I have given up updating the help section as no one actually reads them. Usage statistics are similar to the support forum and always have been.

Lets start with V78 is the supported version of the software. Not V60 V60 can only work with yahoo in an IMAP configuration and oAth or using a yahoo generated mailkey. Yahoo have removed their less secure apps option.

By far the most common cause of "your password or user name is wrong" is anti virus/internet security suites. How you have to configure your to make it work with Thunderbird is anybodies guess. But mostly if you increase any of the security settings in a third party firewall or anti virus email will stop working. If you use Norton Thunderbird's new account probe will be blocked. Wonderful product Norton back in 1990

I use OSX & Firefox so no security suites. I managed to get Tbird to create a POP account for my YahooMail and I can send. But after the initial download, its not downloading. I had to set up an individual App password within Yahoo, and enter it once. You are only supposed to have to enter it initially, not every time. Seems that every time you have to sign into Yahoo & click a disclaimer agreement (if your data gets stolen using a 3rd party app, its not their fault). But after that, the Tbird PASSWORDS popup is showing a long string, which is neither my usual PW nor the individual App PW. I deleted it, got several more "server" error msgs, then finally TBird asked me to enter a PW, and I entered my usual PW and got a "server" error msg. And now the PW is a long string again.

Wonder if Yahoo is having a bad day with their servers, or if its something else. Would like to know if I can turn off cookies again now that Yahoo has set its cookie, or if I must authorize cookies to make Yahoo mail work. Using Oauth authentication, that populated automagically.

I used these various help pages. https://help.yahoo.com/kb/new-mail-for-desktop/SLN35503.html https://help.yahoo.com/kb/pop-access-settings-instructions-yahoo-mail-sln4724.html https://help.yahoo.com/kb/sln27791.html https://help.yahoo.com/kb/learn-generate-third-party-passwords-sln15241.html

https://support.mozilla.org/en-US/products/thunderbird/emails-thunderbird/set-up-email-thunderbird https://support.mozilla.org/en-US/kb/thunderbird-and-yahoo https://support.mozilla.org/en-US/kb/manual-account-configuration https://support.mozilla.org/en-US/kb/automatic-account-configuratio

for other users, yahoo & TB setup info here , also see PART-2 (OAuth) & PART-3 (App-Key) sections, at bottom-side in that linked page.

Erik - that link is an extremely detailed post ! However, I've already done all of that, AFAIK. Part 3 touches on a question in my mind about which password I should enter into TBird - my regular yahoo mail PW, or the App Specific PW. Yahoo never tells you to copy & paste the App Specific PW into TBird, it does something automagically. In fact is says that the App Specific Password will only be needed once.

When I looked at TBird PW preferences, there was a long ASCI string - not my regular yahoo mail PW, and not the App Specific 16 characters. When I started trying to fix the problem with being able to SEND but not DOWNLOAD I deleted it. At one point it came back, I guess after TBird asked me to enter a PW. Since then I deleted it again while trying other combinations of things like Port and Cookie settings. Right now there is a long ASCI string which must have occurred when I SENT and TBird wanted my PW.

I'm confused about TBirds manner of storing PWs. Some of my other PWs are shown in clear text. So I don't think TBird is taking ASCI and converting them to HEX etc. And that would make Show PW useless to show you a forgotten PW.

BTW, How do you enter a PW into TBird other than by responding to an error message?

The linked post Part 3 says that after creating a Yahoo App Specific Password, you need to manually change Authentication from Oauth2 to Normal Password. But the Yahoo instructions say nothing about this. In fact is says that the App Specific Password will only be needed once. And I was under the impression that Oauth2 was required for POP or IMAP setup.

What is the 16 digit DNS address for

SO I will give that a try. OTOH, I am able to SEND, so it would be odd that DOWNLOAD worked differently... and it fails, but never got the the point where it sends a PW: > Sending of password for user celeryhead1@yahoo.com did not succeed. Mail server pop.mail.yahoo.com responded: Server error - Please try again later > Is their pop server just down for days at a time? But not their SMTP server?

What is the 16 digit DNS address for pop.mail.yahoo.com ? ICANN and WhoIs say "not found." Weird. Can I enter the numeric format into TBird, to bypass possible DNS server errors?

If I ever get to ENTER PASSWORD I may have to goto Yahoo & delete authorization for TBird and generate a new App Specific PW, since I did not save the original one.

> goto Yahoo web mail access website & sign-in/login, & goto here to generate/create an App-Password code/key from Yahoo website, for TB email-client app. • when you will use App-Password-code in TB , then you will have to use it as a password in Yahoo mail-account's password field in TB. • also change this yahoo mail-account settings in TB : TB main menu > Tools > Account Settings > select yahoo mail-account > select "Server Settings" > change from "OAuth2" auth-method, into "Normal Password" auth-method. • and before specifying App-Password-code in TB , you have to delete earlier password from Saved-Passwords list >

Now that I think of it, since my normal Yahoo Mail PW works for SEND, it must also work for DOWNLOAD because TBird only has one entry for Yahoo, and it seems to go to the yahoo login popup which I suppose is common to both SEND and DOWNLOAD: oauth://login.yahoo.com (mail-w)

And its really really annoying not to be able to see that long detailed post I just created, because "A moderator must manually approve your post before it will be visible.". Those were my notes on the procedure I am following, and now I cannot continue until the bring it back.

That should be a warning BEFORE it is posted, so the user can copy it to his own computer before it disappears.

But I can't suggest that, because I can't figure out how to get to the page where I can actualy ASK a question - the banner "Get Help" goes to a page that shows existing questions. Getting the the actual "ask a question" entry box, that then allows you to POST it, seems to be a random function. Another thing Mozilla needs to do is put that on a top level and not make people WASTE 10 minutes trying to get there.

I'm really, really stressed out about messing with this Mail problem for the last 3 days, and the behavior of the Mozilla site is just pissing me off as well !

finally your earlier post/response appeared.

when post has external links, or spam words, then post delay happens.

i also do not like the massive delay to display a post, that a post needs to be approved by Mod/Admin. but better solution is , instead of waiting in queue for review by Mod/Admin & then display it, it can be done this better way : user's message will be displayed instantly, text portions will be displayed instantly , BUT any link will be shown as LINK-NOT-APPROVED-BY-TB-MOD-YET-SO-WAIT. OR any link will be shown as simple TEXT like this https://www.example.com/ and any SPAM WORDS will be shown as [WORD-NOT-SHOWN-NOW-WAIT] in that way, conversation can go on much faster , without massive HOURS OF DELAY, and if user need-to can copy text to use as link, etc. i doubt good/better solution will be adopted. when problematic things are passed & applied , then there are plenty of better brainwashing+evil excuses.

there must be will/wish to do good/correct things for people/humanity first from heart , then good things can happen.

the AppKey, the OAuth2, etc are optional, still now. there are MILLIONS of users, all server side apps cannot be updated all at a same time, as they have different policies in different areas. so server side update/upgrade happening slowly. so some services/options are availble in one area, and not available in another area.

but over time, all account will reach to a point, where APP KEY (for a 3rd-Party App) is a MUST, but OAuth2 is optional. as APP-KEY is better than OAuth2 from ISP's server load, etc. But, some ISP/MSP are still using less-secure STARTTLS protocol (even for OAuth2 auth-method) to receive emails from email-senders , so that is a bigger concern. MSP/ISP must switch from STARTTLS into much more safer+secure TLS protocol.

yes , this answer PART-3 shows the last better solution, at this point. where a user first have to use/enable App Key for 3rd-Party email-client apps. then if they want to, optionally, can also enable/use OAuth2. if users want-to they can directly also configure client side to use OAuth2 , but doing above steps are better than using Oauth2 configuration directly first. ... from security point of view, etc.

don't know at-this-point detail about how TB is saving the entered password , but in (other) secured app its usually encrypted & stored, only a hash is shown to user , such app has a builtin master password , but that is not same as whats in other user , its installation depended, etc.

as some Yahoo,etc users are directly using OAuth2 configuration first, that is why that instruction is saying to switch from "OAuth2" auth-mehtod to "Normal Passwrd" auth-method, FIRST. then (as said in few para earlier/above) , setup App-Key based access in TB, & use "Normal Password" auth-method. then IF USER WANT TO, can again switch (optionally) into OAuth2 , & if user does that , then user must also switch from "Normal Password" into "OAuth2" auth-method. case 2: in the above way (AppKey -> OAuth2) , TB internally has App-Key password & OAuth2 token/cookie. case 1: users who uses direct OAuth2 config first in their TB, then TB internally may have main password, and for sure has Oauth2 token/cookie , user have to allow LOGIN/SIGN-IN time session-cookies by using main password (inside client app's browser) , and allow OAuth2 token/cookie. case 3: when user using only App-Key based access , then TB internally has App-Key only . No need for any extra cookie related site or config handling, etc, etc. MSP/ISP can (and suppose to) give only limited data access when App-Key or OAuth2 token/cookie was used access data. so obviously case-3 is better.

yahoo's server address are shown here, oauth URLs are shown here, etc, etc: more info . (please upvote my both Q+A if its useful/helful).

some mail-server addresses are CNAME based, just detecting various location, etc based client elements, and then forwarding to the correct mail-server.

these service providers have various other services for different categories of accounts, etc, so they also have slightly different server access.

EDIT: corrected info & few sentences. EDIT: improved suggestion on reducing post delay. EDIT: improved reasons for case-3.

The answer is use a yahoo generated mail key or update your version of Thunderbird to one that supports oAuth with POP mail accounts. But by all means continue the discussion.

18DEC20 SOLVED: I just found a note where I saved the Yahoo App Specific Password, and when I use it when TBird asks for a PW for downloading, I CAN download.

SOLUTION: 1) Need to use the App Specific password in your TBird DOWNLOAD pw entry.

2) BUT need to use your normal password in your SEND pw entry

3) Your Yahoo account page will NOT display the App Specific Password to you, after the initial creation of it & backing out of that screen. SO YOU MUST WRITE IT DOWN !!!!! Or I guess you would have to delete it & generate another and save it.

4) Thunderbird (using 60.9.1) does show Oauth2 authentication in the SMTP server settings - but not in the POP settings, that is still normal password.

(SMTP is for downloading, POP is for sending)

Yahoo could have noted these things in their instructions !!! Having to do different things for both PW and the Authorization Method is the source of confusion. So it would help if the Mozilla page noted these things: https://support.mozilla.org/en-US/kb/thunderbird-and-yahoo

Just for reference - Anyone know the 16 digit DNS address for [the yahoo POP and SMTP servers] ? Maybe sometimes its a DNS resolution issue and using the digits will work. But when I searched WHOis, etc, using the words, no results found.

5) Another odd thing, I'll create a separate post -- for these many years, I have NOT saved passwords in "Password Manager" and I did NOT have to enter a PW every time I want to send or download. I just had to enter them once after re-opening TBird, if I closed it. But after the last time I closed TBird & reopened it, I am having to enter a PW every time. What's going on?

Is Password Manager a function within Thunderbird, or is Thunderbird asking if I want to use an Apple OSX Password Manager in my operating system?

Oh, you also have to Allow Cookies in Thunderbird.

FYI I finally figured it out after asking here: https://support.mozilla.org/en-US/questions/1317721#answer-1376868

18DEC20 SOLVED: I just found a note where I saved the Yahoo App Specific Password, and when I use it when TBird asks for a PW for downloading, I CAN download.

SOLUTION: 1) Need to use the App Specific password in your TBird DOWNLOAD pw entry.

2) BUT need to use your normal password in your SEND pw entry

3) Your Yahoo account page will NOT display the App Specific Password to you, after the initial creation of it & backing out of that screen. SO YOU MUST WRITE IT DOWN !!!!! Or I guess you would have to delete it & generate another and save it.

4) Thunderbird (using 60.9.1) does show Oauth2 authentication in the SMTP server settings - but not in the POP settings, that is still normal password.

(SMTP is for downloading, POP is for sending)

Yahoo could have noted these things in their instructions !!! Having to do different things for both PW and the Authorization Method is the source of confusion. So it would help if the Mozilla page noted these things: https://support.mozilla.org/en-US/kb/thunderbird-and-yahoo

5) Oh, you also have to Allow Cookies in Thunderbird.

(SMTP is for downloading, POP is for sending)

SMTP is for sending, POP or IMAP is for receiving emails.

So it is; wish I could edit to correct it. Seems to be solved, but new weird behavior in entering passwords. I'll generate a new question Except that I cannot find the page that actually allows me to post a question. The GET HELP link in the banner goes to a page listing existing questions. That page has a SEARCH box, but after entering my question, still no way to POST it. This is infuriating.

Actually I can't say this is solved, because of the new misbehavior. It seems that the existance of an Oauth account will cause TBird to ask you to enter the Password for previously existing POP accounts EVERY TIME you send or receive, instead of only once after restarting TBird:

https://support.mozilla.org/en-US/questions/1318778

A guy using LINUX has the same issue: https://support.mozilla.org/en-US/questions/1304806#answer-1377200

Dear atErik, re your post dated 12/14/20, 6:34 PM You explanations of AppKey, and the verification method OAuth2 are important. I can see the combinations are a complicated thing, especially if sometimes, to make it work, you need to add them in a specific sequence. I'll have to learn to understand this for the future, and which is better for personal security and connection speed.

I THINK that if you use OAuth2, then Yahoo will NOT require you to conduct a login to YahooMail every time you try to SEND mail.

Is Oauth2 an "industry wide" standard? From the name, I presumed it was something proprietary to the OATH conglomerate (yahoo, verizon, AOL) because the name sounds like the word "oath two." So I'm wondering what the "O" stands for.

I also now know that I can refuse all cookies in TBird, by using an EXCEPTION to allow the Yahoo POP and SMTP servers to set cookies. Not sure if both need to do so today, but of course in the future they might make it so (without telling users, of course) and then something will mysteriously stop working.

WTF ??? A while ago I Downloaded, but now I can't:

Sending of password for user xxx@yahoo.com did not succeed. Mail server pop.mail.yahoo.com responded: Server error - Please try again later.

( sorry to response in late ... this time of year, etc. )

thanks for reading my earlier response. yes, the sequence has importance, (for better security). but a user can bypass this choice/option.

if SMK (secure mail key aka app key, etc) or OAuth2 is setup properly, then both ways should work fine, & there should be NO prompt to user, to enter password again & again.

OAuth2 is another method for authentication, to reduce the theft+usage of original/master/main password in apps, etc . for more info, obviously begin from https://en.wikipedia.org/wiki/OAuth , then: https://tools.ietf.org/html/rfc5849 , https://tools.ietf.org/html/rfc6749 , then https://oauth.net/ OAuth 1.0 & 2.0 BOTH HAVE (MANY) BUGS/VULNERABILITIES. ( some are published and some are not published )

a token/cookie is saved during OAuth procedure by the ISP/MSP/OAuth site via HTTPS (port 443) based secure connection , when you selected OAuth & allowed Cookies. in TB's Cookie-Exception, only HTTPS based (web mail access) site address/domain-names are needed to be added , Not the (IMAP/POP/SMTP,etc) mail-server address/domain-names. once a token/cookie is saved in TB, then, no more need of extra cookies very soon . ( Cookie acceptance option can be disabled in TB . Cookie EXCEPTION option can be used to allow only specific HTTPS sites ). after that, TB can use that token/cookie code,etc VIA the SSL/TLS encrypted/secure connection with mail-server(s), over IMAP-S/POP-S (port 993/995) or SMTP-S (port 465) protocol, by using OAuth2 auth-method.

TB can ask/prompt to enter password , if older saved-password is incorrect, or when app needs a App-key but user entering main password, etc. so delete older password from TB first, before adding new password . goto "Saved Passwords" list inside TB, to remove older password. don't use same App-Key in two different client email software or in two TB.

Went back to this today. Its working now... SUN 27DEC20 SUCCEEDED IN MAKING POP DOWNLOAD INTO THUNDERBIRD AT LEAST THE FIRST TIME...

1) Deleted existing TBird yahoo mail account. 2) re-created it: 3) had errors telling me that either Account Name or PW is incorrect. DURING TBird AUTO-CONFIGURATION I HAD TO ENTER THE (EXISTING) APP KEY AS PASSWORD NOT THE YAHOO MAIL LOGIN PW. I had to fiddle with this for a while, so I wonder if maybe TBird has a glitch between the new entry and the already saved Password.

NOTE THAT THE AUTO-ACCOUNT GENERATION IS USING OAUTH2 AUTHENTICATION FOR BOTH POP download and SMTP send.

Everything I have read said that "If your client does NOT work with Oauth, THEN you need to use a Specific App Key. This seems to be incorrect, because TBird auto-configured both POP and SMPT for Oauth, and I must use my App Key for POP.

Previously I could still SEND using "Normal Password" and my usual Yahoo login PW.

Checking the TBird passwords, POP is using the App Key, and "oauth://login.yahoo.com (mail-w)" has a gibberish string which I presume is my normal Yahoo password hashed.

So it seems the App Key PW is ONLY used for downloading. Nothing I have read mentioned that.

https://help.yahoo.com/kb/grant-temporary-access-outdated-apps-account-settings-sln27791.html Access mail via Thunderbird Remove your Yahoo account and set it up again in the Thunderbird email client. 1. Go to Tools | Account Settings. 2. Select your account in the list. 3. Go to Account Actions at the bottom left. 4. Click Remove Accounts. 5. Click Add Accounts and type in the email address and password.
- Thunderbird will then automatically activate the secure sign-in method for your account. Read more on removing and re-adding accounts in Thunderbird. ABOVE LEADS TO MOZILLA PAGE: https://support.mozilla.org/en-US/kb/automatic-account-configuration

DID NOT NEED TO DELETE EXISTING KEY & RE-GENERATE: https://help.yahoo.com/kb/learn-generate-third-party-passwords-sln15241.html

I can't remember what POP stands for anymore. something OVER something... I remember Point To Point Protocol PPP