Nov 06

MailBot has been updated to version 15.68.


Activation of two-factor authentication (2FA) in accounts via TOTP has been implemented. After successful activation, a secret key will be stored along with the account data, which has the following form: 3hmkerjjj6cw7kfi3

It is absolutely not necessary to use the Microsoft/Google Authenticator app to get the code from this key, on the “Email features” tab in MailBot there is a completely similar code generator, which opens by clicking on the “TOTP…” button.

Without a secret key, it will still be possible to get into the account using, for example, a recovery email, in this case you need to click on the “Sign in another way” link on this form:

Prompt for TOTP code when logging into Outlook account with two-factor authentication enabled

Despite this, it is strongly not recommended to uncheck the “OTP secret key” box on the “Export” tab, since TOTP is the fastest and most stable confirmation method.

The checker can now also bypass 2FA via TOTP if the account string has a secret key. If there is no secret key, but there is a recovery email with a password, the checker will still be able to authorize in the account by receiving an email with a confirmation code.

Attention! So far 2FA activation is implemented only after adding a recovery email to the account. Activation after phone number verification is planned in the next versions of MailBot.

Attention! After enabling 2FA in your account, it becomes possible to authorize via POP3/IMAP/SMTP only with app password, so this password is created automatically and saved along with the account data.

The application password looks like this: lbtmyfqaycrgsvxn
It is easy to confuse it with the TOTP secret key, however, the application password does not contain numbers, so they can be distinguished by this feature.

When working with FunCAPTCHA, the creator and unlocker can now parse the “blob” value and correctly pass it to solve FunCAPTCHA in the 1st CAPTCHA, Underdog CAPTCHA, CapSolver and CapMonster Cloud APIs.

The creator also now checks the account username format before starting the registration process. This has drastically reduced the number of accounts created by phone number that failed to create the mailbox itself due to an incorrect username format.

Also implemented:

  • handling by the checker of the “Your security info change is still pending” form
  • canceling an attempt to unlock an account if you need to receive an SMS to a specific phone number or a letter to a recovery email address from a temporary service (without IMAP access)


  • activation of email features after successful account unlocking using phone verification
  • ESignupError after successful account creation by phone number


Recovery email verification has been implemented in creators and checkers, and avatar uploading to accounts has been fixed.

Fixed persistent error of incorrect CAPTCHA code.

Removed the mandatory requirement of recovery emails.

Checkers have learned to identify accounts with PushNotificationObligation blocking type.

Fixed creator.



  • app passwords creation in the creator and checker
  • account profile completion by creator


  • checker detection of valid accounts
  • infinite reCAPTCHA solution by checker

Fixed error detection in Ukrainian.

Also implemented in MailBot 15.68:

  • EzCaptcha API support
  • added Google Chrome 118 fingerprints
  • TOTP code generator form now allows you to insert/enter a secret key with spaces


  • emails search via IMAP for some email providers, for example,
  • /LSApass command line option has been renamed to /apppass

автор tavel \\ теги: , , , , , , , , , , , , , , , , , , ,

Write a reply

You must be logged in to comment.