web-servicesemailbrowserclientlightweight-processes

Access WebMail(i.e:"Mail.com") Emails Over Basic HTML Version WebSite From Basic/TB WebBrowser

QUESTION(s) : (1) How can users or I have direct-access (aka: view, send, receive, etc capabilities) for  web-emails/web-mails (i.e:"Mail.com") , from  simple/basic/lightweight/mobile  web-browser  thru/over  secure/encrypted  connection  and by using their  plain/basic/lite/lightweight/mobile  HTML  version based  web-service/WEBSITE/SITE ?
and  (2) What Other Alternative Web-Mails Solutions (preferably: free solutions) I/User Can Use To  Send/Receive  Emails ?
and  (3) Which Sites/URLs Need To Be Added In Cookie-Or-Script EXCEPTION List, To Allow Communication With Web Mail Servers Or For OAuth2 Authentication Token/Cookie ?
and  (4) Which Sites/URLs Need To Be Added In Cookie-Or-Script EXCEPTION List, To Allow Saving OAuth2 Authentication Token/Cookie For Email Client Program TB=Thunderbird, SM=SeaMonkey, etc ?
END-OF-QUESTION.

DETAILS:
( PLEASE  AVOID / SKIP  READING  BELOW ,
if you have NO time to read more info, or if you have NO-respect that i/someone can have different preferences/choices, etc,
or if you don't want to figure-out 1orMore solutions for my/user's problems,
or avoid/skip when you don't want to helpout )

Abbr:
i.e. = in-example.
aka = also-known-as.
Eml = Email/Mail.
Auth = Authentication/Verification.
MSP = Mail Service Provider.
WMSP = WebMail Service Provider.
ESP = EMail Service Provider.
ISP = Internet Service Provider.

Web-Browser (HTTP/HTTPS) Client (example) : Firefox, Safari, Chromium .
Email-Client (example) : Thunderbird, SeaMonkey, Outlook.

Some email-client software program/app also contains web-browser engine/core inside them , in-example: Thunderbird, SeaMonkey, etc . These software has option to open web-browser tab, so webmail service / websites can be used/accessed inside that web-browser TAB, inside the email-client . This is what this stackoverflow question+answer is targeting to use . When email related external-server accesses are done from same software (separated from a web-browser which is used for accessing many other 3rd-party websites), then, often it is easier to setup security / firewall rules to control / filter such data net traffic , and keep email related cookies, components, data traffic, etc separate from web-browser related data traffic . There are many other benefits (in example: using web-browser based PGP/GPG addons to send/receive secure/encrypted or signed emails , session cookies remain out of access of non-email 3rd-party websites, addons, etc).

Why using "Mail.com" ?  Instead of using all of these ( Mail.com, HushMail, ProtonMail, Tutanota, Zoho-Mail, Mailfence, iCloud, Excite-Mail, etc ) WebMail based mail/email service providers (ESP/MSP/WMSP) NAME AGAIN & AGAIN , here i will use only  "Mail.com"  to refer to all/any of these webmail based ESP/MSP/WMSP.

BASIC  WEBMAIL(s) / WEB-EMAIL(s)  SERVICE  EXAMPLES:
Few EXAMPLEs of simple/plain HTML version based website/webservice to access emails, which is also known as basic webmail/webemail service, etc.

YAHOO : any user can access "Yahoo" emails over their secured & plain HTML version site, by using below link:
https://login.yahoo.com/?.src=ym&lang=&done=https%3A%2F%2Fmail.yahoo.com%2Fneo%2Fb%2Flaunch
and to access "Yahoo" emails over standard HTML version site:
https://login.yahoo.com/?.src=ym&lang=&done=https%3A%2F%2Fmail.yahoo.com%2F

GMAIL : any user can access "GMail" (from Google) emails over their secured & plain HTML version site, by using below link:
https://mail.google.com/mail/u/0/h/1pq68r75kzvdr/?v%3Dlui
and to use Standard version (with all features) back again, this can be used:
https://mail.google.com/mail/u/0/?nocheckbrowser
Reference for "GMail": https://support.google.com/mail/answer/15049?hl=en

Hotmail/Outlook/Live/MSN/etc : Microsoft(MS) Outlook/Hotmail/Live/etc free email service(s) can be accessed for free on "Live.com" or "Outlook.Live.com" website(s) . The "Outlook.Live.com" site includes an option (which is available after login via standard-HTML mode) to access site/service over "Light Version" mode , Once/when that is set/enabled then MS webmail service allows to access emails over plain HTML site.

End-of-EXAMPLES.

WEBMAIL1:
WebMail/WebService access is needed into online webmail based email/mail service providers (ESP/MSP).
"Mail.com" MSP seems to NOT-provide any free IMAPS/POP3S based services to free-accounts holders to get/view their received emails, and neither provides any free SMTPS service(s) to send emails outward from free-accounts . So it appears that, only free options i/user with free-accounts have, are to use their services either thru "Mail.com" website from any web-browser, or access their site thru their own "Mail.com" app . And their official app also does not have any option to use PGP/OpenPGP/GPG/SMIME based secured emails.

WEBMAIL ACCESS  INTO  SELF-HOSTED  MAIL-SERVER:
Another major/big usage & need of having web-access for emails (aka: webmail, aka: web-browser based access) : in my case, its for accessing MY-OWN SELF-HOSTED1, 2 (small) MAIL-SERVER , And similarly many other users & teams & groups, etc also need to have web-access into emails, either for their business or for their own project or simply for their own personal/private usage, by SELF-HOSTING.

BASIC WEB-BROWSER:
A lightweight/plain/simple HTML site/website usually uses very simple basic/plain HTML, may use simple CSS styles, may use very very less JS(JavaScripts) or No JS at all, does not use any Flash/Java or any other objects/medias, etc.

BASIC HTML WEB-SERVICE:
A plain-HTML site/website/web-service is usually tuned/optimized to work on a small-scale or light-footprint web-browsers that usually supports minimum+safe standard (or latest/best) security (encryption/decryption) protocols, but lightweight browsers usually do not have advanced viewing/interface support/capabilities (that is, they may lack big/wide screen, so lightweight web-browsers need to show less elements to make minimal items meaningful for the User so that User can use it by touch/tap/mouse), and lightweight browsers often/usually running on a device which has very-less computing-resources available (or low-speed or low FLOP/S microprocessor), etc constraints.
More info on lightweight web-browsers:
  https://en.wikipedia.org/wiki/Comparison_of_lightweight_web_browsers
More info on mobile web-browsers:
  https://en.wikipedia.org/wiki/Mobile_browser


"Email-Clients" means, a type of program, which allows to receive/send/view emails. More info: https://en.wikipedia.org/wiki/Comparison_of_email_clients


PORTS FOR EMAIL-SERVICES:
Internet or computer-network connection ports used by email/mail handling systems:
ISP = Internet Service Provider, they also provide Mail Service, so they are also MSP.
MSP = Mail Service Provider. For example: online mail/email service provider, webmail/web-email service provider, etc.
IMAPS/IMAP or POPS/POP service are used to view/get emails (from mail-server into user's (email) client software/app). SMTP service is used to send emails.
PROTOCOL(aka: Service) : PORT# ;
IMAPS/IMAP4S : 993 (encrypted) ; IMAP/IMAP4 : 143 (not-encrypted, usually not-private) ;
POPS/POP3S : 995 (encrypted) ; POP/POP3 : 110 (not-encrypted, usually not-private) ;
SMTP/SMTPS : 25 (usually used for Email Server To Server communication, can be encrypted or not-encrypted, depends on email-server software capability, and it is usually allowed in business-class ISP connections, and usually not-allowed in residential-class ISP connections, Email-clients used inside business-class connections can use port 25 to send emails) ;
SMTPS/SMTP (Mail-Submission) : 587 (usually for Email-Clients in residential ISP connections, and usually STARTTLS encrypted, but it may use non-encrypted protocol) ; If your ISP/MSP uses STARTTLS then tell/push them to switch into TLS/SSL, as TLS/SSL is more secure than STARTTLS . STARTTLS can be abused 1, 2, 3, 4 to violate Privacy-Rights of users: to STEAL-from Or SPY-on users ;
SMTPS/SMTP (Message Submission Over TLS protocol) : 465 (usually for Email-Clients in residential-class connections, and usually TLS/SSL encrypted) ;
HTTPS (Secure-HTTP) : 443 (webmail. web-service. SSL/TLS encrypted. For accessing (view, receive, send) emails by using web-browsers) ;
HTTP : 80 (not-encrypted, not-private) (Avoid using it) ;

When info/msg is sent/received by using Not-Encrypted protocol(s) or by using unencrypted (aka open) protocol(s), in such case, email/message contents can be immediately viewed+stored+cached by anyone in the middle, so private-info is not-private anymore.


By the way, my question is NOT about an Email's message (or email body or content) viewing (or writing) formats or choices like these: "Plain Text" Email, or, "HTML" Email.


EXTRA  INFO:
( PLEASE  AVOID / SKIP  READING  BELOW,
if you have NO time to read more info, or if you have NO-respect that i/someone can have different preferences/choices, etc )

Encrypted protocols help to protect information/data privacy, when info/data is transiting/going thru Internet, in-between User's (local) device/computer and remote web server (or remote service provider). Encrypted protocols can keep data private+secured for some short amount of time, until the encryption is weakened/cracked/broken after some time by using various reckless schemes/backdoors by violating user's Privacy-Rights, these schemes/backdoors are also discovered+accessed by many other harmful & more-reckless entities/persons.

End of EXTRA-INFO.

END OF DETAILS.

Solution

  • Most of the WebMail service providers with free-service support basic/mobile web-browser and ofcourse supports general/full web-browser.
    These type of service provider's web-mail-servers can detect user's (client-side) web-browser software, by detecting the User-Agent string & can switch & transfer to that mode of specific web-pages.

    TB = THUNDERBIRD . TB is an EMAIL CLIENT type of software program/app . TB also uses Mozilla Firefox Web-Browser engine/core for the TB web-browser TAB . Webmail services / websites can be used inside TB's web-browser tab . In this way, email related external access & information remains inside same software program/app, and security / firewall rules can be set bit more easily.

    Below solution # 1 worked on basic lightweight web-browser, so it partially answers your question's 1st part,
    and solution # 2 is the answer for your 2nd & 3rd part of the question.

    SOLUTION # 1 :
    Web Access Based Solution For Basic Web-Browsers:
    In basic web-browser "qutebrowser" (with JS support) just goto https://www.mail.com/ website.

    SOLUTION # 2 :
    Website/webmail/Web-Service Access Based Solution For Thunderbird (Email-Client):
    this solution/process is the preferred way, as mentioned in above/OP's Question.
    Tested + worked on Thunderbird ( v68.12.1 ).

    If you/user want to use "Mail.com" mail services normally, thru default general full version web UI (user-interface), but inside the Thunderbird browser-tab (or inside other minimal or basic web-browser), then, also allow these URLs (along with previous 7-URLs in above), as "Mail.com" uses these for full version UI:

    If you look into above multiple web-services, it can be very easily said, "Mail.com" DO NOT RESPECT USER's PRIVACY-RIGHTS, AND "Mail.com" IS VIOLATING+ABUSING PRIVACY-RIGHTS , they are sharing PRIVATE data with too many ESP (external-service-providers) (aka: TPSP = 3rd-party service providers), vendors, etc , using too many APIs from ESP/TPSP, vendors, etc.

    If your phone sends your voice, fingerprint, face, etc your PRIVATE biometric data outside of your phone into remote server for processing or whatever, then that is huge THEFT & STEALING AND Violation+Abuse of Privacy-Rights , because phone can use builtin+INTERNAL software, tools, etc for processing.

    So similar way, the services that for-example: "Mail.com", a WebMail service provider needs, those must be used+processed INSIDE the "Mail.com" SERVERS (inside Mail.com's premise & under their control), their ESP/TPSP/vendors,etc can have remote access into their software (inside "Mail.com" server), but not any access into user's PRIVATE DATA/database, etc . Private data must not travel/copied outside of "Mail.com" servers . So "Mail.com" should create different sub-domain for their each ESP/TPSP/vendor,etc.

    If a person/entity really wishes to NOT violate/abuse human-rights , then there are always (many) ways for that.


    OAUTH:
    various (remote) web-service & other online service providers may/often use OAuth (OAuth 2.0, etc) based verification to allow user to sign-in/login into their site/service-site from user's/client's software . OAuth verification process need to save a token as a Cookie inside your web-browser software , this process uses HTTPS/443 protocol based connection via a web-browser . If your web-browser blocks cookies, to create safety, from tracking cookies of various human-rights violating websites/web-services, etc , then you/user have to allow OAuth verification related specific cookies by adding specific OAuth verification related websites/webservices, into your web-browser's Cookie/Script EXCEPTION LIST . After that OAuth verification related sign-in/login will succeed & an approved token as a cookie will be saved . OAuth verification may use one or few more extra web-sites/URLs from your (remote) service provider, than the sites that are generally used for a general login/sign-in . When this token/cookie is saved & available inside a client software, then it can be used to verify user's client-software (that i connecting with (remote) service provider) for various other protocol based services, for-example: IMAP/POP3, SMTP mail-server services, IM(instant-messaging) chat network services, etc, etc.

    Normally without OAuth, user have to verify from the client software's connection into the (remote) web-server that it is indeed he himself (or she herself) is accessing the (remote) web-services, by providing the password (web-service access main/master password) as a proof each time, or by saving this main/master password inside the software . So if this client software is hacked or a backdoor/bug/vulnerability is found then harmful entity may/will also have the main/master password and takeover your account . But this risk can be reduced, by saving a token/cookie instead of the main/master password, and use that token/cookie to prove that its you who is accessing the service from that client software . If you suspect there was a remote access event occurred in your computer/device, then just clear saved token/cookie/password, & re-verify via OAuth to save a new token/cookie . Harmful entity when obtains the token/cookie can access your some data, but not all data, as other sensitive data access (may) require entering main/master password.

    So even OAuth has weakness1, 2, 3 & strength1, so use wisely where & when appropriate . When its used with other SECURED process only THEN it can be better.

    Client software/app which cannot handle web-browser connection to use OAuth, for those type of app/clients, you can go into your web-service provider's website, find-out the section that allows to generate/create a TP(Third-Party) App Access Key (AAK) code, or Secure Mail Key (SMK) code, etc . This type of (app access key) code should be used as password in/with your client-software, then main/master-password remains safe . This is much better solution than OAuth.
    Some service-providers will allow you to use (app) access-key in your client-software first, then they will also allow to use OAuth if you need-to.

    TB = Thunderbird .

    EXCEPTION / EXCLUSION LIST (OAUTH RELATED) : First, please follow the procedure shown in above "Mail.com" section on How to find-out & add EXCEPTION to allow BASIC/MOBILE VERSION based access service by using a basic web-browser (or by using builtin browser-tab inside TB email-client software).
    Then Begin OAuth verification process in your client software , open OAuth verification URL in a web-browser (or open inside TB's builtin browser-tab) , in bottomside near app border AND in topside URL bar, you will see which web-sites it is attempting to connect or connecting, etc , either take screen-shot picture(s) whenever URL/website changes by pressing specific screenshot buttons , or write down each URLs when URL changes.
    If only one extra site/website is needed for OAuth, then after adding that one site (in EXCEPTION list) , oauth verification will complete, but as it is still not yet inside the Exception list, OAuth will not succeed , So add the URL/website in web-browser's (or TB's) Cookie/Script EXCEPTION list . And again initiate OAuth verification in your client software/app . this time it will succeed.
    If oauth verification need to use multiple sites, then you will also have to add multiple times different URLs in EXCEPTION list, and you also have to initiate oauth verification process multiple times from client software.
    When oauth succeeds then you're done.
    Time to share that list with others (please mention if 2FA option was enabled in your case or not).
    Share only URL portion, not the portion that is after the left-side first single / slash: https://websiteURL.com/...

    For example, below pictures showing OAuth verification process during adding a new mail-account inside Thunderbird email client software.


    Yahoo (Basic/Mobile Version) web-service:
    This section contains info on what needs to be allowed in Thunderbird basic-browser tab, to access Yahoo "free" emails over their webmail web-service interface, to do basic functions: view new emails, or send emails. Below # 1 site is the webmail login/access site.

    1. https://mail.yahoo.com/ Mail.Yahoo.com
    2. https://login.yahoo.com/
    3. https://s.yimg.com/
    4. https://data.mail.yahoo.com/

    Yahoo also has these MOBILE (aka: BASIC-service friendly, aka: BASIC/HTML version) access sites:
    https://login.yahoo.com/?.src=ym&lang=&done=https%3A%2F%2Fmail.yahoo.com%2Fneo%2Fb%2Flaunch
    https://m.yahoo.com/
    https://us.m.yahoo.com/p/mail

    For accessing Yahoo emails via "OAuth2" authentication-method, just add these two URLs as cookie [ Exceptions ] in TB,etc email-clients:
    https://login.yahoo.com/
    https://api.login.yahoo.com/

    For accessing Yahoo emails via their full-version (web mail access) website inside Thunderbird's (or Firefox's) browser-tab , use above four URLs and below URL list . These will be slightly different based on your/user's location, etc.
    Thunderbird - WebSite/URL Exceptions To Allow/Block Cookies


    Microsoft Outlook/Hotmail/Live,etc (Basic/Mobile Version) web-service:
    This section contains info on what needs to be allowed in Thunderbird basic-browser tab, to access MS Outlook/Live/Hotmail "free" emails over their webmail web-service interface, to do basic functions: view new emails, or send emails. Below # 1 site is the webmail login/access site.

    1. https://outlook.live.com/ Outlook.Live.com
    2. https://login.live.com/
    3. https://logincdn.msauth.net/
    4. https://outlook-1.cdn.office.net/

    Microsoft mail services also has these Mobile (aka: Basic-service friendly, aka: BASIC/HTML version) webmail access sites:
    https://mssl.mail.live.com/m/?bfv=wm
    https://mobile.live.com/hm
    https://profile.live.com/contacts?bfv=um
    https://mail.live.com/m
    https://wls.live.com
    https://mobile.msn.com/pocketpc/

    For accessing emails thru "OAuth2" auth-method , use/add above four URLs & below one URL in TB's Cookie [ Exceptions ] list:
    5. https://login.microsoftonline.com/

    For accessing emails thru full-version webmail access website, lots of URLs need to be added into Exception list.

    Push Microsoft to use TLS/SSL based encryption security, instead of StartTLS encryption security, as TLS/SSL is far far more secured+safer than StartTLS.


    GMail (Basic/Mobile Version) web-service:
    This section contains info on what needs to be allowed in Thunderbird basic-browser tab, to access Gmail (from Google) "free" emails over their webmail web-service interface, to do basic functions: view new emails, or send emails. Below # 1 site is the webmail login/access site.

    1. https://mail.google.com/ (To access, goto: mail.Google.com)
    2. https://accounts.google.com/
    3. https://ssl.gstatic.com/
    4. https://www.gstatic.com/

    GMail also has these Mobile (aka: Basic-service friendly, aka: BASIC/HTML version) webmail access sites:
    https://mail.google.com/mail/u/0/h/1pq68r75kzvdr/?v%3Dlui
    https://m.gmail.com/
    https://mail.google.com/mail/x/gdlakb-/gp/
    https://mail.google.com/a/[Your-Domain]/x/1gjikl11t3cl1
    https://www.google.com/ig/mobile?output=pda

    For accessing GMail/Google-Mail emails via "OAuth2" authentication-method , add these three URL exceptions in TB,etc email-client's cookie Exception list:
    https://accounts.google.com/
    https://ssl.gstatic.com/
    https://www.gstatic.com/

    For accessing emails thru full-version webmail access website (inside TB), lots of URLs need to be added into Exception list.

    For doing Hangouts CHAT securely inside TB via using google's hangouts website/web-service , Copy+paste add+allow below URLs into TB's Cookie-Exception list . Do not use (Thunderbird) TB's Google-Talk (GTalk) based chat account/connection, because that DOES NOT USE SECURE/ENCRYPTION PROTOCOL PROPERLY, So Your MAIN Password Will Be Exposed Or At Risk . Use "Hangouts" web-service inside TB's web-browser TAB, which can connect securely into Google's GTalk/XMPP chat network.
    Access/signin web-service site: Hangouts.Google.com
    https://hangouts.google.com/
    https://accounts.google.com/
    https://myaccount.google.com/
    https://ogs.google.com/
    https://clients6.google.com/
    https://clients4.google.com/
    https://chat-pa.clients6.google.com/
    https://chat-pa.clients4.google.com/
    https://people-pa.clients6.google.com/
    https://people-pa.clients4.google.com/
    https://signaler-pa.clients6.google.com/
    https://signaler-pa.clients4.google.com/
    https://ssl.gstatic.com/
    https://www.gstatic.com/
    https://apis.google.com/
    https://aa.google.com/
    https://0.client-channel.google.com/ (You will have to add multiple of these servers, by changing "0" into other numbers: 1, 2, 3, 4, 5, ... etc, Add upto atleast 30 . Which exact one will be used, depends on which one is free & randomly selected by google to serve your connection)