How To Make Thunderbird More Secure

Martin Brinkmann
Jan 21, 2012
Email, Thunderbird
|
13

I have been a user of the desktop email client Mozilla Thunderbird for the past five or so years. In that time, I have modified the default settings and behavior of the client to make it more secure against attacks and other malicious activities and issues. This guide acts as an overview of what I have done in those years. Please note that while it makes your email client securer, it does not make the program invincible. Common sense is still one of the most powerful weapons in a computer user's arsenal.

I also have to say at this point that I'm not including add-ons in this guide. This guide only looks at the native options that Thunderbird offers. The majority of changes should also be applicable in other email programs.

1. Disable HTML messages

I get it. HTML messages look nicer. You can do all kinds of things with HTML messages that you cannot do with plain text messages. Plain text messages on the other hand only display textual contents and nothing else, which reduces the likelihood of exploits.

message body as plain text

You find the setting under View > Message Body As > Plain Text.

2. Disable JavaScript

The developers have removed JavaScript in Thunderbird 3 for emails completely. There is no option to enable JavaScript for emails. JavaScript for RSS feeds is enabled on the other hand. Thunderbird users who do not use RSS or do not want JavaScript in their feeds can disable it the following way. Click on Tools > Options > Advanced tab > Config Editor to open the advanced configuration window.

Filter for the term JavaScript and double-click JavaScript.enabled to set it to false if it is set to true.

javascript enabled false

3. Use SSL

You should furthermore make sure that all of your email accounts use SSL connections to protect against snooping and eavesdropping. Click on Tools > Account settings, and there on the Server Settings listing underneath each email account.

connection security

Check the help pages or contact support if None is selected under Connection Security. You also need to click on Outgoing Server (SMTP) at the bottom of the listing to see if all outgoing servers are also using SSL for connections.

outgoing servers

4. E-Mail Scams

Go to Tools > Options > Security > E-Mail Scams and make sure that Tell me if the message I'm reading is a suspected email scam is enabled. This basically checks back if the email is a known scam email and warns you if it is.

thunderbird email scam

5. Master Password

If you are working on a multi-user PC or want to protect your email passwords from unauthorized access, you should consider setting a master password in the email client for that purpose. Anyone with access to the PC can look at all email usernames and passwords if they are not protected with a master password.

Click on Tools > Options > Security, and check the Use a master password box there to enable the option. You are then asked to enter a password which from that moment on will protect the password database from unauthorized access.

master password

Thunderbird displays a form on start up that asks for that master password. The password quality meter visualizes the strength of the selected password.

6. Disable the preview pane

Thunderbird uses a layout with three panes by default. Email accounts and folders on the left, the email messages on the upper right, and the preview pane at the bottom right.

Email previews are automatically displayed when you select a message in the email client. You may want to disable that feature as it may be used for malicious purposes. Please note that this is unlikely, especially if you have disabled HTML messages and JavaScript.

The easiest way to disable the message preview pane is to press the F8 key on the keyboard. You can re-enable the pane easily with another tap on the same key.

7. Display All Headers

Email headers help you find out if an email is legit or fake. Thunderbird displays a compact version by default which cannot be used to verify an email address. You can enable full email headers with a click on View > Headers > All.

Please note that Thunderbird limits the space available for email headers on its page. You can scroll the page by holding down the left mouse button and moving the scroll wheel up or down.

Closing Words

Add-ons can furthermore improve security but that's outside of the scope of this guide. Let me know if you are interested in a list of security related add-ons for the Thunderbird email client.

Have additional tips you'd like to share? Let me know in the comments.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. JMGG said on January 19, 2012 at 8:25 am
    Reply

    You said that Outlook isn’t your main email client, so which is your main one?

    1. BalaC said on January 19, 2012 at 9:42 am
      Reply

      I think its thunderbird

    2. Martin Brinkmann said on January 19, 2012 at 10:15 am
      Reply

      It is Mozilla Thunderbird.

  2. Salaam said on September 24, 2012 at 9:52 pm
    Reply

    Awesome! This actually solved my problem… what a stupid bug.

  3. Claud said on December 19, 2012 at 2:08 am
    Reply

    If this is the same bug that I’ve encountered, there may be another fix: (1) hover over open Outlook item in Taskbar, cursor up to hover over Outlook window item, and right-click; (2) this should give you Restore / Move / Size / Minimize / Maximize — choose Move or Size; (3) use your cursor keys, going arbitrarily N/S/E/W, to try to move or size the Outlook window back into view. Basically, the app behaves as though it were open in a 0x0 window, or at a location that’s offscreen, and this will frequently work to resize and/or move the window. Don’t forget to close while resized/moved, so that Outlook remembers the size/position for next time.

    1. Lynda said on February 12, 2013 at 3:37 pm
      Reply

      THANK YOU Claude!!! I could get the main window to launch but could not get any other message window to show on the desktop. You are my hero!!!!

    2. Chad said on November 20, 2018 at 4:24 pm
      Reply

      Solved my issue! 6 years later and this is still problem…

    3. Ivan X said on January 21, 2021 at 4:50 pm
      Reply

      Fantastic. Thank you. Size did the trick.

  4. Andrew said on October 26, 2013 at 7:06 am
    Reply

    This solved my Outlook problem, too. Thank you. :)

  5. Charles said on December 7, 2013 at 7:23 pm
    Reply

    Thank you so much, this started happening to me today and was causing big problems. You are a life saver, I hope I can help you in some way some day.

  6. garth said on November 7, 2014 at 7:13 pm
    Reply

    You are a god – thank you!

  7. Faisal said on February 9, 2015 at 10:09 am
    Reply

    thanks a lot…. work like charm.. :-)

  8. Simon said on March 24, 2015 at 11:36 pm
    Reply

    Yah…thanks Claude. I’ve been having the same problem and tried all the suggestions…your solution was the answer. It had resized itself to a 0/0 box. Cheers

  9. Olu said on April 14, 2015 at 1:35 pm
    Reply

    Excellent post. This had me baffled even trying to accurately describe the problem. This fixed it for me.
    Thank you

  10. Coenig said on July 23, 2015 at 7:36 am
    Reply

    Thanks a lot for the article. Don’t know why it happenend, don’t know how it got fixed, but it was really annoying and now it works :-)

  11. Fali said on January 20, 2016 at 4:19 pm
    Reply

    Thanks a lot. I was facing this issue from past 3 week. I tried everything but no resolution. The issue was happening intermittently and mainly when I was changing the display of screen ( as i use 2 monitors). The only option i had was to do system restore. But thanks to you.

    1. MIki said on January 10, 2019 at 11:54 am
      Reply

      I’ve been tried to sole this problem for 12hours. Your comment about changing the display of screen helped me a lot!! Thanks!!

  12. Christina said on January 20, 2016 at 6:14 pm
    Reply

    Thank you…don’t know why this happened but your instructions helped me fix it. Running Windows 10 and office pro 2007

  13. Oz said on July 22, 2016 at 3:20 pm
    Reply

    Great tip! Thanks!

  14. Tracy said on September 1, 2016 at 4:48 pm
    Reply

    Worked for me, too – thank you!!!

  15. shawn said on September 9, 2016 at 10:25 am
    Reply

    It’s Worked for me, too
    thank you very much!

  16. Jari said on October 31, 2016 at 11:53 am
    Reply

    I had a similar issue with Outlook 2013 on Windows 10 and this helped me to fix it. Thank you very much!

  17. Michel H said on November 30, 2016 at 11:08 pm
    Reply

    Thank you so much. Solved!
    Considering you published this in 2012, incredible not been debugged by Microsoft.
    Thank you again. M

  18. Ziad Bitar said on January 9, 2017 at 2:00 am
    Reply

    This problem was faced by only one user logging to TS 2008 r2 using outlook 2010.The issue was resolved.

    Thanks.

  19. Anonymous said on February 15, 2017 at 5:24 pm
    Reply

    Great tip. Thank you!!!! If it helps, I had to use the Control Key and the arrow keys at the same time to bring my window back into view. Worked like a charm.

  20. Rochelle said on March 6, 2017 at 11:59 am
    Reply

    Thank you, this worked !!!!

  21. anom1234 said on May 20, 2018 at 11:20 pm
    Reply

    Man, you are a fucking god. Thanks a lot, what an annoying bug!!

  22. JC said on October 12, 2020 at 2:14 pm
    Reply

    Awesome, this post solved the issue. Many thanks!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.