Normally Firefox talks directly to the mail server, but there are a few reasons that an intermediate program or server might intercept your mail session. Not all of these are good reasons.

Some security suites include a filtering feature. In order to filter secure connections (HTTPS URLs), the security software presents a fake certificate to Firefox so it can intercept and stand in the middle of the secure connection. To have Firefox trust these certificates, you may need to do something such as import a root certificate, or click something in your security software's settings.

But... many users are finding that rogue software they didn't realize they had installed is the culprit.

When you are offered the option to add a security exception, does Thunderbird let you view the problem certificate? For example, in Firefox, you can click the Add Exception button in the error page, then in the dialog click View Certificate or Get Certificate to see the Issued by section. You do not need to finish adding an exception.

We want to get to the "Issued by" section of the certificate, as this often points to the source of the problem.

The kind of issuer you might find is:

• Name associated with your security software, such as ESET, BitDefender, etc.
• Sendori (indicates unwanted software from Sendori)
• FiddlerRoot (indicates unwanted software named similarly to BrowserSafeguard, BrowserSafe, SafeGuard)
• Something else

What do you see?

The Issued by information is common name "Positive SSL CA2" and the organization is "Comodo CA Limited", which has some pretty bad reviews as a SSL certificate issuer. I assume this is whom hostgator obtained the SSL cert from?

We could cross-check. What is the server name and port that Thunderbird is trying to connect to?