Thunderbird:Autoconfiguration
Goal
Objective: Make my non-tech friends use Thunderbird, by making it dead-simple to set up.
Most people are using webmail these days, mainly because it's so easy. You only need to know the URL (usually linked from the provider's homepage) and email address and password, and there's your inbox already. ISPs, although all of them provide POP/IMAP, are leading users to webmail because of that ease of use (and free mail providers do so for the advertizing revenue).
Goal: Setting up Thunderbird should be as easy as download/install and entering real name, email address and password. The Account Setup Wizard consists of only one screen.
Proposal
In the Account Setup wizard, if the "Email account" radio button is selected (which is the default), 3 text fields are visible and enabled: real name, email address and password.
Email address is properly syntax-checked, and the existance of the domain in DNS is checked.
The domain if the email address is used to determine the configuration (POP/IMAP and SMTP server names, SSL yes/no, authentication methods etc.), via several mechanisms:
- The legacy rdf files in <installdir>/isp/, like we have for Google Mail right now. (This may be dropped in favor of the next steps.)
- Try to contact a mail configuration server of the provider
- E.g. define an DNS TXT record or similar on domain example.net (for my.account@example.net) which contains an URL like https://mailconfig.example.net/mozilla.xml .
- That file contains the mail configuration, essentially the same as in RDF files, just the format in normal XML and a bit cleaned up. The email address (before @ or with domain) that the user can be used as placeholder in the config file, so the file is the same for all users (i.e. static).
- The protocol should be https (otherwise a MITM can direct my traffic and login request to him by just telling me his server as config).
- If the email provider does not provide the configuration, we try to find it at a Mozilla server
- E.g. https://autoconfig.mozillamessaging.com/example.net/config.xml
- This service will have the configuration for all the major ISPs and email providers, so there's a 90+% hit rate.
- It will not work for company email addresses.
- If a provider disagrees with a setting there, it can override the configuration by simply providing the config server in step 2.
- Other ways, esp. for company email accounts? Avoid heuristics and trail&error!
- If all fails, we ask the user to enter the configuration, using the existing wizard.
If we could find a configuration, we're done already, with that one screen.
The password dialog does not need to come up either, as the password has already been entered by the user and the wizard filled it in using the password manager.
We should also provide an option to ignore the autoconfig and go into manual config, e.g. using an extra radio button "Email account, manual configuration" (this works exactly like the current "Email account" option) in addition to the new "Email account" option which does the automatic config.
UI
+--------------------------------------------------+ | *Account Setup* | |~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| | (o) E-Mail account | | | | Full name: [ ] | | E-Mail address: [ ] | | Password: [ ] | | | | (o) Auto-detect: Status here(*) | | ( ) Manual configuration | | | | ( ) RSS News Feeds and Blogs | | ( ) Newsgroup account | | ( ) Calendar | | | | [ Cancel ] [ Next/Done ] | +--------------------------------------------------+
(*) Auto-detect status text:
1. Fill-in the fields above
2. Searching...
3a. Completed (found configuration)
3b. Failed (use manual configuration)
If the user finished (onblur) the email address text field (e.g. while he enters the password), the wizard makes network requests to try to find the configuration. The network activity is indicated by a spinner next to the "Searching..." text.
If we found a configuration, the spinner is removed and the "Next" button turns into "Done". In that case, there is no second page, not even the summary screen. The user ends up directly in his inbox, which was the goal.
If the user checks the [x] manual configuration option, the "Done" button turns into "Next" again. The server names etc. from the autoconfig file are still used in this case, but only to pre-fill the UI fields. That way, an advanced user can see, check and alter the values, but still takes advantage of autoconfig when possible. Open question: What about settings that are in the config file, but not exposed in the wizard? Used or not? May be important, but user can't check them before use.
Config file format
It should be XML, with a clearly defined format, to be stable and usable by other mail clients, too.
The current RDF format seems good in structure, but needs to be cleaned up to remove the RDF bits, Mozilla specifics etc.. It would be processed as normal XML, e.g. using E4X in Thunderbird.
<?xml version="1.0"?>
<clientConfig
xmlns="http://mailconfig.mozillamessaging.com/fileformat/namespace/2008">
<emailProvider id="googlemail.com">
<domain>gmail.com</domain>
<domain>googlemail.com</domain>
<displayName>Google Mail</displayName>
<displayShortName>GMail</displayShortName>
<incomingServer type="pop3">
<hostname>pop.googlemail.com</hostname>
<port>995</port>
<socketType>TLS</socketType>
<!-- unexcrypted, SSL, TLS
"if available" options considered harmful -->
<username>%EMAILFIRSTPART%</username>
<authentication>DIGEST-MD5</authentication>
<!-- anonymous,
plain,
login,
CRAM-MD5,
DIGEST-MD5,
KerberosV4,
GSSAPI (Kerberos v5),
-->
<displayName>Google Mail</displayName> <!-- needed? -->
<pop3>
<leaveMessagesOnServer>true</leaveMessagesOnServer>
<deleteMailLeftOnServer>false</deleteMailLeftOnServer>
<authentication>plain</authentication> <!-- todo list -->
</pop3>
<!-- remove the following and leave to client/user? -->
<loginAtStartUp>true</loginAtStartUp>
<downloadDuringNewMailCheck>true</downloadDuringNewMailCheck>
<rememberPassword>true</rememberPassword>
</incomingServer>
<outgoingServer type="smtp">
<hostname>smtp.googlemail.com</hostname>
<port>587</port>
<socketType>TLS</socketType> <!-- see above -->
<username>%EMAILFIRSTPART%</username> <!-- if smtp-auth -->
<authentication>smtp-auth</authentication>
<!-- none (server grants access based on IP address),
smtp-auth (RFC 2554, 4954),
smtp-after-pop (authenticate to incoming mail server first
before contacting the smtp server)-->
<displayName>Google Mail</displayName> <!-- needed? -->
<addThisServer>true</addThisServer>
<useGlobalPreferredServer>true</useGlobalPreferredServer>
</outgoingServer>
<identity>
<!-- needed? -->
<!-- We don't want Verizon setting "Organization: Verizon"
for its customers -->
</identity>
<!-- Will not be used with this proposal: -->
<sampleEmail>example@googlemail.com</sampleEmail>
<sampleUserName>example</sampleUserName>
<usernameDescription>Google Mail Username</usernameDescription>
<emailProvider>
<clientConfigUpdate url="https://www.googlemail.com/config/mozilla.xml" />
</clientConfig>
Placeholders:
- %EMAILADDRESS% (full email address of the user, usually entered by the user)
- %EMAILFIRSTPART% (email address, part before @)
- %EMAILDOMAIN% (email address, part after @)
- %REALNAME% (needed?)
TODO:
- IMAP
- All settings and enum values