[EXPERIMENTAL] Outlook Express HTTPMail Server Concept

So I’ve been toying around the idea of a replacement HTTPMail server for Outlook Express for a while.

For anyone not in the know, HTTPMail was an HTTP-based Hotmail gateway utilizing WebDAV, and was implemented for Outlook Express to supply Hotmail users with an easy way to get their Hotmail accounts linked onto the mail client without extra SMTP server setup.

Initially, I had followed this documentation, considering that almost all documentation for HTTPMail is scarce, but because the structure of how the authentication process worked was kind of confusing, I decided to lay off the project.

Today, I randomly decided to see if the HTTPMail server was still fruitful, and from actually realizing that the authentication was fully described on in an IETF document regarding now-insecure HTTP authentication methods. It seems that there were two types of authentication methods supplied: Basic and Digest.

Basic authentication actually involves the most risky method of authentication: supplying the username and cleartext password encoded in Base64, which can open you up to even the most script-kiddish of hackers entering into your account nowadays, while Digest authentication involves a somewhat more plausible, but still insecure method of authentication: MD5 hashing a concatenation of the username, password, a nonce specified by the server, the HTTP method used, and the requested URI.

Only focusing on the Digest authentication, I was about to quickly abandon the project, considering that the server needs the username and password to intertwine Outlook.com and introduce email services to the email client utilizing HTTPMail. Then I was aware of the Basic authentication method after reading a bit of the RFC, and although it is extremely flawed, I felt it would be worth it to implement it onto the server, also considering that I now don’t plan for this to be an actual public service (Oh my, no).

After getting yet another aiohttp server in Python set up and hooking up OE 5.5 on a Windows 98 VM of mine to connect to my local server, it can authenticate with Basic. Now all I have to do is get the intertwining stuff finished and refine things in the backend, and it’s all good to go. :slight_smile:

Now if I could just figure out how I can get a proper DeltaSync server running… :stuck_out_tongue:


wait so does this mean what i think it means

Yup. :stuck_out_tongue:

A bit of Outlook Express functionality restored. :stuck_out_tongue:


atleast that, OE is dead since MS discontinued the DS service, hope this actually develops

btw, is it me or is escargot getting new service announcements/possibility’s every 2 weeks

What do you mean? :stuck_out_tongue:

Little update.

I finally got the authentication properly set up, so now it’s down to dealing with lxml and why it won’t parse RST’s response body due to some “encoding error.” :stuck_out_tongue:


lol :cat2:

1 Like

For anyone wondering or interested about the project, it’s the same deal as my MSN Explorer one. In limbo, will probably continue privately, and while not as much of a passion project as my MSN Explorer one, is still something I don’t want lingering on here anymore as if it means something here.

Have a nice day.

1 Like