reason I didn't have mine set to OAuth2 and just did so. Had to re-enter my password though. Come October I'll see what next.

epp
 
Posts: 21
Joined: October 23rd, 2011, 7:38 am
Location: U.S.A.

Post Posted August 27th, 2020, 7:33 am

The e-mail that they sent (also to AOL Mail users) could have been worded a lot better.

I went with Option 3 and it's been working perfectly since. I did not have to delete any accounts, I simply replaced the passwords.
Fedora 32

Zosimos
 
Posts: 163
Joined: April 23rd, 2004, 12:12 pm
Location: Ohio, USA

Post Posted September 1st, 2020, 10:39 am

Does removing the account automatically delete the contents of the mailboxes? Or will Thunderbird ask about deleting the mailboxes before doing it? MAPI keeps things in sync and will redownload them, but it's a pain to have to do it. If there is a way to remove and re-create the account without losing the mailboxes, that would be ideal. But I think I'll try the switching to OAuth2 thing and see if that keeps me from having to do anything else come October...

T-buch
 
Posts: 35
Joined: August 14th, 2010, 4:38 am
Location: Denmark

Post Posted September 26th, 2020, 4:28 am

Are you sure its from Yahoo?
Mine is sent from info@comms.yahoo.net
Please notice: https://help.yahoo.com/kb/identify-legi ... n2070.html
If you’re on a Yahoo website, the URL contains “yahoo.com”

I don't know

bex1210
 
Posts: 126
Joined: April 17th, 2006, 11:10 am

Post Posted September 26th, 2020, 5:23 pm

snailcoach wrote:As option 2 indicates '. . .as in most cases, you will have to remove your Yahoo account from the app and then add it back again to update the sign-in security.'

It's likely not everyone has to remove and re-add their account(s)? I checked Yahoo!'s help page but wasn't able to determine if the one time unique password is needed for every login.

For some reason I didn't have mine set to OAuth2 and just did so. Had to re-enter my password though. Come October I'll see what next.


I use AOL with Thunderbird 60.9.0 on Windows 7. I use IMAP. I got the same message, and even after reading the posts on this thread, I am still confused. I use a Normal password to authenticate; not Oath2.
First, has anyone determined if, by removing the account whether all your Emails will be lost?
Second, I opened my Password Manager, went to Saved Passwords, then changed the Username in both my imap.aol.com and smtp.aol.com to something new, and then changed them both back to my old password. But since October 20 has not come, I have no idea whether this will work or not.
Third, if I understand the notice, I will still be able to login directly to my aol.com account (which I do frequently to check for spam) without making any changes? Is this correct?

Thanks for any help that can be provided!

Harry

tanstaafl
Moderator

User avatar
 
Posts: 47171
Joined: July 30th, 2003, 5:06 pm

Post Posted September 26th, 2020, 6:14 pm

If you delete a POP account unless you check the checkbox to "remove message data" (exact wording may be version specific) in the popup you only lose the account information. The downloaded messages are still on your hard disk, Thunderbird just totally ignores them. Either write down the location (if you are going to add the same account sometime later on and then change the local directory back to the old value so that you can use the old mail folders) or move all of the downloaded messages to somewhere in "Local Folders" beforehand.

If you use a IMAP account by default you have "offline folders" that are kept in sync with the remote folders, though you can disable that using the synchronization & storage settings for the account. You don't see those offline folders unless you use file -> work offline. They're also kept unless you check "remove message data". The danger with a IMAP account is if you delete the contents of a remote folder, when it syncs it deletes the same messages/folders in offline folders. If you want to guarantee those messages won't be lost copy them to somewhere in "Local Folders" beforehand.

https://support.mozilla.org/en-US/questions/1282249 might be useful

You can use the ImportExportTools add-on to import/export mail folders with version 60. Its replaced by the ImportExportTools NG add-on in 68. Unfortunately, the port for version 78 hasn't been completed. That add-on can import mail folders (which are stored as mbox files by default) regardless of whether the account still exists. It only cases about the mbox files.

bex1210
 
Posts: 126
Joined: April 17th, 2006, 11:10 am

Post Posted September 26th, 2020, 10:02 pm

tanstaafl wrote:If you use a IMAP account by default you have "offline folders" that are kept in sync with the remote folders, though you can disable that using the synchronization & storage settings for the account. You don't see those offline folders unless you use file -> work offline. They're also kept unless you check "remove message data". The danger with a IMAP account is if you delete the contents of a remote folder, when it syncs it deletes the same messages/folders in offline folders. If you want to guarantee those messages won't be lost copy them to somewhere in "Local Folders" beforehand.

https://support.mozilla.org/en-US/questions/1282249 might be useful

You can use the ImportExportTools add-on to import/export mail folders with version 60. Its replaced by the ImportExportTools NG add-on in 68. Unfortunately, the port for version 78 hasn't been completed. That add-on can import mail folders (which are stored as mbox files by default) regardless of whether the account still exists. It only cases about the mbox files.


Thanks for the info about the synchronization. I have had Import/Export Tools 3.3.2 for some time. I used it to back up my AOL account once months ago, and it works fine. I meant to mention this when I did my original post, but forgot.


Harry

smislt
 
Posts: 54
Joined: July 8th, 2015, 5:34 pm
Location: USA

Post Posted October 8th, 2020, 3:15 pm

T-buch wrote:Are you sure its from Yahoo?
Mine is sent from info@comms.yahoo.net
Please notice: https://help.yahoo.com/kb/identify-legi ... n2070.html
If you’re on a Yahoo website, the URL contains “yahoo.com”

I don't know


I'm wondering if the email is really from Yahoo too or a scam to delete the account from Thunderbird and lose all mail in Thunderbird inbox. I think I'll just wait and see what happens, if anything.

MZ216
 
Posts: 3
Joined: December 16th, 2017, 12:18 pm

Post Posted October 8th, 2020, 9:15 pm

smislt wrote:I'm wondering if the email is really from Yahoo too or a scam to delete the account from Thunderbird and lose all mail in Thunderbird inbox. I think I'll just wait and see what happens, if anything.

I believe the message is genuine and suspect they may terminate POP/SMTP access. AOL, Verizon, Yahoo, Frontiernet mail are all part of this conglomerate and use the same mail servers.

https://www.nbcnews.com/news/all/verizo ... up-n949631

There have been some malicious extensions for Chrome & Firefox which stole webmail passwords and sent them to a spammer. The spammer then activated SMTP on the stolen mail accounts and used this to send bulk email with a spoofed return address… but they did not change the password, so the victim does not suspect anything.

These mail accounts are now blacklisted by the Oath cartel, even if the password was changed by the legitimate owner and the spam has stopped. If you send a legitimate email from a blacklisted mail account to an Oath cartel address, the mail may be rejected as spam because of prior spam activity on the account - especially if the message has multiple recipients. Some of these stolen email accounts have appeared in the Firefox monitor database… but the database will not tell you how the account was compromised, so this information is of little help to the user.

I guess every browser needs a built-in firewall now, so you can catch malicious extensions which leak information over the internet. But in any case, Yahoo wants you to use their web mail or proprietary client instead of POP/SMTP, because the spammers use SMTP to transmit bulk email.
Zosimos wrote:I hope it means better security

All of your Oath cartel traffic is being data mined and sold to corporations & governments. If you care about security you are using the wrong email service.

https://www.digitaltrends.com/web/yahoo ... -sell-ads/
https://www.cnn.com/2019/10/15/business ... index.html
https://www.forbes.com/sites/kateoflahe ... -deadline/
Since leaked documents revealed that Internet companies like Apple, Facebook and Google were giving the National Security Agency vast access to people’s online information under a scheme codenamed PRISM, those Silicon Valley titans have taken pains to deny participation in such a program. But now, the NSA’s top lawyer says that just isn’t true. When asked at a hearing on Wednesday whether tech companies knew about and assisted with PRISM’s data collection, Rajesh De, the NSA’s general counsel, said “Yes.”

Tech companies act surprised, but knew about PRISM the whole time
https://www.huffpost.com/entry/nsa-pris ... _n_4999378

US tech giants knew of NSA data collection, agency's top lawyer insists
https://www.theguardian.com/world/2014/ ... -rajesh-de
Some of the world's largest internet brands are claimed to be part of the information-sharing program since its introduction in 2007. Microsoft – which is currently running an advertising campaign with the slogan "Your privacy is our priority" – was the first, with collection beginning in December 2007. It was followed by Yahoo in 2008; Google, Facebook and PalTalk in 2009; YouTube in 2010; Skype and AOL in 2011; and finally Apple, which joined the program in 2012. The program is continuing to expand, with other providers due to come online.

https://www.theguardian.com/world/2013/ ... s-nsa-data
Different documents Snowden disclosed, published by the Washington Post, indicate that all traffic between Yahoo and Google data centers is conducted not under the (unconstitutional) FISA section 702 but rather the (unconstitutional) executive order #12333 from 1981.

https://www.commondreams.org/news/2020/ ... le-illegal
(Yes they were collecting all traffic long before 9/11 in a program called ECHELON, with another false justification. It's not about security - this is for political & industrial espionage.)
In a testimony before the Privacy and Civil Liberties Oversight Board, the NSA general council Rajesh De and his colleague stated on Wednesday that the tech companies that denied giving access to user data via the PRISM program were, in fact, lying.

[They call it “Oath” to imply that they tell the truth. This is public relations damage control in the form of a subliminal suggestion.]
https://www.helpnetsecurity.com/2014/03 ... ollection/

The pirate state: even the unlawful secret courts admit the government breaks the law

https://www.washingtonpost.com/national ... story.html
https://news.yahoo.com/u-court-mass-sur ... 48135.html

https://www.youtube.com/watch?v=UQBWGo7pef8

Return to Thunderbird Support


Who is online

Users browsing this forum: Bing [Bot] and 2 guests