Confirm your AT&T settingsand enter a secure mail key instead of the account password.

https://www.att.com/support/article/dsl-high-speed/KM1010523/

The correct outgoing server for POP is outbound.att.net on 465SSL/TLSnormal password. TLS is not a factor hereand OAuth2 is not supported for the AT&T servers. Use normal password authentication and a secure mail key.

https://support.mozilla.org/en-US/questions/1313640

https://support.mozilla.org/en-US/questions/1314254

Avast/AVG can block connections; not recommended:

https://support.mozilla.org/en-US/questions/1315712

Thank you. Making progressbut not there yet. Created a the secure mail key. Sent test emailentered the key when prompted for passwordand the mail was sent.

HoweverI'm still not getting incoming mail. I checked the saved passwords box. It seems to be empty. Everything is greyed outso I can't enter or delete anything. I had expected to type the secure mail key in the top box. I can type it inbut it doesn't actually enter.

If you removed the old passwords from Saved Passwordsyou should be prompted for the password when TB restarts and connects to the incoming serverat which point you enter the secure mail keyand check the box to have it stored in Saved Passwords. Check that you don't have a password managerthat is part of some security programsmanaging TB passwords.

You should switch to IMAP+SMTP (instead of POP+SMTP)if it is appropriate/right for you. Usually & in many casesaccessing emails via IMAP protocol is better than POP3.

THUNDERBIRD = TB

PART-1:

SWITCH BETWEEN IMAP OR POP3FOR SAME EMAIL ACCOUNT IN TB: in TBif an email account is once setup with POP3then to use IMAPuser have two options: • (1) user can either delete the POP3 account& then create a new email account in TBfor the same AT&T email-address and with IMAP / IMAP4 option selected. • (2) ORuser have to first RENAME the POP3 account email-address to something else in TB : for-example: rename example@att.net POP3 email account in TB into example.1@att.net (or example-1@att.net or example.pop3@att.net) then AGAIN ADD a new mail account in TB for your actual email-adrs example@att.net from AT&T / ISP but this time SELECT IMAP option. • Laterwhen/IF you want to use the POP3 based email account again in TB then first rename IMAP based example@att.net mail account into example.2@att.net (or example-2@att.net or example.imap@att.net) and then rename the POP3 based mail account from example.1@att.net (or example-1@att.net or example.pop3@att.net) into example@att.net. • you must change the string/characters ".1"".2"".pop3"".imap"etc which i suggested/used aboveinto something UNIQUE (that issome string/chars which is not used by another user). • and its better you use only one type of account and not-both type (in same email-client software) : that meanswhen you're using/enabled the IMAP based account/accessthen you should disable the POP3 account in TB OR do opposite when you're using/enbaled the POP3 based account/accessthen you should disable the IMAP account in TB.

Please view AT&T webpage for email account setup settings on email-client program/software: https://www.att.com/support/article/email-support/KM1010519/ andAT&T webpage for POP3 based access is here https://www.att.com/support/article/email-support/KM1086159

auth = authentication.

FOR INBOUND/incoming/viewing EMAILS: • for POP3 based access: Email-Server is "inbound.att.net"protocol POP3port 995security TLS/SSLauth-method "Normal Password". • for IMAP based access: Email-Server is "imap.mail.att.net"protocol IMAPport 993 security TLS/SSLauth-method "Normal Password". • In Actual SettingsDo Not Use The Double "Quote" Symbols That Are Shown Above As Example/Style. ( AT&T does not yet use "OAuth2" auth-methodas of writing this response here Nov,2020 )

FOR OUTBOUND/sending/outgoing EMAILS: please make sure you have these settings: protocol SMTPport 465security TLS/SSLauth-method "Normal Password"then: • either use "smtp.mail.att.net" serverwhen you have selected IMAP for incoming. • or use "outbound.att.net" serverwhen you have selected POP3 for incoming. • In Actual SettingsDo Not Use The Double "Quote" Symbols That Are Shown Above As Example/Style. ( AT&T does not yet use "OAuth2" auth-methodas of writing this response here Nov,2020 )

see PART-2 in below.

Thank you all! 1. re checking to see if I have a password manager that is causing problems: How do I do that? I've never set up a password managerbut sometimes a box appears asking if I want a password to be savedbut I have no idea what program this is or where to access the settings. The only programs I would guess might have software managers are Win10Avast free antiviruusand Malwarebytes Premium. Do any of these have password managersand if sohow would I find them?

2. Re switching to imap: my understanding is that imap messages are not stored on my computer. Is that true? I have large portions of my life saved on what was once Outlook Express and is now Thunderbirdneatly filed (more or less!) since 2003. I often have to search very old emails in the filing system and would not want to lose that. Am I correct that imap is not for me?

Problem solved!!! Thank you! I just thought that I'd give "get messages" one more tryand this time got a different messagea place to enter the password (ie the new secure mail key). Thunderbird is busily downloading two weeks of messages.

No need to answer the questions I posted a few minutes ago. I'm all set. I truly appreciate all the help. Thank you!

PART-2: (AT&T-Yahoo)

TB = Thunderbird.

It appears (from various user's reporting)AT&T is changing/updating/upgrading their mail server services/systems in different areas at different rate/pace so for nowdifferent users have different policy set by AT&T-Yahoo: (1) some user accounts are still allowed to use old policies to access emailsfrom TBwith "Normal Password" auth-method by using web-access password via secure SSL/TLS connection. (2) some user accounts have such policy optionsthat users have OPTION to use SMK code (instead of web-access password) with TB (a 3rd-party email-client) app via secure SSL/TLS connection& such users usually also have to approve TB app . See below for more info. (3) some user accounts have such policy optionsthat users have OPTION to use OAuth2 based auth-method (instead of "Normal Password" based auth-method) OAuth2 users have to enable (specific) Cookies in TB see below in bit-more detail . in OAuth2 verification processusers have to use AT&T-Yahoo's web-access passwordthen AT&T-Yahoo will ask user to approve/verify that user is indeed using a TB app to access emails when user approves/verifies thatthen TB begins to function.

BIT-MORE DETAILS: • sosome users are allowed to use "OAUTH2" based "AUTHENTICATION-METHOD" (auth-method) optionin some (not-all) areas/locality for some (not-all) account types and in some areas users still need to use "NORMAL-PASSWORD" based auth-method . Both using last safe version of TLS/SSL secure communication. • when "Normal-Password" based auth-method is usedthen for some account type in some areaAT&T allows users to use SECURE-MAIL-KEY (SMK) code (instead of using the AT&T mail website access PASSWORD . More info: AT&TYahoo. • User have to generate/create SMK code in AT&T mail web-access website then use that SMK code in the email-client (TB) app . Usually one SMK code is used for one (email-client) app So each app will need a different SMK code. • In email-client app at the place of "PASSWORD" box/fielduser have to enter SMK code. • SMK generating site/page usually displays counters : one counter shows how many SMK code based access are now in use/active and another counter shows how many total SMK code were generated so faretc. • if you were using your mail web-access PASSWORD in your mail-account in TB which is/was the general/earlier way and if recently you cannot access mail anymore in TB (because your MSP=Mail-Service-Provider or ISP=Internet-Service-provider has upgraded their servers/services& enabled SMK usage for any 3rd-party email-client (TB) app) then goto TB > Options/Preferences/settings > Privacy & Security > Passwords > Saved Passwords > Remove the mail-account password > restart TB . When TB asks you to enter password for the mail-accountthen enter the SMK code . that mail-account should begin to work in TB. • When a user's email account is allowed to be accessed over/thru "OAuth2" auth-method by AT&T & user using that optionthen user can use regular web-access password to approve the OAuth2 verification for the 3rd-party email-client app (i.e: TBetc).

• For OAuth2 auth-method to work properly in TB "Cookies" related to OAuth2 validation (and AT&T servers) need to be allowed/approved in TB. • in TB goto main-menu > Preferences/Options/Settings > Privacy > scroll-down to "Web Content" section: you can enable/select "Accept Cookies From Sites" option then ALL types of TRACKING/MONITORING/SESSION-ID,etc cookies from wanted & unwanted sites will also be stored inside TB=Thunderbird soits not safe to enable/select it : i suggest to keep it disabled/unselected. • when above ("Accept-All-Cookies") option is disabledthen you have to add & Allow specific web-sites/URLs/sites/servers (inside the COOKIE-EXCEPTION LISTaka: Cookie-Allow-Exception-List) so that ONLY THAT SPECIFIC SITE/SERVICE is approved and can work in TB. • You should avoid cookies from extra or unknown or unnecessary or advertisementetc sites. • ( Cookie-Exception List in TB meansWeb-Sites (aka: Web-Server-Addresses) Can Be Added Inside Cookie-Exception List To Allow Cookiesand also Web-Sites Can Be Added Inside Cookie-Exception List To Block Cookies. ) • If you enable/select "Accept-All-Cookies" optionthen you have to add all advertisement websites inside Cookie-Exception-List and block them . But a website can change anytime their advertisement 3rd-party sites very easilyso their (abusive)-cookies will not-be blocked by TB if the "Accept-All-Cookies" option is enabled/selected . So its not safeit destroys Privacy & Privacy-Rights.

• For more securityonly specific cookies should be allowed (for OAuth2) from specific site/URL : see here : https://stackoverflow.com/a/63255601/3553808 inside above link i have shown cookies from what exact URLs/websites need to be added+allowed as EXCEPTION in TBbut that is only for few web-services now AT&T mail services is not one of them yetsorry . Later i may add info on AT&T. • You have to use (Firefox) web-browser & NoScript addon/extension to find outexactly what is needed to be allowedto access AT&T mail website + web-services . Test & find-out exactly which server-addresses are actually needed first add+allow only those specific websites inside TB's Cookie-Exception Listand then also add+allow OAuth2 related websiteswhich are needed for OAuth2 based validationduring OAuth2 validation ).

• As AT&T mail servers (att.net) are using last safe TLS protocol/version& compatible with newer-TB default settingsso TLS/SSL cannot be any issue here: or else (that isif AT&T was using older unsafe TLS/SSL protocolsthen)we had to set value 1 for "security.tls.version.min" setting in newer-TB via TB's CONFIG-EDITOR / about:configto allow outdated+unsafe TLS protocol/securityto communicate with mail-srvrs.

• PAL : in AT&T/ISP mail access websiteuser will have to make sure their email-client app is approved/permitted & shown in the Permitted App LIST = PAL = aka (also known as) 3rd-Party-Appproved-App-LIST = TPAAL = aka Approved App List ... this option/page is inside/under some "SECURITY" settings inside the AT&T/ISP/MSP mail access website . this is a security process to add+track your email-client app's (identification) info (known as "User-Agent"-string)and add+track the IP-address used by the email-client appin the PAL list inside your ISP/MSP's security settings to stop unknown & non-approved access into your mails . PAL settings (web) page usually shows which apps are permitted/approved by user& PAL also shows each app's (internet-routable) IP-Address and/or IP-address based Geo-Location . Soto verify mail accessing email-client (TBetc) appyour ISP/MSP will send you a text code in your phone/email to warn+verify if you yourself have just tried to access your emails from the TB email-client app or not your ISP/MSP may also send a notification or code in ISP/MSP's own mail-client mobile software in your phone (if you've installed ISP/MSP's app) . once you approve (or enter code) therethen TB app will be approved & added into PAL & will be allowed to & able to access mails. PAL in Yahoo: click your profile icon > Account Info > Recent Activity. PAL in Microsoft(Hotmal,Outlook,MSN,etc): goto Accounts > Privacy > scroll down to "Apps and Services". PAL in Google(Gmail): Profile picture > My Accounts > Sign in & Security > Connected apps & sites > Manage apps. For example: if you have 2-computers & 3-devices where you are accessing same AT&T email accountthen that Approved App LIST should have 6 items here is why : though 2+ 3 = 5 but when user will access AT&T website via a web-browser (to check "Approved App List") then that web-browser is also acting/performing as an email-client so that is why item becomes six items ( 5 + 1 = 6 ) inside such Approved App LIST. User should remove ALL unknown items (computersdevicesappsetc) from PAL.

if for test purpose or for any other reason or someone told you to use it & you have used "SECURITY: NONE" option then your password has traveled thru internet as open password it was not-encryptedso its not secret or private anymore so you MUST change password.

check PART-3.

PART-3: AV = Anti-Virus . FW = Firewall . SS = Security Suite software . TB = Thunderbird is an email-client app:

• various AV/FW/SS software can also create problem ofcourse. • it sits in middle of internet/network connection as a type of proxy-gateway (or proxy-server) and intercepts+scans Internet/network data-packetsand so it can cause various problems(if it cannot understand or handle mail related data-packetsprotocolsetcetc) . And besideallowing ANY TYPE of MIDDLE software or device or anyone/anything to INTERCEPT your any DATA/emails is ABSOLUTELY NOT A SAFE/SECURE PRACTICE if you approve suchthen it can be easily used by DATA-THIEF(s)DATA THIEF AGENCIESANY HARMFUL-ENTITITIES/PERSONSetc TO SPY+STEAL DATA (FROM YOUR MAIL SERVER COMMUNICATION) THIS/THESE DESTROYS (AND TAKES-AWAY) YOUR PRIVACY-RIGHTSby stealing it from you. • AV/FW/SS software's Network/Internet/SSL/TLS Gateway/Proxy based "mail protection"/option/feature may need to be disabled (turn-off). Please see PART-4 here on How to Disable AV/SS "mail-protection" option in different AV/FW/SS or How To Avoid interference from "Mail-Protection" while it is still enabledby adding mail-servers under it's "Exception"/"Exclude" sub-option. • if your AV/FW/SS software does not have option to disable "mail protection" but still causes problem with TB and if your TB begins to work when you completely turn-off ALL guard/protection/scanning in AV/FW/SSetc softwarethen obviously AV/FW/SS is intercepting communication & creating conflict in-between mail-server & this computer so you have to find the sub-option to add+allow (IMAPPOP3SMTP) MAIL SERVER ADDRESSes into the EXCEPTION-LIST (aka: EXCLUSION-LIST) inside your AV/FW/SS software . One type of EXCEPTION LIST is available under your AV/FW/SS software's web-content protection/option/featureits for protection from harmful websitesweb-servicesURLsweb-componentsetc and there is also another type of EXCEPTION LIST sub-option inside your AV/FW/SS software's system-wide or global protection option it is usually used for detail configuration& used for protection from harmful inbound/outbound activitiesvarious threats& also for protection from harmful web-content and there is also one more type of EXCEPTION LIST sub-option which is inside your AV/FW/SS software's "Mail-Protection" option this sub-option is important for us to add our (IMAPPOP3SMTP,etc) mail-server address:port so-that AV/FW/SS does not interfere in network/Internet communication with mail-server . it is also possible one of the option or most of the ("Exception") sub-option is missing in your specific/particular AV/FW/SS softwareor AV/FW/SS is using a different WORD/NAME for same functionality . Add exceptions in all type of protection where appropriate because even if one of them blocks connection with mail-serversthen TB will fail to access emails . Keep your AV/GW/SS software based Guard/Shield/Protection enabledso that your computer remains protected . you must NOT disable ALL protection/guard just for checking emails . Emails can have malware/virus . See PART-4 here for more DETAILS. • you send email : your computer -> your email-client app (TB) -> smtps (port 465) -> remote mail-server with your mail-account -> smtp(port 25) -> remote mail-server of destination mail-account. you view received email : your computer -> your email-client app (TB) -> imap (port 993) or pop3 (port 995) -> remote mail-server with your mail-account. • You have to add+allow your specific mail-server (POP3IMAPSMTPetc) addresses (with network port number) as EXCEPTION (aka: EXCLUSION) into your AV/GW/SS softwareso that AV/FW/SS does not scan/intercept/block those specific mail-server related network/Internet connection data-packets. • Suppose your POP3 mail-server address is "pop3-mail.example.com" & uses (computer network) port # 995 and suppose your SMTP mail-server address is "smtp-mail.example.com" & uses port # 465 then in EXCEPTION LIST(s) of your AV/FW/SS software add+ALLOW these mail server addresses with specific port numbers : "pop3-mail.example.com:995" & "smtp-mail.example.com:465" . ( if you don't specify port # in web-content protection Exception/Exclusion-List item then that usually means either use port-80 or port-443 or use both port 80 & 443 as those are default web-content/HTTP/HTTPS ports ) . ( if you don't specify port # in global or system-wide protection Exception/Exclusion-List item then that usually means: use */ANY/ALL port # from 1 to 65536. ) . it is better+safer to be specific. • check for emails via TB • OAuth2 verification process uses HTTPS via port-443 OAuth2 auth-method uses port-995 when POP3(s) is used or uses port-993 when IMAP(S) is used or uses port-465 when SMTP(S) is used . if you decide to use OAuth2 auth-method for your mail account(s) in TB then you will also have to find-out what exact OAuth web-server address(s) is/are used during OAuth2 verification processwhen you (will) add a mail-account in email-client (TB) app . you MAY also have to specify+ALLOW those OAuth server-addresses in AV/FW/SS software's all type of appropriate EXCEPTION / EXCLUSION LISTif w/o specifying itOAuth2 verification process fails. • if you want to use Secure-Mail-Key=SMK (instead of OAuth2) then no need to add OAuth2 based Exception-Rule(s) in AV/FW/SS software so if you just add+allow mail-server addresses in Exception-List of AV/FW/SS software that will be sufficient . For more info on SMK please see PART-2. • PAL=Permitted-App-List (aka: Approved-App-List) : also read PART-2's PAL info . in some casesyour ISP/MSP will ask you to confirm/verify that you yourself have just tried to access your mails by using a (3rd-party) email-client APP in our case it is the TB=Thunderbird email-client APP which you are now configuring . it can happen for any email-client app that is using SMK or OAuth2 or web-access password based access . • inside the TBselect this option "Allow AntiVirus Clients To Quarantine Individual Incoming Messages"AND change "Message Store Type For New Account" to "File Per Message" • (the File Per Message option works on a mail-accountwhen mail-account is created/added after enabling this option . and if you download (or copy from external storage to your local storage) too many emails suddenlythen your computer may be slightly slower as AV/SS is accessing+scanning those email-files first-time & building a checksum (hash/checksum) databaseso that it does not have to scan files too frequently . some AV/SS builds checksum immediately before it is accessed by other app so that type of AV/SS or settings will not slow down your computer ) • with above two options in TB : each email becomes one file that helps AV/FW/SS software to scan and quarantineetc when necessaryeach file/mail individually & directly . no need for intercepting/checking each internet/network data packet from mail-server communication via AV/FW/SS based middle-man proxy/gateway. • With above mentioned specific two settings in TB any AV/SS can still automatically check (email/mail) file(s) directlywhen they are accessed by TB or by any other software • and configure your AV/FW/SS software further to not-use any remote server(s) for local file checkingas that is Violation of Privacy-Rightsand helps THIEF(s) to STEAL more PRIVATE-DATA & create more mined/harvested database(s) to do more abusive activities. • And TB also needs to be further improved by TB's devs for such functionalities & compatibilitiesin order for it to be compliant-with user's Privacy-Rights . TB itself should have builtin open-source AV & database to scan & remove malware in emailsfor-example: TB can use ClamAV database. • in that wayAV/FW/SS cannot create internet connection problems with mail-servers or email-clients. • In some casesuser have to even unselect the option "Allow AntiVirus Clients To Quarantine Individual Incoming Messages" in TBin order to disable AV/FW/SS/SSL/TLS proxy/gateway nuisance because some AV/SS monitors that option in TB & forcefully enables even mail-server communication checking instead of just downloaded mails/emails scanning. • And even with previous "quarantine" option disabled in TB the AV/FW/SS software can still scan individual email files & can quarantine infected email fileswhen AV/SS option to "Scan on file access" (aka: Scan files on access) is enabled so please make sure this option is ENABLED / ON in your AV/SS software. • So malware quarantine functionality still works fine in this way toowhen "File per Message" option in TB is selected/enabled.

check PART-4.

PART-4: ( AV/FW/SS - Configure AV/SS )

Thunderbird = TB is an email-client app.

AV = Anti-Virus . FW = Firewall . SS = Security Suite software. these software has various/many types of editions/variations based on user's need & protection-location. different software uses different WORD to indicate "Mail-Protection" option.

Do Not Disable ALL TYPE of GUARD/SHIELD/PROTECTION features/options in your AV/FW/SS software that is very very UNSAFE. Keep AV/SS feature ON/enabledthat is related to "Scan any/all file on access".

You may have to Disable only "mail-protection" option/portion in your AV/FW/SS ( when AV/FW/SS uses some type of SSL/TLS proxy/gateway) as there are other solution to scan all emails for malware.

•• IF/WHEN BELOW MENTIONED/SHOWN OPTION/LOCATION HAS A FURTHER SUB-OPTION UNDER IT TO ADD EXCLUSION/EXCEPTION RULE WHERE YOU CAN SPECIFY YOUR MAIL-SERVER ADDRESSES (AND/OR PORT) SO-THAT YOUR AV/FW/SS DOES-NOT SCAN INTERNET COMMUNICATION DATA TRAFFIC FOR SPECIFIED MAIL-SERVERS THEN IN SUCH CASEDO NOT DISABLE BELOW MENTIONED OPTION ("Mail-Protection" option) . BUT IF/WHEN THERE IS NO SUB-OPTION UNDER THERE TO ADD EXCLUSION/EXCEPTION RULE THEN FOLLOW BELOW STEPS AND DISABLE ONLY "MAIL-PROTECTION" OPTION/PORTION.

when user adds an exception/exclusion rule to exclude their mail-server communication from intercepted by your AV/FW/SS software then benefit is if some unknown program in your computer suddenly wants to send spam or other unwanted email outside then such non-approved act will be blocked by the AV/FW/SS . so adding exclusion/exception is better than disabling the entire "mail-protection" option completely but some AV/FW/SS do not have any/this sub-option to add exception/exclusion under "mail-protection" so in such case only "mail-protection" option disable is necessary.

• AVG : disable "E-mail shield" ( Open AVG AntiVirus free > Menu > Components > E-mail shield ). oropen your AVG Internet Security/AVG AntiVirus Free program > click Web and E-mail Sheild tile > click on toggle-bar to disable E-mail shield.

• Avast : run Avast & goto Protection in left-pane/side > Core Shields > Mail Shield > unselect "Scan Inbound Emails" unselect "Scan Outbound Emails" . Some Avast edition/variation does not have sub-option for adding EXCEPTION(s). ( also see below for another variation of Avast-Security )

• ESET/NOD32 : open ESET main program window > press F5 button (to goto Advanced mode setup) > find Web and email rowin left-pane expand it > click-on Email client protection to expand it > in right-side expand Email Clients > under the Email To Scan sub-sectionclick-on slider-bars to disable "Received email" "Sent email" & "Read email" options . click OK to save changes . exit Advanced setup.

• McAfee : To disable email scanning : right-click on McAfee shield icon in your notification area (next to the clock) and click Change Settings > click-on Real-Time Scanning > under Scan these attachments and locations unselect Email attachments to turn off email scanning > click Apply to save your changes.

• McAfee VirusScan : click Start > Programs > McAfee > McAfee VirusScan Console > right-click Access Protection > select Properties > click-on Access Protection tab > under Categories in the left-side > select Anti-Virus Standard Protection > in right paneselect Prevent mass mailing worms from sending mail > click Edit > in the Processes to exclude sectiontype process namei.e.: C:\Program Files\Mozilla Thunderbird\thunderbird.exe > click OK to close the Rule details window > click Apply > close Access Protection Properties window.

Some edition/variation of Avast Security Suite software has EXCEPTION sub-option under mail-protection ("Email-Shield"): • Avast : run/open Avast-Security & click-on Menu in top-right corner > Preferences > Core Shields tab > scroll-down to Email Shield section > keep the "Scan secure connection" selected > click on "ADD EXCEPTIONS" button > copy-paste mail-server address/domain-name from TB into the textbox of Add-Exceptions popup window > if its imap server/protocol based then select both IMAP & IMAPS checkboxes if its pop server/protocol based then select both POP & POPS checkboxes > click on "ADD" button repeat previous steps to add your various IMAP/IMAPS/POP/POPS servers . Some general editions do not have option to add SMTP server scan related EXCEPTION options . Most general editions may not have option to specify non-standard IMAP/POP/SMTP port.

Some edition/variation of Sophos Security Suite has Exclusion sub-option under "mail-protection": • Sophos AV/FW : Sophos program > Home > Email > MTA mode > Policies and exceptions > Add an exception > Type a name for this Exception Rule > Select the security checks to skip : select each: "Spam protection" "Malware protection" "Other" > then Select the objects to apply the exception to : in "Sources or hosts" specify "mail-protocol-server.your-mail-server-domain-name.com" in "Sender addresses" specify wildcard *@your-mail-server-domain-name.com in "Recipient addresses" specify *@your-mail-server-domain-name.com > click "Save" . if you added IMAP/POP3 mail-serverthen add SMTP mail-server also as an exceptionetc . Such exception allows to skip security checks for spammalwareand data protection for specific sourcessendersand recipients.

... ... there are way too many AV/FW/SS software to list all here but with above few you should be able to get idea & understand what is you need-to-do & should do.

a brief What To Do Logicis here.

Thunderbird = TB CONFIGURATION FOR MALWARE SCANNING: To make sure all emails are scanned by AV/SSYou/User MUST Do These. ... moved into PART-5.

you MUST check PART-5.

PART-5: ( AV/FW/SS - Configure TB )

Thunderbird = TB CONFIGURATION FOR MALWARE SCANING: To make sure all emails are scanned by AV/SSYou/User MUST Do These: • If you have added IMAP/POP3,SMTP,etc mail-servers in EXCEPTIONor disabled "mail protection"then you MUST also follow these: • goto TB main-menu > Options/Preferences/settings > "Advanced" in left-pane/side > scroll-down to "Advanced Configuration" section > change "Message Store Type For New Accounts" settings from "File Per Folder(mbox)" INTO "File Per Message(maildir)". • But above settings work only for those mail-accounts which are created after changing this setting. So what will you do if your mail-account was set earlier of this "File Per Message" setting ? you will MUST have to convert from "File per Folder" into "File Per Message" for each earlier mail-account. and select this TB option: "Allow AntiVirus Clients To Quarantine Individual Incoming Messages" (this option creates a single individual file for incoming message & signals the OS to access by TB so that AV/SS can scan it on access). there are also emails that are not-incoming emails : we copy or bring from a different folder or we bring from backupetcand outgoing emailsetc So we need to convert/keep each email as file or another option is to allow AV/SS to also scan "file-per-folder" filesetc initially & occasionally. • DO THESE FOR EACH EARLIER MAIL-ACCOUNT(s) : in TB > Account Settings > select a mail-account > Server Settings > User Name: > change username/email-addressfrom username@example.com into username-random-numbers@example.com unselect "Check For New Messages At Startup" unselect "Check For New Messages Every: NN minutes" unselect "Allow Immediate Server Notifications When New Messages Arrive" press Ok/save button . So this is now your Backup mail-account We will create a new one in next step . Do Not Click on Any Folder under this backup "mail-account" (until a new account is created+setup is done) . Ignore warning that TB cannot access emails & ignore/cancel window to enter password for this backup "mail-account" . Exit TBstart TB. • Begin to Create a new mail-account in TBthis time use correct full email-address: username@example.com & correct settings once this new "mail-account" is setup & working check if all emails are showing up in new "mail-account" . if your mail-account is using IMAP then IMAP based folders does not need to be copied into new "mail-account" as IMAP based folders are located in remote mail-server it will automatically arrive in new "mail-account" . But if you selected option to download email in local computers & delete email in mail-server then your emails are inside the folder in "backup" mail-account then you have to select all emails in each folder in "backup" mail-account and (right-click & select) move emails into correct corresponding folder in new mail-account . there are TB-addon that can remove duplicate so use one of such addon if emails are duplicated after this step . if you created Local folders inside earlier "backup" mail-account or pointed to Local folders in earlier "backup" mail-account or you created other custom settings then copy/transfer those settings into New mail-account and manually select all emails in earlier Local folders inside backup "mail-account" & copy them into Local folders inside the new "mail-account" . in this way each email becomes a single email file . in New mail-account again point settings into correct Local folders if you've done so with earlier "backup" mail-account . Make sure all older settings (except Username) from backup "mail-account" are applied/transferred into new mail-account . During doing these steps your AV/SS will check each email file on creation so your computer will/may become little slower at this point its okay once these steps are done then your computer will function normally. • REPEAT above two steps for EACH earlier mail-accounts in TB one by one . after you're done with conversion from "File per Folder" into "File Per Message" then each email will become single file and your AV/SS can "Scan file on access" (access or modification) . Ofcourse all AV/SS by-default do "Scan file on creation". after you do aboveyour computer is protected from malware in emails even if you have disabled "mail-protection" option in AV/FW/SS (or when you've added mail-servers in Exception list).