MailBot by Tavel — email accounts creator, checker and unlocker

MailBot has been updated to version 16.57.

This article is a continuation of the previous one, about adapting MailBot to mandatory authentication via OAuth2 for Outlook mail servers.

A new setting “Generate OAuth2 refresh token” has been added to the “Email Features” tab:

This setting currently only works for the Outlook/Hotmail module. If the checkbox is checked, the Outlook creator will generate OAuth2 tokens for accessing mail protocols after successfully creating an account, and the checker will generate them after successfully logging into an existing account.

Attention! All OAuth2 tokens are generated for ClientId 9e5f94bc-e8a4-4e73-b8be-63364c29d753, which is the ClientId of the Mozilla ThunderBird IMAP client in Outlook.

After successfully receiving OAuth2 tokens, MailBot will append a refresh token string to the end of the account string, and will also additionally save all parameters received from the OAuth2 server to a JSON file in the “oauth2” folder inside the “Accounts” folder. The file name will match the account email address. Example of the contents Read more »

tavel \\ AOL, GMX.com, Hotmail, IMAP, Mail.ru, MailBot, OAuth2, OTPTextnow, Outlook, POP3, PVA, VAK-SMS, creator, recovery email

MailBot has been updated to version 16.54.

Since September 20, 2024, Microsoft has almost completely disabled authentication via regular password (PLAIN method) on its IMAP, SMTP and POP3 servers, leaving only the OAuth2 option (XOAUTH2 method). As of today, only a few servers remain unpatched, and it is almost impossible to authenticate with a regular password on Outlook mail servers.

If you try to authenticate with a regular password, for example, the Outlook SMTP server will respond with this error:

535 5.7.139 Authentication unsuccessful, basic authentication is disabled.

and the Outlook IMAP server will respond with this one:

001 NO AUTHENTICATE failed.

To some extent, this also affected MailBot, since the verification of recovery emails in the program is carried out via the IMAP protocol.

In connection with this, a new setting “Authentication” appeared in the recovery email source settings window in MailBot, which is a list with two values:

• Plain password
• OAuth2

When connecting Outlook accounts as recovery emails, you now need to select only OAuth2, and the format of the recovery emails in the file should look like Read more »

tavel \\ AOL, IMAP, Mail.ru, MailBot, O2.pl, OAuth2, Outlook, POP3, SMTP, Turnstile, VAK-SMS, WP.pl, Yahoo, recovery email, Yandex

MailBot has been updated to version 15.68.

Outlook/Hotmail

Activation of two-factor authentication (2FA) in accounts via TOTP has been implemented. After successful activation, a secret key will be stored along with the account data, which has the following form: 3hmkerjjj6cw7kfi3

It is absolutely not necessary to use the Microsoft/Google Authenticator app to get the code from this key, on the “Email features” tab in MailBot there is a completely similar code generator, which opens by clicking on the “TOTP…” button.

Without a secret key, it will still be possible to get into the account using, for example, a recovery email, in this case you need to click on the “Sign in another way” link on this form:

Despite this, it is strongly not recommended to uncheck the “OTP secret key” box on the “Export” tab, since TOTP is the fastest and most stable confirmation method.

The checker can now also bypass 2FA via TOTP if the account string has a secret key. If there is no secret key, but there is a recovery email with a password, the checker will still be able to authorize in the account by receiving an email with a confirmation code.

Attention! So far 2FA activation is implemented only after adding a recovery email to the account. Activation after phone number verification is planned in the next versions of MailBot.

Attention! After enabling 2FA in your account, it becomes possible to authorize via POP3/IMAP/SMTP only with app password, so this password is created automatically and saved along with the account data.

The application password looks like this: lbtmyfqaycrgsvxn
It is easy to confuse it with Read more »

tavel \\ 2FA, AOL, funcaptcha, GMX.com, GMX.de, I.UA, IMAP, LSA, Mail.com, MailBot, Meta.ua, Outlook, TOTP, Web.de, Yahoo, avatar, unlocker, recovery email, checker, Yandex

MailBot has been updated to version 15.47.

Outlook/Hotmail

Microsoft’s landing page is skipped now in creator and checker when receiving sign up and sign in forms.

This gave the following bonuses:

1. The speed of work has increased, because Microsoft server that served the landing page couldn’t handle the load on September 13 and often went down, which led to EIdReadTimeout errors.
2. Internet traffic consumption has decreased, since the landing page is almost 150 KB in size.
3. Eliminated EFormURLNotFound errors at the stage of receiving sign up and sign in forms.

Fixed the problem of receiving two identical codes in a row from verification emails when adding a recovery email to an account if Rambler mailboxes are used as recovery emails.

Inbox.lv

Verification of the recovery email when creating an account has been implemented:

Attention! If the “Verify recovery email” checkbox on the “Recovery email” tab in MailBot is not checked, then accounts Read more »

tavel \\ AKE.net, API, CapSolver, GMX.com, GMX.de, Imagetyperz, inbox.lv, Mail.com, MailBot, Outlook, Runbox, SMS-MAN, TIGER SMS, Web.de, Yahoo, creator, domains, proxy, aliases, recovery email, секретный вопрос, checker

MailBot has been updated to version 15.33.

Instead of a patchwork of changes for all email providers, which is hard to read, let’s try to break down changelogs by email provider. Please send your opinions in which form you prefer to read the changelog.

Outlook/Hotmail

Implemented adding and verifying a recovery email in the creator, in the signup mode without phone verification. Previously, this was implemented only in the unlocker.

Verifying a phone number to enable SMTP is not necessary now, verifying the recovery email gives the same trust to the account as verifying the phone.

During the process two letters with confirmation codes are received on the recovery email, this is normal.

Creation of aliases is implemented in Outlook creator, checker and unlocker.

Attention! To create aliases in your Outlook account, it must has verified recovery email!

Attention! Outlook now allows you to create only 2 account aliases and only on the outlook.com domain!

The checker now is able to create Outlook mailboxes for Microsoft accounts created via phone number:

This allows you to finish creation of mailboxes for accounts in format +380983524927:V5p9axnJc, which were previously saved in “partially created” files.

When creating accounts via phone number, creator now updates Read more »

tavel \\ 1st CAPTCHA, anycaptcha, GMX.com, GMX.de, GrizzlySMS, IMAP, inbox.lv, Mail.com, Mail.ru, Outlook, POP3, PVA, Runbox, SMS-Activate, SMTP, VAK-SMS, Web.de, creator, antispam, aliases, recovery email, checker