Windows 10 will reach EOS (end of support) on October 14, 2025. For more information, see this article.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

I keep getting asked to add security exception. This Qu was asked in Jan - no solution???

more options

cobraflex asked this question back in January and I don't see where anyone answered it. I have had this problem all year also - it's a REAL PAIN IN THE BUTT and I (like cobraflex) am looking for another client. The only thing that is keeping me is that my calendar is on TB.

cobraflex's thread describes the problem exactly. I am using WinXP sp3, TB is up to date. My ISP is shaw.ca Cable with a Cisco portal. My computer is a wired connection to a cisco (linksys) router using DD-WRT. No other problems!

Following is cobraflex' post......

"im constantly getting asked, sometimes several times a minute, to "confirm security exception". I always make sure "permanently store this excpetion", before clicking "confirm security exception", but it doesnt seem to work, as a few minutes later I'll get exactly the same pop up again, for all my email accounts.

Ive been using thunderbird for years, and usually this only happens, just the once, after ive turned my anti-virus off and on again. But this time it has started happening on its own, and has been relentlessly harrasing me. Sometimes the pop up will appear while im in the middle of typing a mail and cut me in my stride, so the program is almost impossible to use now.

Do you know why this might be happening? "

cobraflex asked this question back in January and I don't see where anyone answered it. I have had this problem all year also - it's a REAL PAIN IN THE BUTT and I (like cobraflex) am looking for another client. The only thing that is keeping me is that my calendar is on TB. cobraflex's thread describes the problem exactly. I am using WinXP sp3, TB is up to date. My ISP is shaw.ca Cable with a Cisco portal. My computer is a wired connection to a cisco (linksys) router using DD-WRT. No other problems! Following is cobraflex' post...... "im constantly getting asked, sometimes several times a minute, to "confirm security exception". I always make sure "permanently store this excpetion", before clicking "confirm security exception", but it doesnt seem to work, as a few minutes later I'll get exactly the same pop up again, for all my email accounts. Ive been using thunderbird for years, and usually this only happens, just the once, after ive turned my anti-virus off and on again. But this time it has started happening on its own, and has been relentlessly harrasing me. Sometimes the pop up will appear while im in the middle of typing a mail and cut me in my stride, so the program is almost impossible to use now. Do you know why this might be happening? "

Chosen solution

Okay, my 2nd pet peeve? It is absolutely amazing how people do not understand that DATA is absolutely useless if it is not accompanied by a DATE!! People NEVER delete data from their databases so you can't tell if it is 6 months or 6 years old!!!

Not quite the case here - your last post was close enough that when I called Shaw we were able to sort it out.

They don't specify incoming security - it defaults to whatever we set up under "Outgoing Server".

So it looks more like this....

    Incoming Server: pop.shaw.ca
   Server Type: POP Mail Server (can't change this)
   Security Type: none
   Authentication: Normal Password (or  Password, transited insecurely)
   Port: 110

Outgoing Mail Server with Authentication

SMTP Server

   Description: Shaw
   Server Name: mail.shaw.ca
   Connection Security: STARTTLS
   Port: 587
   Authentication: Normal Password
   Remote Access: We don't have access to this setting but worth 
   checking maybe - S/B Enabled

OH! AND you need to make sure that his is the DEFAULT server!

This seems to be working so far. I will return if it re-occurs (like to keep the thread complete for others).

Thanks for all your help - REALLY appreciate your persistence, I can now return to being a happy Mozilla user!

Thanks again,

Read this answer in context 👍 0

All Replies (9)

more options

I don't think Thunderbird is smart enough to read "no security" to mean "use the SMTP server server setting here." What would happen if you actually specified using STARTTLS on port 110?

more options

Hmmmm. Missed that part didn't I?

I changed it to STARTTSL and I am now getting pop-ups again.

more options

Yes, port 110 usually is not set up for any kind of security, so clearly they misspoke when saying that you would have security on port 110 based on your SMTP settings.

As long as you're experimenting, does SSL/TLS on port 995 work for incoming mail? If not, I guess you're stuck with port 110 and no security.

Modified by jscher2000 - Support Volunteer

more options
You seem to be saying that my outgoing messages are being transmitted in clear text to the Avast server?? Surely not?

That's not what I'm saying. Thunderbird talks to Avast via TLS, but Avast is acting as a SSL/TLS Proxy, and is decrypting your communication. That's the whole point, at least from their perspective. Avast then establishes an encrypted connection to your provider's server on your behalf. In your case it doesn't really matter anyway since you do receive messages from your provider in the clear, including transmitting your password in the clear. As said before, find a new email provider with decent security.

I don't regard eMail as secure and I treat it accordingly.

That is basically true as long as you don't encrypt the actual messages. But I wouldn't want to risk my password being compromised by sending it in the clear every time I check for new mail or send mail. And I don't see any reason to disclose my email password to an anti-virus software vendor.

Modified by christ1

more options

I don't quite understand how my password is sent un-encrypted if all my outgoing data is encrypted. Why would my ISP be sending my password to me?

I think when I choose and install an Anti-virus program, I put my whole life in their hands!!! They have access to everything on my network, the internals of my operating system and every keystroke I make. They can wreck my hardware, disable my Game Box, my TV, maybe even my Fridge! Not to mention they can steal me blind.

But the prospect of not having protection is even worse. So I HAVE TO TRUST AVAST!!! Don't I?

P.S. My ISP provides McAffee for free. I was selling McAfee in the early '90's when nobody had heard of it and it was the absolute best program available. It's FAR from that 20+ years later - might as well buy Norton!!

more options
My ISP provides McAffee for free.

Search this forum for problems related to McAfee. You'll find plenty. McAfee will make matters worse. Simply follow the instructions given above. https://support.mozilla.org/en-US/questions/1093227#answer-804727

more options

KenFF said

I don't quite understand how my password is sent un-encrypted if all my outgoing data is encrypted. Why would my ISP be sending my password to me?

Thunderbird has to send your username and password to the server to access your mail. The standard POP3 protocol on port 110 is not encrypted. If you are on a wireless network, they should usually be encryption between your computer and the wireless access point to prevent over-the-air sniffing, but from there to the mail server, it's plain text.

more options

jscher2000 said

Thunderbird has to send your username and password to the server to access your mail.

Yeah but outgoing IS encrypted! It's just incoming POP3 that isn't.

And I haven't thought it thru', but I think sniffing incoming mail would be a bit random and far less productive than sniffing outgoing?

more options

KenFF said

Yeah but outgoing IS encrypted! It's just incoming POP3 that isn't.

I see what you mean. The thing is, your ISP doesn't send mail automatically like a postal service, Thunderbird has to open a connection to the server and request new messages, and in that process, it sends your login information. Over an unencrypted connection.

  1. 1
  2. 2