Thunderbird

Privacy and Security Options

Thunderbird provides security measures to protect you from junk mail, identity theft, viruses (with the help of your anti-virus software, of course), intellectual property theft, and malicious web sites.

Thunderbird's Security Features

Thunderbird has a number of security features, including:

  • Adaptive junk mail controls
  • Integration with anti-virus software
  • Connection security
  • Digital signatures
  • Encryption
  • Master password
  • Restrictions on cookies
Let's take a closer look at these features.

Adaptive junk mail controls

Adaptive junk mail controls allow you to train Thunderbird to identify junk email (SPAM) and remove it from your inbox. You can also mark messages as junk mail manually if your email provider's system misses the junk mail and lets it go through. There are two ways of doing this.

The first way is to click the message in the Message pane and then click the Junk button in the Preview pane. If you accidentally mark a legitimate message as junk, you can quickly change the message back. After you click the Junk button, a bar appears in the Preview pane that says Junk Mail. Click the Not Junk button.

The second way of marking mail as junk mail manually is by using the Message menu bar. Here's how to do it:

  1. Click the message that you want mark as junk.
  2. Go to the Message menu, point to Mark, and click As Junk.

Integration with Anti-virus Software

If your anti-virus software supports Thunderbird, you can use that software to quarantine messages that contain viruses or other malicious content. If you're wondering what anti-virus software works with Thunderbird, you can find a list here: http://kb.mozillazine.org/Antivirus_software.

Connection Security

Thunderbird supports SSL/TLS and STARTTLS as well as password encryption, Kerberos, and NTLM. You can learn more about these methods for securing connections here: http://kb.mozillazine.org/Secure_connections_-_Thunderbird.

Digital Signatures

You can include a digital signature to verify the authenticity of a message.

Encryption

You can encrypt your messages using a shared encryption certificate. Note that all recipients of an encrypted message must also have the encryption certificate. You can get one from a number of websites although you may have to pay to get the certificate.

Master password

For your convenience, you can have Thunderbird remember each of your individual passwords. You can specify a master password that you enter each time you start Thunderbird. This will enable Thunderbird to open all your email accounts with your saved passwords.

Restrictions on cookies

Some blogs and websites attempt to send cookies (a piece of text that stores information from Web sites on your computer) with their RSS feeds. These cookies are often used by content providers to provide targeted advertising. Thunderbird rejects cookies by default, but you can configure Thunderbird to accept some or all cookies.

Setting Security Options

In the Security Preferences section of Thunderbird's Options/Preferences dialog box you can:

  • Set up how Thunderbird stores and disposes of junk mail.
  • Disable or enable Thunderbird's email scam detection and warning system.
  • Set up anti-virus integration.
  • Set a master password and access a list of saved passwords.
  • Set up how Thunderbird deals with cookies from blogs, news feeds, and web sites. 

Let's take a look at how to do that.

Opening the Thunderbird Preferences or Options dialog box

  • In Windows and Mac OS X, go to the Tools menu and click Options.
  • On Ubuntu or other versions of Linux, go to the Edit menu and click Preferences.

Configuring Thunderbird's default junk mail settings

  1. In the Preferences/Options dialog box, click Security and then click the Junk tab.

    tbird_sec_junk

  2. Do the following:
    • To tell Thunderbird that it should handle messages marked as junk, select the check box labeled When I mark message as junk.
    • To have Thunderbird move these messages to a junk folder, select the Move them to account's 'Junk' folder radio button.
    • To have Thunderbird delete junk mail upon receiving it, select the Delete them radio button.
  3. Thunderbird will mark junk message as read if you select the check box labeled Mark messages determined to be Junk as read.
  4. If you want to keep a log of junk mail received, select the Enable junk filter logging check box.
  5. Click the OK button to close the Options/Preferences dialog box.

Disable or enable Thunderbird's email scam detection and warning system

  1. In the Preferences/Options dialog box, click Security and then click the E-mail Scams tab.

    tbird_sec_scams

  2. To have Thunderbird warn you about possible email scams, select the check box labelled Tell me if the message I'm read is a suspected email scam. To turn off this feature, deselect this check box.
  3. Click the OK button to close the Options/Preferences dialog box.

Configuring anti-virus integration

  1. In the Preferences/Options dialog box, click Security and then click the Anti-Virus tab.

    tbird_sec_antivirus

  2. To turn on anti-virus integration, select the check box labeled Allow anti-virus clients to quarantine individual incoming messages. To turn off this feature, deselect this check box.
  3. Click the OK button to close the Options/Preferences dialog box.

Set a master password and access a list of saved passwords

  1. In the Preferences/Options dialog box, click Security and then click the Passwords tab.

    tbird_sec_password

  2. Select the check box labeled Use a master password.
  3. Enter your password into the Enter new password and Re-enter password fields.

    tbird_sec_change_password

  4. Click the OK button to close the Change Master Password dialog box.
  5. If you want to see the passwords that you have saved in Thunderbird, click the Saved Passwords button. This will open the Saved Passwords dialog box.

    tbird_show_pwd_1

  6. To see the passwords, click the Show Passwords button.

    tbird_show_pwd_2


  7. Click the Close button to close Saved Passwords dialog box.
  8. Click the OK button to close the Options/Preferences dialog box.

Configure how Thunderbird deals with cookies from blogs, news feeds, and web sites.

  1. In the Preferences/Options dialog box, click Security and then click the Web Content tab.

    tbird_sec_webcontent

  2. If you want Thunderbird to accept cookies, select the check box labeled Accept cookies from sites. To reject cookies from sites, deselect this check box.
  3. If you want to accept cookies from only certain site sites, select the check box labeled Accept cookies from sites and click the Exceptions button to open the Exceptions - Cookies dialog box.

    Privacy_exceptions_cookies

  4. In the Address of web site field, type the URL of the Web site whose cookies you want to accept. Then click the Allow button.
  5. To accept cookies for the current session, click the Allow for Session button. These cookies will be deleted when you quit Thunderbird.
  6. Repeat step 5 for every Web site that you want to add.
  7. Click the Close to close the Exceptions - Cookies dialog box.
  8. Click the OK button to close the Options/Preferences dialog box.

Configuring Account Security Settings

You can specify security settings for individual email accounts and for Thunderbird's local folders In the Thunderbird Account Settings window. You can configure:

  • Connection security.
  • Adaptive junk mail controls.
  • Digital signatures and encryption certificates. 

Opening the Thunderbird Account Settings window

There are two ways to access the Account Settings window. Note that settings configured in the Account Settings window apply only to the account that you select in the Folders pane. You must configure local folders separately.

  1. In the Folders pane right-click on an account name and select Settings.

    account_settings.png

  2. In Windows or Mac go to the Tools menu and select Account Settings. In Linux, go to the Edit menu and select Account Settings.

Configuring connection security

Before you can configure connection security, you'll need to get some security information from your email provider. You can find this information in the help or support sections of your email provider's web site, or by contacting technical support.

  1. To set connection security for incoming email, select an account and enter the security information for your email provider. Click OK to save it.

    tbird_incoming_sec

  2. To set connection security for outgoing email, click Outgoing Server (SMTP) and select an account. Then, click the Edit button.

    tbird_outgoing_sec_1

  3. Enter the security information for your email provider and click the OK button to save it.

    tbird_outgoing_sec_2

Configure adaptive junk mail controls.

  1. To set adaptive junk mail controls for a specific account, pick an account and click Junk Settings.

    tbird_junk_settings

  2. To turn on the controls, select the check box labeled Enable adaptive junk mail controls for this account. To turn them off, deselect this check box.
  3. If you want the controls to ignore mail from senders in your Address Book, select the check boxes next to any of the listed address books.
  4. To use a mail filter such as SpamAssassin or SpamPal, select the check box labelled Trust junk mail headers sent by and pick a filter from the menu.
  5. Select the check box labeled Move new junk messages to if you want to move junk mail to a specified folder. Then select the destination folder to be either at your email provider or a local folder on your computer.
  6. Select the Automatically delete junk mail other 14 days check box to have Thunderbird regularly remove junk mail. To change the time period for this process, enter a different number (in days) in the text box.
  7. Click OK to save your changes.

Configure digital signatures and encryption certificates

  1. To configure digital signatures and encryption certificates for a specific account, pick an account and click Security.

    tbird_sig_cert_settings

  2. Enter your digital signing certificates and encryption certificates.
  3. Click OK to save your changes.
If you're interested in learning more about digital certificates and Thunderbird, you can find detailed information here: http://kb.mozillazine.org/Message_security.