QUESTION(s) : (1) How can users or I have direct-access (aka: view, send, receive, etc capabilities) for web-emails/web-mails (i.e:"Mail.com") , from simple/basic/lightweight/mobile web-browser thru/over secure/encrypted connection and by using their plain/basic/lite/lightweight/mobile HTML version based web-service/WEBSITE/SITE ?
and (2) What Other Alternative Web-Mails Solutions (preferably: free solutions) I/User Can Use To Send/Receive Emails ?
and (3) Which Sites/URLs Need To Be Added In Cookie-Or-Script EXCEPTION List, To Allow Communication With Web Mail Servers Or For OAuth2 Authentication Token/Cookie ?
and (4) Which Sites/URLs Need To Be Added In Cookie-Or-Script EXCEPTION List, To Allow Saving OAuth2 Authentication Token/Cookie For Email Client Program TB=Thunderbird, SM=SeaMonkey, etc ?
END-OF-QUESTION.
DETAILS:
( PLEASE AVOID / SKIP READING BELOW ,
if you have NO time to read more info, or if you have NO-respect that i/someone can have different preferences/choices, etc,
or if you don't want to figure-out 1orMore solutions for my/user's problems,
or avoid/skip when you don't want to helpout )
Abbr:
i.e. = in-example.
aka = also-known-as.
Eml = Email/Mail.
Auth = Authentication/Verification.
MSP = Mail Service Provider.
WMSP = WebMail Service Provider.
ESP = EMail Service Provider.
ISP = Internet Service Provider.
Web-Browser (HTTP/HTTPS) Client (example) : Firefox, Safari, Chromium .
Email-Client (example) : Thunderbird, SeaMonkey, Outlook.
Some email-client software program/app also contains web-browser engine/core inside them , in-example: Thunderbird, SeaMonkey, etc . These software has option to open web-browser tab, so webmail service / websites can be used/accessed inside that web-browser TAB, inside the email-client . This is what this stackoverflow question+answer is targeting to use . When email related external-server accesses are done from same software (separated from a web-browser which is used for accessing many other 3rd-party websites), then, often it is easier to setup security / firewall rules to control / filter such data net traffic , and keep email related cookies, components, data traffic, etc separate from web-browser related data traffic . There are many other benefits (in example: using web-browser based PGP/GPG addons to send/receive secure/encrypted or signed emails , session cookies remain out of access of non-email 3rd-party websites, addons, etc).
Why using "Mail.com" ? Instead of using all of these ( Mail.com, HushMail, ProtonMail, Tutanota, Zoho-Mail, Mailfence, iCloud, Excite-Mail, etc ) WebMail based mail/email service providers (ESP/MSP/WMSP) NAME AGAIN & AGAIN , here i will use only "Mail.com" to refer to all/any of these webmail based ESP/MSP/WMSP.
BASIC WEBMAIL(s) / WEB-EMAIL(s) SERVICE EXAMPLES:
Few EXAMPLEs of simple/plain HTML version based website/webservice to access emails, which is also known as basic webmail/webemail service, etc.
YAHOO : any user can access "Yahoo" emails over their secured & plain HTML version site, by using below link:
https://login.yahoo.com/?.src=ym&lang=&done=https%3A%2F%2Fmail.yahoo.com%2Fneo%2Fb%2Flaunch
and to access "Yahoo" emails over standard HTML version site:
https://login.yahoo.com/?.src=ym&lang=&done=https%3A%2F%2Fmail.yahoo.com%2F
- Yahoo emails can also be accessed for free by using free IMAPS+POP3S+SMTPS mail-server services directly from Email-Client programs, more info: https://en-global.help.yahoo.com/kb/SLN4075.html
IMAPSimap.mail.yahoo.com:993or POP3Spop.mail.yahoo.com:995,
and SMTPSsmtp.mail.yahoo.com:465(TLS/SSL),
Note: if a user is selecting Connection-Security: TLS/SSL (encryption), Auth-Method: OAuth2 , for login/accessing emails, then, for OAuth2 to work, Cookie from specific URLs need to be allowed inside email-client . Numbers at-end of mail-server name/address is network port number, for-example::993is pre-assigned for IMAPS usage . The "S" at-end of "IMAPS" is indicating to "Secure" (which usually means "Encrypted") . A User can also create/obtain App-Key (aka: Mail-Key, etc) from Yahoo's webmail access website, and use that app-key code as password (instead of using Yahoo email account's main/primary password), in password field of mail-account, inside email-client software . When user want to use App-Key based login, then Auth-Method should be "Normal Password" & connection security must be "SSL/TLS" (encryption) in email-client software.
GMAIL : any user can access "GMail" (from Google) emails over their secured & plain HTML version site, by using below link:
https://mail.google.com/mail/u/0/h/1pq68r75kzvdr/?v%3Dlui
and to use Standard version (with all features) back again, this can be used:
https://mail.google.com/mail/u/0/?nocheckbrowser
Reference for "GMail": https://support.google.com/mail/answer/15049?hl=en
- GMail also allows free access by using these mail-server services:
IMAPSimap.gmail.com:993or POP3Spop.gmail.com:995,
and SMTPSsmtp.gmail.com:465(TLS/SSL),
Note: if a user selected Connection-Security: TLS/SSL (encryption), Auth-Method: "Normal Password", for login/accessing GMail emails, then, GMail account's main-password need to be specified in email-client , and user also have to select "Allow Less Secure App" option inside GMail settings and also enable IMAP(s)/POP(s) based access . User can also use OAuth2 as Auth-Method for login/accessing emails, from an email-client software . For that, Cookie has to be allowed in email-client, and No-need to select "Allow Less Secure App" option inside GMail settings, but user may have to enable IMAP(s)/POP(s) based access inside GMail settings, and user have to allow/approve email-client software.
Hotmail/Outlook/Live/MSN/etc : Microsoft(MS) Outlook/Hotmail/Live/etc free email service(s) can be accessed for free on "Live.com" or "Outlook.Live.com" website(s) . The "Outlook.Live.com" site includes an option (which is available after login via standard-HTML mode) to access site/service over "Light Version" mode , Once/when that is set/enabled then MS webmail service allows to access emails over plain HTML site.
And MS also allows free IMAPS+POP3S+SMTPS mail-server access, which can be used from plain email-clients, for accessing emails of free email-account (or free microsoft account). To access emails use the info from "MSN" line shown here: https://support.microsoft.com/en-us/office/pop-and-imap-email-settings-for-outlook-8361e398-8af4-4e97-b147-6c6c4ac95353
IMAPSimap-mail.outlook.com:993or POP3Spop-mail.outlook.com:995,
and SMTPSsmtp-mail.outlook.com:587(startTLS),
Note: if user selected Connection-Security: TLS/SSL (encryption), Auth-Method: "Normal Password", for login/accessing emails , then, user can use main-password to access emails from email-client software and as password goes thru TLS/SSL encrypted connection so its fine & secure (if its using strong encryption).
Tell/Inform+Push Microsoft to SWITCH from STARTTLS into TLS/SSL, as TLS/SSL is more secure than STARTTLS . STARTTLS can be abused 1, 2, 3, 4 to violate Privacy-Rights of users: to STEAL-from Or SPY-on users.QUESTION: Can "Live.com" (Outlook/Hotmail/Live,etc) free emails be accessed over plain-HTML site by using a specific URL (like something that is similar to Yahoo/Google) without enabling the "LightVersion"-option ?
End-of-EXAMPLES.
WEBMAIL1:
WebMail/WebService access is needed into online webmail based email/mail service providers (ESP/MSP).
"Mail.com" MSP seems to NOT-provide any free IMAPS/POP3S based services to free-accounts holders to get/view their received emails, and neither provides any free SMTPS service(s) to send emails outward from free-accounts . So it appears that, only free options i/user with free-accounts have, are to use their services either thru "Mail.com" website from any web-browser, or access their site thru their own "Mail.com" app . And their official app also does not have any option to use PGP/OpenPGP/GPG/SMIME based secured emails.
- Another problem is, "Mail.com" Or it's parent-company seems to use too many other micro web-services from too many other sub-domains, etc !!!
"Mail.com" & its sub-domains are not DNSSEC+DANE signed, so users cannot be 100% sure if they are using authentic site/service. - So i (and users) need to know How to easily send+receive+view "Mail.com" emails from simple/BASIC/LIGHTWEIGHT WEB-BROWSER, by using secured/encrypted connection but over plain-HTML or lightweight-HTML version of web-email web-service from "Mail.com".
- It will also be okay, if "Mail.com" can be directly accessed (for free-accounts) from email-client programs (i.e: Thunderbird, SeaMonkey, etc) by using some addons on the email-client, e.g: BrowseInTab, ThunderBrowse, WebApp, WebMail, etc . Do you know of any other/better addons ? ( this wud be my preferred way for accessing "Mail.com" )
- And please also share info with me+users about same for other (major) online Email Service Providers, if you know & if you want to.
- Please assume i'm using a very simple & basic (or lightweight) web-browser, or pls assume i'm using a very basic email-client program.
- Similar to "Mail.com", these following email-service (webmail / web-service based) providers also do not provide free IMAPS/POP3S/SMTPS access to free email-account users, but provide only HTTPS(port-443) protocol based web-service/web-access (webpage based email access) for free , So they are "webmail"-providers . Many users from below email-services also need a solution (to my top-side question), to access emails by using email-service provider's basic/plain HTML version website to use from basic/lightweight web-browser software or to use from basic/lightweight email-client software.
- Webmail-providers: HushMail, ProtonMail, Tutanota, Zoho-Mail, Mailfence, iCloud, Excite-Mail, etc.
But these service providers should provide atleast POP3S+SMTPS protocol based access for free, as those 2-protocols are minimum & being used atleast from 1984, and needed for accessing emails from email-client software, and also needed to easily send+receive secure (signed or encrypted or encrypted+signed) emails.
- Webmail-providers: HushMail, ProtonMail, Tutanota, Zoho-Mail, Mailfence, iCloud, Excite-Mail, etc.
WEBMAIL ACCESS INTO SELF-HOSTED MAIL-SERVER:
Another major/big usage & need of having web-access for emails (aka: webmail, aka: web-browser based access) : in my case, its for accessing MY-OWN SELF-HOSTED1, 2 (small) MAIL-SERVER , And similarly many other users & teams & groups, etc also need to have web-access into emails, either for their business or for their own project or simply for their own personal/private usage, by SELF-HOSTING.
- Such mail-servers (comparison) usually use open-source & free software, and owner/user often/usually use less-powerful or overloaded SERVER computers, and often/usually many mail-servers do not have a widely accepted public-CA (certificate-authority) based SSL/TLS cert/certificate configured for it (and may instead use a simple free self-signed TLS/SSL-cert ) , and some mail-servers also get overloaded because of extra memory-usage & extra computing resources consumed by virus/malware/spamware checker, scanner,etc software.
- Recently, free SSL/TLS certs from a CA : LE(Let's-Encrypt 1, 2) has been widely used, (and even more recently another new-comer CA : ZS(ZeroSSL 1) is becoming popular over its ease of usage) . So LE based SSL/TLS cert has began to increase encryption usage in Web+Email servers & so user's (and server owner's) Privacy is increasing.
- And, if individual or small-business or small-group/team based mail-server operator wants to, then they/he/she can avoid execessive protocols by reducing usage of specific 4-protocols : IMAP4S/993, POP3S/995, Mail-Submission/587, Mail-Submission-Over-TLS/465,
and instead they/he/she can increase usage of 2-protocols : HTTPS/443 protocol based webmail to interact with end-users, & SMTPS/25 protocol to send emails-to (or receive emails-from) remote (mail) servers. - Users can easily create Mail-Servers with these free (and open-source) mail-server-bundle (aka: mail-server-suite, aka: mail-server-package, aka: mail-server-stack) : Mail-in-a-Box , MailCow (for Docker) , Modoboa, Usermin(webmail), iRedMail+iRedAdmin (opensource edition of this combo only has four features), etc.
- There are also many (open-source) server-admin (aka: hosting server control panel) type of software, which can also create full-featured mail-server (and also many other servers) : Webmin+Virtualmin , GNUpanel, ISPConfig, etc, etc . You may also see a Comparison of server control panel in wikipedia site, or here.
BASIC WEB-BROWSER:
A lightweight/plain/simple HTML site/website usually uses very simple basic/plain HTML, may use simple CSS styles, may use very very less JS(JavaScripts) or No JS at all, does not use any Flash/Java or any other objects/medias, etc.
BASIC HTML WEB-SERVICE:
A plain-HTML site/website/web-service is usually tuned/optimized to work on a small-scale or light-footprint web-browsers that usually supports minimum+safe standard (or latest/best) security (encryption/decryption) protocols, but lightweight browsers usually do not have advanced viewing/interface support/capabilities (that is, they may lack big/wide screen, so lightweight web-browsers need to show less elements to make minimal items meaningful for the User so that User can use it by touch/tap/mouse), and lightweight browsers often/usually running on a device which has very-less computing-resources available (or low-speed or low FLOP/S microprocessor), etc constraints.
More info on lightweight web-browsers:
https://en.wikipedia.org/wiki/Comparison_of_lightweight_web_browsers
More info on mobile web-browsers:
https://en.wikipedia.org/wiki/Mobile_browser
"Email-Clients" means, a type of program, which allows to receive/send/view emails. More info: https://en.wikipedia.org/wiki/Comparison_of_email_clients
PORTS FOR EMAIL-SERVICES:
Internet or computer-network connection ports used by email/mail handling systems:
ISP = Internet Service Provider, they also provide Mail Service, so they are also MSP.
MSP = Mail Service Provider. For example: online mail/email service provider, webmail/web-email service provider, etc.
IMAPS/IMAP or POPS/POP service are used to view/get emails (from mail-server into user's (email) client software/app). SMTP service is used to send emails.
PROTOCOL(aka: Service) : PORT# ;
IMAPS/IMAP4S : 993 (encrypted) ; IMAP/IMAP4 : 143 (not-encrypted, usually not-private) ;
POPS/POP3S : 995 (encrypted) ; POP/POP3 : 110 (not-encrypted, usually not-private) ;
SMTP/SMTPS : 25 (usually used for Email Server To Server communication, can be encrypted or not-encrypted, depends on email-server software capability, and it is usually allowed in business-class ISP connections, and usually not-allowed in residential-class ISP connections, Email-clients used inside business-class connections can use port 25 to send emails) ;
SMTPS/SMTP (Mail-Submission) : 587 (usually for Email-Clients in residential ISP connections, and usually STARTTLS encrypted, but it may use non-encrypted protocol) ; If your ISP/MSP uses STARTTLS then tell/push them to switch into TLS/SSL, as TLS/SSL is more secure than STARTTLS . STARTTLS can be abused 1, 2, 3, 4 to violate Privacy-Rights of users: to STEAL-from Or SPY-on users ;
SMTPS/SMTP (Message Submission Over TLS protocol) : 465 (usually for Email-Clients in residential-class connections, and usually TLS/SSL encrypted) ;
HTTPS (Secure-HTTP) : 443 (webmail. web-service. SSL/TLS encrypted. For accessing (view, receive, send) emails by using web-browsers) ;
HTTP : 80 (not-encrypted, not-private) (Avoid using it) ;
When info/msg is sent/received by using Not-Encrypted protocol(s) or by using unencrypted (aka open) protocol(s), in such case, email/message contents can be immediately viewed+stored+cached by anyone in the middle, so private-info is not-private anymore.
By the way, my question is NOT about an Email's message (or email body or content) viewing (or writing) formats or choices like these: "Plain Text" Email, or, "HTML" Email.
EXTRA INFO:
( PLEASE AVOID / SKIP READING BELOW,
if you have NO time to read more info, or if you have NO-respect that i/someone can have different preferences/choices, etc )
Encrypted protocols help to protect information/data privacy, when info/data is transiting/going thru Internet, in-between User's (local) device/computer and remote web server (or remote service provider). Encrypted protocols can keep data private+secured for some short amount of time, until the encryption is weakened/cracked/broken after some time by using various reckless schemes/backdoors by violating user's Privacy-Rights, these schemes/backdoors are also discovered+accessed by many other harmful & more-reckless entities/persons.
- If regular person or their children have no "cloth"-protection of their body, & only special-group & rich can have "cloth" (or special+rich are also purposefully removing their cloth), then, those special & rich won, and achieved the harm on regular person (e.g: virus infections, sun-burn/cancer, social-chaos from nudity, hospital+pharma industries make more money, only special/rich/corrupt persons are allowed to do unethical & immoral closed-door secret discussions that affects billions of people, etc backward+uncivilized) . "Encryption" is like "Cloth" in internet, & more. We all must have cloth(real-world)+encryption(cyber-world) . All internet devices can have varieties of encryption software, no special hardware is needed for encryption, just math based encryption can work fine on all devices, So all must use one of the available encryption from a common set of encryption , we must work-on real innovative+constructive ways (instead of backward ways or thief's ways) to fix & make sure cloth+encryption not-abused by anyone, but definitely Not by going backward by breaking,removing, backdooring,weakening it , such removalsteller-wind, prism, echelon, xkeyscore, USA-spy-on-UN of real-encryption has endangered security & privacy of data & human life/safety support/depending systems, etc, that is why Privacy-Rights has high priority & placed at number 4th place as 4th-AmendmentACLU, Law.Cornell.Edu, B in USA-Constitution (1791) . UN/EU also supports Privacy-Rights (1948 Article-12 section of UDHR, also 2014 Res-69/166, etc), all member-states signed/agreed with it.
- With Guns,Powers(Lawfares/Abusive-Laws/Impunities) mainly in the hand of one major race of Police/LawEnforcement/JusticeDept side, have created massive civil inequalities & massive systematic crimes+corruption, and it empowered harmful racism, etc, etc , So Guns,Powers,Lawfares,etc need to be equal for all side and all must have equal+same+easy access , that is why we have 2nd-Amendment in 2nd highest priority place . One person or only some-people cannot be above the Law . Law must be applied equally on anyone & all, whoever will meet the Law's criteria . If all cannot have same set of Guns,tools,etc, and, if all do-not have same & easy equal-access to those , then one solution is : all must give-up those Guns,tools,etc & also sacrifice access to those , to create equality & justice for all . Disarming people from their self-protection tools is not-good, only bad people/dictator benefits from absence of those tools, bcuz then they know they do not have to fear people when they will commit more crime or abuse more pople or loot more money from people . All People need training/education on these responsibility, (for example: to handle Vehicles/Cars, driving training+test(s) are needed, right ? so to handle those tools, training+tests are also needed ) , and LawEnforcement person needs to have ATLEAST 10-TIMES MORE TRAINING+TEST & atleast 10-TIMES MORE HUMANITY INSIDE THEIR BRAIN+HEART , TO REALLY "SERVE-&-PROTECT" PEOPLE INSTEAD OF "STEAL-&-KILL" their life/privacy,etc . All human need regular/frequent TEST for (real-world) eligibility to carry/have/access these tools to response+stop attacks by evil-people who are inside the country . Similarly, All people must also have equal training & easy-access to similar tools to use inside internet(cyber-world) to response+stop attacks & data-theft by Evil-Corporations, evil-entities, evil-thief-agencies, etc that are inside the country.
End of EXTRA-INFO.
END OF DETAILS.
