This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

The new AT&T security update requirement does not include Thunderbird . Will Thunderbird email be affected on Dec 31, 2014?

  • 8 replies
  • 3 have this problem
  • 4 views
  • Last reply by rsx11m

more options

AT&T is issuing notifications to the effect that, unless email security settings are updated by Dec 31, 2014, email will no longer accessible. Thunderbird is not among the options offered on the AT&T site for updating the settings.

AT&T is issuing notifications to the effect that, unless email security settings are updated by Dec 31, 2014, email will no longer accessible. Thunderbird is not among the options offered on the AT&T site for updating the settings.

Chosen solution

Ok, so the combination of "plain" with "passwordCleartext" is the part where settings are insecure (basically, your username and password are sent in clear text across the wire, thus anybody eavesdropping on the line could read it and log in as you, reading your messages, and sending messages in your name).

From your list, it seems that at least the bellsouth.com account is maintained by AT&T, but you can start with the account for which you received that warning. Click on the [≡] toolbar button, then "Options>" on the arrow part to open the submenu, then "Account Settings". You should see an entry in bold for each of your accounts with a couple of pages underneath, and an "Outgoing Server (SMTP)" item at the very end.

For the account you need to change, go into the "Server Settings" tab. According to the KB article, the "Server Name" should be inbound.att.net and the "User Name" your full @bellsouth.com address. Underneath there is a group "Security Settings" where you change "None" to "SSL/TLS"; this should also switch "Port" (two rows above this setting) from "110" to "995" which is what you want.

Next, open the "Outgoing Server (SMTP)" tab and highlight the server which seems to be associated with your bellsouth.com/AT&T account. Same procedure here, "Server Name" should be outbound.att.net and "Connection Security" set to "SSL/TLS"; if "Port" doesn't switch from 25 to 465 automatically, make that change manually. Again, the "User Name" field should have your full @bellsouth.com address.

Hope this works as advertised.

Read this answer in context 👍 1

All Replies (8)

more options

So what are they changing? Thunderbird supports TLS and SSL; what more do they demand of you? Can you copy one of these notifications here?

more options

Yes... Here is the text of the 'Alert':

Dear AT&T Internet Service Customer,

Our records indicate that you are not using the most current secure settings in your email application. If you use an email application such as Microsoft® Outlook® or Apple® Mail to send or receive email, you will need to update your email settings by Dec. 31, 2014 in order to continue accessing your email through your email application. (If you currently access your email via webmail and the att.net homepage, you do not need to take any action.)

How Do I Update my Email Settings?

You can update your email settings easily online at the AT&T Support site.

   You can automatically update your email settings by going to www.att.com/updatesettings and click the link to launch the AT&T Email Updater. This will detect any settings that need to be updated and will update automatically.
   OR
   You can manually update your email settings at
   www.att.com/esupport/article.jsp?sid=KB401568

If needed, additional support is available at https://home.secureapp.att.net/mailupdatesupport.

We suggest that you take action as soon as possible. Remember, you must update your email settings by Dec. 31, 2014 to continue using your email application to access your email.

more options

http://www.att.com/esupport/article.jsp?sid=KB401568 holds the key but needs specifics, e.g., which type of service you are receiving from AT&T. Thus, please go there from your connection (which apparently is needed as well) and select your service, then pick the instructions for your e-mail domain (i.e., the part of your e-mail address after the '@' character) and let us know what they say.

There should be instructions for "POP" and possibly "IMAP" with each containing a server name xyz.att.com and a port number (110, 143, 465, 587, 993, 995, depending on the protocol). Another parameter is whether the user name is just the part in front of the '@' or your whole e-mail address, but as there are only two options, that's easy to figure out by just trying.

more options

This page: http://www.att.com/esupport/article.jsp?sid=KB401570&cv=801&br=BR&ct=9000142&pv=3 shows that they expect you to use ports usually associated with SSL or TLS secured connections.

One way to help us to help you is to post your settings here.

Help|Troubleshooting Information

Clear the "include account name" checkbox Click the "copy text to clipboard" button Paste (ctrl+v) into your next posting.

Delete anything you aren't happy with sharing, and you can delete the reams of stuff about your fonts. But we DO need to see the server names and ports and security options.

more options

Here is the text, sans fonts, printers. Let me know if I deleted too much...

  Application Basics
   Name: Thunderbird
   Version: 24.6.0
   User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0
   Profile Folder: Show Folder
             (Local drive)
   Application Build ID: 20140610001341
   Enabled Plugins: about:plugins
   Build Configuration: about:buildconfig
   Crash Reports: about:crashes
   Memory Use: about:memory
 Mail and News Accounts
   account1:
     INCOMING: account1, , (none) Local Folders, plain, passwordCleartext
   account2:
     INCOMING: account2, , (pop3) mail.bellsouth.net:110, plain, passwordCleartext
     OUTGOING: mail.bellsouth.net:25, plain, passwordCleartext, true
   account3:
     INCOMING: account3, , (pop3) mail.bellsouth.net:110, plain, passwordCleartext
     OUTGOING: mail.bellsouth.net:25, plain, passwordCleartext, true
   account4:
     INCOMING: account4, , (pop3) pop.mindspring.com:110, plain, passwordCleartext
     OUTGOING: smtpauth.earthlink.net:25, plain, passwordCleartext, true
   account5:
     INCOMING: account5, , (pop3) pop.mindspring.com:110, plain, passwordCleartext
     OUTGOING: smtpauth.earthlink.net:25, plain, passwordCleartext, true
   account6:
     INCOMING: account6, , (pop3) pop.mindspring.com:110, plain, passwordCleartext
     OUTGOING: smtpauth.earthlink.net:25, plain, passwordCleartext, true
   account7:
     INCOMING: account7, , (pop3) pop.mindspring.com:110, plain, passwordCleartext
     OUTGOING: smtpauth.earthlink.net:25, plain, passwordCleartext, true
   account8:
     INCOMING: account8, , (pop3) pop.mindspring.com:110, plain, passwordCleartext
     OUTGOING: smtpauth.earthlink.net:25, plain, passwordCleartext, true
   account9:
     INCOMING: account9, , (pop3) mail.generalstandards.com:110, plain, passwordCleartext
     OUTGOING: mail.generalstandards.com:25, plain, passwordCleartext, true
   account10:
     INCOMING: account10, , (pop3) pop.mindspring.com:110, plain, passwordCleartext
     OUTGOING: smtpauth.earthlink.net:25, plain, passwordCleartext, true
   account11:
     INCOMING: account11, , (pop3) pop.mindspring.com:110, plain, passwordCleartext
     OUTGOING: smtpauth.earthlink.net:25, plain, passwordCleartext, true
   account16:
     INCOMING: account16, , (pop3) pop.mindspring.com:110, plain, passwordCleartext
     OUTGOING: smtpauth.earthlink.net:587, alwaysSTARTTLS, passwordEncrypted, true
 Extensions
 Important Modified Preferences
   Name: Value
     accessibility.typeaheadfind.flashBar: 0
     browser.cache.disk.capacity: 358400
     browser.cache.disk.smart_size.first_run: false
     browser.cache.disk.smart_size.use_old_max: false
     browser.cache.disk.smart_size_cached_value: 358400
     extensions.lastAppVersion: 24.6.0
 JavaScript
 Incremental GC: 1
 Accessibility
   Activated: 0
   Prevent Accessibility: 0
 Library Versions
     Expected minimum version
     Version in use
     NSPR
     4.10.2
     4.10.2
     NSS
     3.15.4 Basic ECC
     3.15.4 Basic ECC
     NSS Util
     3.15.4
     3.15.4
     NSS SSL
     3.15.4 Basic ECC
     3.15.4 Basic ECC
     NSS S/MIME
     3.15.4 Basic ECC
     3.15.4 Basic ECC

Thanks...

more options

Chosen Solution

Ok, so the combination of "plain" with "passwordCleartext" is the part where settings are insecure (basically, your username and password are sent in clear text across the wire, thus anybody eavesdropping on the line could read it and log in as you, reading your messages, and sending messages in your name).

From your list, it seems that at least the bellsouth.com account is maintained by AT&T, but you can start with the account for which you received that warning. Click on the [≡] toolbar button, then "Options>" on the arrow part to open the submenu, then "Account Settings". You should see an entry in bold for each of your accounts with a couple of pages underneath, and an "Outgoing Server (SMTP)" item at the very end.

For the account you need to change, go into the "Server Settings" tab. According to the KB article, the "Server Name" should be inbound.att.net and the "User Name" your full @bellsouth.com address. Underneath there is a group "Security Settings" where you change "None" to "SSL/TLS"; this should also switch "Port" (two rows above this setting) from "110" to "995" which is what you want.

Next, open the "Outgoing Server (SMTP)" tab and highlight the server which seems to be associated with your bellsouth.com/AT&T account. Same procedure here, "Server Name" should be outbound.att.net and "Connection Security" set to "SSL/TLS"; if "Port" doesn't switch from 25 to 465 automatically, make that change manually. Again, the "User Name" field should have your full @bellsouth.com address.

Hope this works as advertised.

more options

This seems to have worked, in that the two accounts that I updated per your outline still operate normally in both directions, but now have SSL/TLS security.

Many thanks to you and to all who responded to my inquiry!

more options

You are welcome!