How to I add my yahoo email account after receiving a ransomware email
I received a ransomware email two weeks ago after my account on another site was compromised over a year ago. This email seems to have locked my ability to send/receive emails with Thunderbird, but I can still access email using the web interface, my mobile clients, or even using Outlook. I deleted my account, and then when I try to add this account I still cannot validate to the Yahoo email server.
What can I do to clear this problem, since I use Thunderbird to access my three email accounts?
All Replies (14)
What error do you see when the account is added? Since you appear to have a working password, first delete any passwords in Preferences/Security/Passwords/Saved Passwords, restart TB, add the account from File/New/Existing Mail Account, with these settings: incoming server imap.mail.yahoo.com on port 993 or pop.mail.yahoo.com on port 995, outgoing smtp.mail.yahoo.com on port 465; SSL/TLS security, authentication = OAuth2, User Name = email address. Upon setup completion, enter the account password in the OAuth2 browser window.
What yahoo, which was SBCGLOBAL needs for inbound is inbound.att.net, and smtp is outbound.att.net, and all of that still won't work
This is what I get
I'm fairly certain that there was a cryptic password set once the email was viewed, and somewhere that was embedded in a Thunderbird file that needs to be purged. I would like to uninstall Thunderbird and then reinstall it to see if that would work, but I'm not sure. I have a number of saved email folders that I use that I don't want to lose.
If you have the att.net servers, use a secure mail key with authentication = normal password, or set the authentication to OAuth2 and enter the regular account password in the OAuth browser window. Delete the passwords in Options/Security/Passwords/Saved Passwords, restart TB, and enter the key or password when prompted.
I did all of that and it still won't work. It keeps failing on the password which I enter correctly, I tested that it still works by logging into my mail using yahoo.com web mail too.
This has to do in some way with the ransomware email that I received two weeks ago. It didn't lock me out of anything except accessing my email account with thunderbird.
What do you get when you run an nslookup of inbount.att.net? https://td.unh.edu/TDClient/KB/ArticleDet?ID=775
nslookup inbound.att.net Server: 2001:558:feed::1 Address: 2001:558:feed::1#53
Non-authoritative answer: inbound.att.net canonical name = pop-att.mail.yahoo.com. pop-att.mail.yahoo.com canonical name = fo-jpop.mail.att.gm0.yahoodns.net. Name: fo-jpop.mail.att.gm0.yahoodns.net Address: 74.6.106.14 Name: fo-jpop.mail.att.gm0.yahoodns.net Address: 74.6.106.29 Name: fo-jpop.mail.att.gm0.yahoodns.net Address: 216.155.194.54 Name: fo-jpop.mail.att.gm0.yahoodns.net Address: 74.6.137.75 Name: fo-jpop.mail.att.gm0.yahoodns.net Address: 98.137.157.46
I'm using a MacBook, so I just went in manually and reset the DNS primary & secondary, and removed the 2001: listing too. None of that has seemed to work yet, the att.net servers still won't recognize the password. So this makes me think that something was set on my Thunderbird settings, where I can't find them, that even when I remove saved passwords I'm getting rejected
steveking1 said
This has to do in some way with the ransomware email that I received two weeks ago. It didn't lock me out of anything except accessing my email account with thunderbird.
If you actually have malware on your system, that could be a factor, but if you just received a common type of extortion message demanding payment 'or else', that would not affect TB operations.
Check your setting in Preferences/Advanced/Network & Disk Space/Connection and try different choices for no, auto or system proxy, as that has been significant for some Mac users.
I have Sophos Home on my system, so I hope there's no malware on my system! The extortion message was a typical "pay me or else" so here's what it looks like, just in case you or someone else can decode this bitcoin address they gave in the message, which I sent off to several sites where they may have gotten my information, like LinkedIn and others.
These scams are too numerous for anyone to spend the time tracking: https://www.reddit.com/r/Scams/
The more serious attacks that encrypt your files are the target of criminal investigations, especially when they affect major institutions, but I don't think that's happened to you.
No you're right that hasn't happened to me, this is just a nuisance that after receiving this I couldn't send/receive mail with Thunderbird