Confirm your AT&T settings, and enter a secure mail key instead of the account password.

https://www.att.com/support/article/dsl-high-speed/KM1010523/

The correct outgoing server for POP is outbound.att.net on 465, SSL/TLS, normal password. TLS is not a factor here, and OAuth2 is not supported for the AT&T servers. Use normal password authentication and a secure mail key.

https://support.mozilla.org/en-US/questions/1313640

https://support.mozilla.org/en-US/questions/1314254

Avast/AVG can block connections; not recommended:

https://support.mozilla.org/en-US/questions/1315712

Thank you. Making progress, but not there yet. Created a the secure mail key. Sent test email, entered the key when prompted for password, and the mail was sent.

However, I'm still not getting incoming mail. I checked the saved passwords box. It seems to be empty. Everything is greyed out, so I can't enter or delete anything. I had expected to type the secure mail key in the top box. I can type it in, but it doesn't actually enter.

If you removed the old passwords from Saved Passwords, you should be prompted for the password when TB restarts and connects to the incoming server, at which point you enter the secure mail key, and check the box to have it stored in Saved Passwords. Check that you don't have a password manager, that is part of some security programs, managing TB passwords.

You should switch to IMAP+SMTP (instead of POP+SMTP), if it is appropriate/right for you. Usually & in many cases, accessing emails via IMAP protocol is better than POP3.

THUNDERBIRD = TB

PART-1:

SWITCH BETWEEN IMAP OR POP3, FOR SAME EMAIL ACCOUNT IN TB: in TB, if an email account is once setup with POP3, then to use IMAP, user have two options: • (1) user can either delete the POP3 account, & then create a new email account in TB, for the same AT&T email-address and with IMAP / IMAP4 option selected. • (2) OR, user have to first RENAME the POP3 account email-address to something else in TB : for-example: rename example@att.net POP3 email account in TB into example.1@att.net (or example-1@att.net or example.pop3@att.net) , then AGAIN ADD a new mail account in TB , for your actual email-adrs example@att.net from AT&T / ISP , but this time SELECT IMAP option. • Later, when/IF you want to use the POP3 based email account again in TB , then first rename IMAP based example@att.net mail account into example.2@att.net (or example-2@att.net or example.imap@att.net) , and then rename the POP3 based mail account from example.1@att.net (or example-1@att.net or example.pop3@att.net) into example@att.net. • you must change the string/characters ".1", ".2", ".pop3", ".imap", etc which i suggested/used above, into something UNIQUE (that is, some string/chars which is not used by another user). • and its better you use only one type of account and not-both type (in same email-client software) : that means, when you're using/enabled the IMAP based account/access, then you should disable the POP3 account in TB , OR do opposite , when you're using/enbaled the POP3 based account/access, then you should disable the IMAP account in TB.

Please view AT&T webpage for email account setup settings on email-client program/software: https://www.att.com/support/article/email-support/KM1010519/ and, AT&T webpage for POP3 based access is here https://www.att.com/support/article/email-support/KM1086159

auth = authentication.

FOR INBOUND/incoming/viewing EMAILS: • for POP3 based access: Email-Server is "inbound.att.net", protocol POP3, port 995, security TLS/SSL, auth-method "Normal Password". • for IMAP based access: Email-Server is "imap.mail.att.net", protocol IMAP, port 993, security TLS/SSL, auth-method "Normal Password". • In Actual Settings, Do Not Use The Double "Quote" Symbols That Are Shown Above As Example/Style. ( AT&T does not yet use "OAuth2" auth-method, as of writing this response here Nov,2020 )

FOR OUTBOUND/sending/outgoing EMAILS: please make sure you have these settings: protocol SMTP, port 465, security TLS/SSL, auth-method "Normal Password", then: • either use "smtp.mail.att.net" server, when you have selected IMAP for incoming. • or use "outbound.att.net" server, when you have selected POP3 for incoming. • In Actual Settings, Do Not Use The Double "Quote" Symbols That Are Shown Above As Example/Style. ( AT&T does not yet use "OAuth2" auth-method, as of writing this response here Nov,2020 )

see PART-2 in below.

Thank you all! 1. re checking to see if I have a password manager that is causing problems: How do I do that? I've never set up a password manager, but sometimes a box appears asking if I want a password to be saved, but I have no idea what program this is or where to access the settings. The only programs I would guess might have software managers are Win10, Avast free antiviruus, and Malwarebytes Premium. Do any of these have password managers, and if so, how would I find them?

2. Re switching to imap: my understanding is that imap messages are not stored on my computer. Is that true? I have large portions of my life saved on what was once Outlook Express and is now Thunderbird, neatly filed (more or less!) since 2003. I often have to search very old emails in the filing system and would not want to lose that. Am I correct that imap is not for me?

Problem solved!!! Thank you! I just thought that I'd give "get messages" one more try, and this time got a different message, a place to enter the password (ie the new secure mail key). Thunderbird is busily downloading two weeks of messages.

No need to answer the questions I posted a few minutes ago. I'm all set. I truly appreciate all the help. Thank you!

PART-2: (AT&T-Yahoo)

TB = Thunderbird.

It appears (from various user's reporting), AT&T is changing/updating/upgrading their mail server services/systems in different areas at different rate/pace , so for now, different users have different policy set by AT&T-Yahoo: (1) some user accounts are still allowed to use old policies to access emails, from TB, with "Normal Password" auth-method by using web-access password via secure SSL/TLS connection. (2) some user accounts have such policy options, that users have OPTION to use SMK code (instead of web-access password) with TB (a 3rd-party email-client) app via secure SSL/TLS connection, & such users usually also have to approve TB app . See below for more info. (3) some user accounts have such policy options, that users have OPTION to use OAuth2 based auth-method (instead of "Normal Password" based auth-method) , OAuth2 users have to enable (specific) Cookies in TB , see below in bit-more detail . in OAuth2 verification process, users have to use AT&T-Yahoo's web-access password, then AT&T-Yahoo will ask user to approve/verify that user is indeed using a TB app to access emails , when user approves/verifies that, then TB begins to function.

BIT-MORE DETAILS: • so, some users are allowed to use "OAUTH2" based "AUTHENTICATION-METHOD" (auth-method) option, in some (not-all) areas/locality for some (not-all) account types , and in some areas users still need to use "NORMAL-PASSWORD" based auth-method . Both using last safe version of TLS/SSL secure communication. • when "Normal-Password" based auth-method is used, then for some account type in some area, AT&T allows users to use SECURE-MAIL-KEY (SMK) code (instead of using the AT&T mail website access PASSWORD . More info: AT&T, Yahoo. • User have to generate/create SMK code in AT&T mail web-access website , then use that SMK code in the email-client (TB) app . Usually one SMK code is used for one (email-client) app , So each app will need a different SMK code. • In email-client app at the place of "PASSWORD" box/field, user have to enter SMK code. • SMK generating site/page usually displays counters : one counter shows how many SMK code based access are now in use/active , and another counter shows how many total SMK code were generated so far, etc. • if you were using your mail web-access PASSWORD in your mail-account in TB , which is/was the general/earlier way , and if recently you cannot access mail anymore in TB (because your MSP=Mail-Service-Provider or ISP=Internet-Service-provider has upgraded their servers/services, & enabled SMK usage for any 3rd-party email-client (TB) app) , then goto TB > Options/Preferences/settings > Privacy & Security > Passwords > Saved Passwords > Remove the mail-account password > restart TB . When TB asks you to enter password for the mail-account, then enter the SMK code . that mail-account should begin to work in TB. • When a user's email account is allowed to be accessed over/thru "OAuth2" auth-method by AT&T , & user using that option, then user can use regular web-access password to approve the OAuth2 verification for the 3rd-party email-client app (i.e: TB, etc).

• For OAuth2 auth-method to work properly in TB , "Cookies" related to OAuth2 validation (and AT&T servers) need to be allowed/approved in TB. • in TB goto main-menu > Preferences/Options/Settings > Privacy > scroll-down to "Web Content" section: you can enable/select "Accept Cookies From Sites" option , then ALL types of TRACKING/MONITORING/SESSION-ID,etc cookies from wanted & unwanted sites will also be stored inside TB=Thunderbird, so, its not safe to enable/select it : i suggest to keep it disabled/unselected. • when above ("Accept-All-Cookies") option is disabled, then you have to add & Allow specific web-sites/URLs/sites/servers (inside the COOKIE-EXCEPTION LIST, aka: Cookie-Allow-Exception-List) so that ONLY THAT SPECIFIC SITE/SERVICE is approved and can work in TB. • You should avoid cookies from extra or unknown or unnecessary or advertisement, etc sites. • ( Cookie-Exception List in TB means, Web-Sites (aka: Web-Server-Addresses) Can Be Added Inside Cookie-Exception List To Allow Cookies, and also Web-Sites Can Be Added Inside Cookie-Exception List To Block Cookies. ) • If you enable/select "Accept-All-Cookies" option, then you have to add all advertisement websites inside Cookie-Exception-List and block them . But a website can change anytime their advertisement 3rd-party sites very easily, so their (abusive)-cookies will not-be blocked by TB if the "Accept-All-Cookies" option is enabled/selected . So its not safe, it destroys Privacy & Privacy-Rights.

• For more security, only specific cookies should be allowed (for OAuth2) from specific site/URL : see here : https://stackoverflow.com/a/63255601/3553808 inside above link i have shown cookies from what exact URLs/websites need to be added+allowed as EXCEPTION in TB, but that is only for few web-services , now AT&T mail services is not one of them yet, sorry . Later i may add info on AT&T. • You have to use (Firefox) web-browser & NoScript addon/extension to find out, exactly what is needed to be allowed, to access AT&T mail website + web-services . Test & find-out exactly which server-addresses are actually needed , first add+allow only those specific websites inside TB's Cookie-Exception List, and then also add+allow OAuth2 related websites, which are needed for OAuth2 based validation, during OAuth2 validation ).

• As AT&T mail servers (att.net) are using last safe TLS protocol/version, & compatible with newer-TB default settings, so TLS/SSL cannot be any issue here: or else (that is, if AT&T was using older unsafe TLS/SSL protocols, then), we had to set value 1 for "security.tls.version.min" setting in newer-TB , via TB's CONFIG-EDITOR / about:config, to allow outdated+unsafe TLS protocol/security, to communicate with mail-srvrs.

• PAL : in AT&T/ISP mail access website, user will have to make sure their email-client app is approved/permitted & shown in the Permitted App LIST = PAL = aka (also known as) 3rd-Party-Appproved-App-LIST = TPAAL = aka Approved App List ... this option/page is inside/under some "SECURITY" settings inside the AT&T/ISP/MSP mail access website . this is a security process to add+track your email-client app's (identification) info (known as "User-Agent"-string), and add+track the IP-address used by the email-client app, in the PAL list inside your ISP/MSP's security settings , to stop unknown & non-approved access into your mails . PAL settings (web) page usually shows which apps are permitted/approved by user, & PAL also shows each app's (internet-routable) IP-Address and/or IP-address based Geo-Location . So, to verify mail accessing email-client (TB, etc) app, your ISP/MSP will send you a text code in your phone/email to warn+verify if you yourself have just tried to access your emails from the TB email-client app or not , your ISP/MSP may also send a notification or code in ISP/MSP's own mail-client mobile software in your phone (if you've installed ISP/MSP's app) . once you approve (or enter code) there, then TB app will be approved & added into PAL & will be allowed to & able to access mails. PAL in Yahoo: click your profile icon > Account Info > Recent Activity. PAL in Microsoft(Hotmal,Outlook,MSN,etc): goto Accounts > Privacy > scroll down to "Apps and Services". PAL in Google(Gmail): Profile picture > My Accounts > Sign in & Security > Connected apps & sites > Manage apps. For example: if you have 2-computers & 3-devices where you are accessing same AT&T email account, then that Approved App LIST should have 6 items , here is why : though 2+ 3 = 5 , but when user will access AT&T website via a web-browser (to check "Approved App List") , then that web-browser is also acting/performing as an email-client , so that is why item becomes six items ( 5 + 1 = 6 ) inside such Approved App LIST. User should remove ALL unknown items (computers, devices, apps, etc) from PAL.

if for test purpose or for any other reason or someone told you to use it , & you have used "SECURITY: NONE" option , then your password has traveled thru internet as open password , it was not-encrypted, so its not secret or private anymore , so you MUST change password.

check PART-3.

PART-3: AV = Anti-Virus . FW = Firewall . SS = Security Suite software . TB = Thunderbird , is an email-client app:

• various AV/FW/SS software can also create problem ofcourse. • it sits in middle of internet/network connection as a type of proxy-gateway (or proxy-server) and intercepts+scans Internet/network data-packets, and so it can cause various problems, (if it cannot understand or handle mail related data-packets, protocols, etc, etc) . And beside, allowing ANY TYPE of MIDDLE software or device or anyone/anything to INTERCEPT your any DATA/emails , is ABSOLUTELY NOT A SAFE/SECURE PRACTICE , if you approve such, then it can be easily used by DATA-THIEF(s), DATA THIEF AGENCIES, ANY HARMFUL-ENTITITIES/PERSONS, etc TO SPY+STEAL DATA (FROM YOUR MAIL SERVER COMMUNICATION) , THIS/THESE DESTROYS (AND TAKES-AWAY) YOUR PRIVACY-RIGHTS, by stealing it from you. • AV/FW/SS software's Network/Internet/SSL/TLS Gateway/Proxy based "mail protection"/option/feature may need to be disabled (turn-off). Please see PART-4 here on How to Disable AV/SS "mail-protection" option in different AV/FW/SS , or How To Avoid interference from "Mail-Protection" while it is still enabled, by adding mail-servers under it's "Exception"/"Exclude" sub-option. • if your AV/FW/SS software does not have option to disable "mail protection" but still causes problem with TB , and if your TB begins to work when you completely turn-off ALL guard/protection/scanning in AV/FW/SS, etc software, then obviously AV/FW/SS is intercepting communication & creating conflict in-between mail-server & this computer , so you have to find the sub-option to add+allow (IMAP, POP3, SMTP) MAIL SERVER ADDRESSes into the EXCEPTION-LIST (aka: EXCLUSION-LIST) inside your AV/FW/SS software . One type of EXCEPTION LIST is available under your AV/FW/SS software's web-content protection/option/feature, its for protection from harmful websites, web-services, URLs, web-components, etc , and there is also another type of EXCEPTION LIST sub-option inside your AV/FW/SS software's system-wide or global protection option , it is usually used for detail configuration, & used for protection from harmful inbound/outbound activities, various threats, & also for protection from harmful web-content , and there is also one more type of EXCEPTION LIST sub-option which is inside your AV/FW/SS software's "Mail-Protection" option , this sub-option is important for us to add our (IMAP, POP3, SMTP,etc) mail-server address:port , so-that AV/FW/SS does not interfere in network/Internet communication with mail-server . it is also possible one of the option or most of the ("Exception") sub-option is missing in your specific/particular AV/FW/SS software, or AV/FW/SS is using a different WORD/NAME for same functionality . Add exceptions in all type of protection where appropriate , because even if one of them blocks connection with mail-servers, then TB will fail to access emails . Keep your AV/GW/SS software based Guard/Shield/Protection enabled, so that your computer remains protected . you must NOT disable ALL protection/guard just for checking emails . Emails can have malware/virus . See PART-4 here for more DETAILS. • you send email : your computer -> your email-client app (TB) -> smtps (port 465) -> remote mail-server with your mail-account -> smtp(port 25) -> remote mail-server of destination mail-account. you view received email : your computer -> your email-client app (TB) -> imap (port 993) or pop3 (port 995) -> remote mail-server with your mail-account. • You have to add+allow your specific mail-server (POP3, IMAP, SMTP, etc) addresses (with network port number) as EXCEPTION (aka: EXCLUSION) into your AV/GW/SS software, so that AV/FW/SS does not scan/intercept/block those specific mail-server related network/Internet connection data-packets. • Suppose your POP3 mail-server address is "pop3-mail.example.com" & uses (computer network) port # 995 , and suppose your SMTP mail-server address is "smtp-mail.example.com" & uses port # 465 , then in EXCEPTION LIST(s) of your AV/FW/SS software add+ALLOW these mail server addresses with specific port numbers : "pop3-mail.example.com:995" & "smtp-mail.example.com:465" . ( if you don't specify port # in web-content protection Exception/Exclusion-List item , then that usually means either use port-80 or port-443 or use both port 80 & 443 , as those are default web-content/HTTP/HTTPS ports ) . ( if you don't specify port # in global or system-wide protection Exception/Exclusion-List item , then that usually means: use */ANY/ALL port # from 1 to 65536. ) . it is better+safer to be specific. • check for emails via TB, • OAuth2 verification process uses HTTPS via port-443 , OAuth2 auth-method uses port-995 when POP3(s) is used or uses port-993 when IMAP(S) is used or uses port-465 when SMTP(S) is used . if you decide to use OAuth2 auth-method for your mail account(s) in TB , then you will also have to find-out what exact OAuth web-server address(s) is/are used during OAuth2 verification process, when you (will) add a mail-account in email-client (TB) app . you MAY also have to specify+ALLOW those OAuth server-addresses in AV/FW/SS software's all type of appropriate EXCEPTION / EXCLUSION LIST, if w/o specifying it, OAuth2 verification process fails. • if you want to use Secure-Mail-Key=SMK (instead of OAuth2) , then no need to add OAuth2 based Exception-Rule(s) in AV/FW/SS software , so if you just add+allow mail-server addresses in Exception-List of AV/FW/SS software that will be sufficient . For more info on SMK please see PART-2. • PAL=Permitted-App-List (aka: Approved-App-List) : also read PART-2's PAL info . in some cases, your ISP/MSP will ask you to confirm/verify that you yourself have just tried to access your mails by using a (3rd-party) email-client APP , in our case it is the TB=Thunderbird email-client APP , which you are now configuring . it can happen for any email-client app that is using SMK or OAuth2 or web-access password based access . • inside the TB, select this option "Allow AntiVirus Clients To Quarantine Individual Incoming Messages", AND change "Message Store Type For New Account" to "File Per Message", • (the File Per Message option works on a mail-account, when mail-account is created/added after enabling this option . and if you download (or copy from external storage to your local storage) too many emails suddenly, then your computer may be slightly slower as AV/SS is accessing+scanning those email-files first-time & building a checksum (hash/checksum) database, so that it does not have to scan files too frequently . some AV/SS builds checksum immediately before it is accessed by other app , so that type of AV/SS or settings will not slow down your computer ), • with above two options in TB : each email becomes one file , that helps AV/FW/SS software to scan and quarantine, etc when necessary, each file/mail individually & directly . no need for intercepting/checking each internet/network data packet from mail-server communication via AV/FW/SS based middle-man proxy/gateway. • With above mentioned specific two settings in TB , any AV/SS can still automatically check (email/mail) file(s) directly, when they are accessed by TB or by any other software, • and configure your AV/FW/SS software further to not-use any remote server(s) for local file checking, as that is Violation of Privacy-Rights, and helps THIEF(s) to STEAL more PRIVATE-DATA & create more mined/harvested database(s) to do more abusive activities. • And TB also needs to be further improved by TB's devs for such functionalities & compatibilities, in order for it to be compliant-with user's Privacy-Rights . TB itself should have builtin open-source AV & database to scan & remove malware in emails, for-example: TB can use ClamAV database. • in that way, AV/FW/SS cannot create internet connection problems with mail-servers or email-clients. • In some cases, user have to even unselect the option "Allow AntiVirus Clients To Quarantine Individual Incoming Messages" in TB, in order to disable AV/FW/SS/SSL/TLS proxy/gateway nuisance , because some AV/SS monitors that option in TB & forcefully enables even mail-server communication checking , instead of just downloaded mails/emails scanning. • And even with previous "quarantine" option disabled in TB , the AV/FW/SS software can still scan individual email files & can quarantine infected email files, when AV/SS option to "Scan on file access" (aka: Scan files on access) is enabled , so please make sure this option is ENABLED / ON in your AV/SS software. • So malware quarantine functionality still works fine in this way too, when "File per Message" option in TB is selected/enabled.

check PART-4.

PART-4: ( AV/FW/SS - Configure AV/SS )

Thunderbird = TB , is an email-client app.

AV = Anti-Virus . FW = Firewall . SS = Security Suite software. these software has various/many types of editions/variations based on user's need & protection-location. different software uses different WORD to indicate "Mail-Protection" option.

Do Not Disable ALL TYPE of GUARD/SHIELD/PROTECTION features/options in your AV/FW/SS software , that is very very UNSAFE. Keep AV/SS feature ON/enabled, that is related to "Scan any/all file on access".

You may have to Disable only "mail-protection" option/portion in your AV/FW/SS ( when AV/FW/SS uses some type of SSL/TLS proxy/gateway) , as there are other solution to scan all emails for malware.

•• IF/WHEN BELOW MENTIONED/SHOWN OPTION/LOCATION HAS A FURTHER SUB-OPTION UNDER IT TO ADD EXCLUSION/EXCEPTION RULE , WHERE YOU CAN SPECIFY YOUR MAIL-SERVER ADDRESSES (AND/OR PORT) SO-THAT YOUR AV/FW/SS DOES-NOT SCAN INTERNET COMMUNICATION DATA TRAFFIC FOR SPECIFIED MAIL-SERVERS , THEN IN SUCH CASE, DO NOT DISABLE BELOW MENTIONED OPTION ("Mail-Protection" option) . BUT IF/WHEN THERE IS NO SUB-OPTION UNDER THERE TO ADD EXCLUSION/EXCEPTION RULE , THEN FOLLOW BELOW STEPS AND DISABLE ONLY "MAIL-PROTECTION" OPTION/PORTION.

when user adds an exception/exclusion rule to exclude their mail-server communication from intercepted by your AV/FW/SS software , then benefit is , if some unknown program in your computer suddenly wants to send spam or other unwanted email outside , then such non-approved act will be blocked by the AV/FW/SS . so adding exclusion/exception is better than disabling the entire "mail-protection" option completely , but some AV/FW/SS do not have any/this sub-option to add exception/exclusion under "mail-protection" , so in such case only "mail-protection" option disable is necessary.

• AVG : disable "E-mail shield" ( Open AVG AntiVirus free > Menu > Components > E-mail shield ). or, open your AVG Internet Security/AVG AntiVirus Free program > click Web and E-mail Sheild tile > click on toggle-bar to disable E-mail shield.

• Avast : run Avast & goto Protection in left-pane/side > Core Shields > Mail Shield > unselect "Scan Inbound Emails" , unselect "Scan Outbound Emails" . Some Avast edition/variation does not have sub-option for adding EXCEPTION(s). ( also see below for another variation of Avast-Security )

• ESET/NOD32 : open ESET main program window > press F5 button (to goto Advanced mode setup) > find Web and email row, in left-pane , expand it > click-on Email client protection to expand it > in right-side , expand Email Clients > under the Email To Scan sub-section, click-on slider-bars to disable "Received email" , "Sent email" , & "Read email" options . click OK to save changes . exit Advanced setup.

• McAfee : To disable email scanning : right-click on McAfee shield icon in your notification area (next to the clock) and click Change Settings > click-on Real-Time Scanning > under Scan these attachments and locations , unselect Email attachments to turn off email scanning > click Apply to save your changes.

• McAfee VirusScan : click Start > Programs > McAfee > McAfee VirusScan Console > right-click Access Protection > select Properties > click-on Access Protection tab > under Categories in the left-side > select Anti-Virus Standard Protection > in right pane, select Prevent mass mailing worms from sending mail > click Edit > in the Processes to exclude section, type process name, i.e.: C:\Program Files\Mozilla Thunderbird\thunderbird.exe > click OK to close the Rule details window > click Apply > close Access Protection Properties window.

Some edition/variation of Avast Security Suite software has EXCEPTION sub-option under mail-protection ("Email-Shield"): • Avast : run/open Avast-Security & click-on Menu in top-right corner > Preferences > Core Shields tab > scroll-down to Email Shield section > keep the "Scan secure connection" selected > click on "ADD EXCEPTIONS" button > copy-paste mail-server address/domain-name from TB into the textbox of Add-Exceptions popup window > if its imap server/protocol based then select both IMAP & IMAPS checkboxes , if its pop server/protocol based then select both POP & POPS checkboxes > click on "ADD" button , repeat previous steps to add your various IMAP/IMAPS/POP/POPS servers . Some general editions do not have option to add SMTP server scan related EXCEPTION options . Most general editions may not have option to specify non-standard IMAP/POP/SMTP port.

Some edition/variation of Sophos Security Suite has Exclusion sub-option under "mail-protection": • Sophos AV/FW : Sophos program > Home > Email > MTA mode > Policies and exceptions > Add an exception > Type a name for this Exception Rule > Select the security checks to skip : select each: "Spam protection" , "Malware protection" , "Other" > then Select the objects to apply the exception to : in "Sources or hosts" specify "mail-protocol-server.your-mail-server-domain-name.com" , in "Sender addresses" specify wildcard *@your-mail-server-domain-name.com , in "Recipient addresses" specify *@your-mail-server-domain-name.com > click "Save" . if you added IMAP/POP3 mail-server, then add SMTP mail-server also as an exception, etc . Such exception allows to skip security checks for spam, malware, and data protection for specific sources, senders, and recipients.

... ... there are way too many AV/FW/SS software to list all here , but with above few you should be able to get idea & understand , what is you need-to-do & should do.

a brief What To Do Logic, is here.

Thunderbird = TB CONFIGURATION FOR MALWARE SCANNING: To make sure all emails are scanned by AV/SS, You/User MUST Do These. ... moved into PART-5.

you MUST check PART-5.

PART-5: ( AV/FW/SS - Configure TB )

Thunderbird = TB CONFIGURATION FOR MALWARE SCANING: To make sure all emails are scanned by AV/SS, You/User MUST Do These: • If you have added IMAP/POP3,SMTP,etc mail-servers in EXCEPTION, or disabled "mail protection", then you MUST also follow these: • goto TB main-menu > Options/Preferences/settings > "Advanced" in left-pane/side > scroll-down to "Advanced Configuration" section > change "Message Store Type For New Accounts" settings from "File Per Folder(mbox)" INTO "File Per Message(maildir)". • But above settings work only for those mail-accounts which are created after changing this setting. So what will you do if your mail-account was set earlier of this "File Per Message" setting ? you will MUST have to convert from "File per Folder" into "File Per Message" for each earlier mail-account. and select this TB option: "Allow AntiVirus Clients To Quarantine Individual Incoming Messages" (this option creates a single individual file for incoming message & signals the OS to access by TB , so that AV/SS can scan it on access). there are also emails that are not-incoming emails : we copy or bring from a different folder or we bring from backup, etc, and outgoing emails, etc , So we need to convert/keep each email as file , or another option is to allow AV/SS to also scan "file-per-folder" files, etc initially & occasionally. • DO THESE FOR EACH EARLIER MAIL-ACCOUNT(s) : in TB > Account Settings > select a mail-account > Server Settings > User Name: > change username/email-address, from username@example.com into username-random-numbers@example.com , unselect "Check For New Messages At Startup" , unselect "Check For New Messages Every: NN minutes" , unselect "Allow Immediate Server Notifications When New Messages Arrive" , press Ok/save button . So this is now your Backup mail-account , We will create a new one in next step . Do Not Click on Any Folder under this backup "mail-account" (until a new account is created+setup is done) . Ignore warning that TB cannot access emails , & ignore/cancel window to enter password for this backup "mail-account" . Exit TB, start TB. • Begin to Create a new mail-account in TB, this time use correct full email-address: username@example.com & correct settings , once this new "mail-account" is setup & working , check if all emails are showing up in new "mail-account" . if your mail-account is using IMAP , then IMAP based folders does not need to be copied into new "mail-account" , as IMAP based folders are located in remote mail-server , it will automatically arrive in new "mail-account" . But if you selected option to download email in local computers & delete email in mail-server , then your emails are inside the folder in "backup" mail-account , then you have to select all emails in each folder in "backup" mail-account , and (right-click & select) move emails into correct corresponding folder in new mail-account . there are TB-addon that can remove duplicate , so use one of such addon , if emails are duplicated after this step . if you created Local folders inside earlier "backup" mail-account or pointed to Local folders in earlier "backup" mail-account or you created other custom settings , then copy/transfer those settings into New mail-account and manually select all emails in earlier Local folders inside backup "mail-account" & copy them into Local folders inside the new "mail-account" . in this way , each email becomes a single email file . in New mail-account again point settings into correct Local folders if you've done so with earlier "backup" mail-account . Make sure all older settings (except Username) from backup "mail-account" are applied/transferred into new mail-account . During doing these steps your AV/SS will check each email file on creation , so your computer will/may become little slower at this point , its okay , once these steps are done , then your computer will function normally. • REPEAT above two steps for EACH earlier mail-accounts in TB one by one . after you're done with conversion from "File per Folder" into "File Per Message" , then each email will become single file , and your AV/SS can "Scan file on access" (access or modification) . Ofcourse all AV/SS by-default do "Scan file on creation". after you do above, your computer is protected from malware in emails , even if you have disabled "mail-protection" option in AV/FW/SS (or when you've added mail-servers in Exception list).