Firefox.com is owned by Mozilla corporation. Thunderbird.net is owned by the Thunderbird project / Mzla technologies GeoTrust is an Audited encryption certificate purveyor with a huge web presence that is a subsidiary of DigiCert, a larger certificate and PKI company.

If you have software identifying either an malware sites or some other imagined bad sites then I suggest you get rid of it. This is course unless you suspect Thunderbird or Mozilla of nefarious intentions in which case you probably want to remove their products and use another mail client and browser.

Why does Thunderbird try and connect to the web? Because significant part off it are web pages. That is why there are so many external preferences loaded in the defaults.

Another response on this site states https://support.mozilla.org/en-US/questions/1251590 detectportal.firefox.com is used to detect captive portals on public wifi networks to be able to redirect you to their logon screen, so you don't just get page loading errors in firefox (set network.captive-portal-service.enabled to false in about:config in order to disable that feature). Thunderbird ises the Fireofx code base and will be doing the same of web pages.

I would guess without trying that status.geostruct.com is an attempt to verify the legitimacy of a geotrust SSL/TLS certificate issued by probably your mail server as Thunderbird.net uses lets encrypt and Firefox uses Amazon. I assume your connections are encrypted. Probably prompted by the setting Query OSCP responder servers to confirm the current validity of certificates.

I clicked the link you posted to thunderbird-settings.thunderbird.net which gave me a link to https://docs.kinto-storage.org/en/stable/overview.html where I read

At Mozilla, Kinto is used in Firefox for global synchronization of frequently changed settings like blocklists, experimentation, A/B testing, list of search engines, or delivering extra assets like fonts or hyphenation dictionaries./blockquote> Given Thunderbird is built on the Mozilla platform, I think we have an answer. All I can say is in this day and age, software calls home extensively to report telemetry, load web pages and download settings appropriate for certain actions like configuring an account. TRying to prevent that is really limiting the software ability to function as a fairly basic level. You have listed three of perhaps twice that number of sites Thunderbird will regularly connect to. On startup it will load a web page from https://live.thunderbird.net Opening the addon page will load Thunderbird.net pages as will viewing the release notes, or any of the entries on the help menu except about. Some open in a browser window, others open internally to Thunderbird. I have no idea what exact connections are made and I am not aware of any list or page that monitors them. Checking for updates is not optional, The team do not want folk using old versions of the software as it exposes them to increased security risks as each version contains security enhancements. Updates can be managed in corporate situation using group policies. Otherwise stand alone users are limited in their options options to automatic install or not.

Well, I never log in from captive portals so there is no reason it needs to connect to detectportal.firefox.com. I can see the point of status.geostruct.com, but your response about thunderbird-settings.thunderbird.net was not satisfying, because it seems it can be used for a laundry list of things, none of which are necessary for sending or receiving e-mail. I prefer that programs do what they are designed to do and nothing more. I do not want my mail client to be a web browser, I have Firefox and Chrome and Safari, so the last thing I need is another web browser.

Then you say "All I can say is in this day and age, software calls home extensively to report telemetry, load web pages..." and I really hate it when software does this and doesn't give you the ability to turn it off. In Firefox, at least, you are given the ability to disable this telemetry. But your response makes it seem as if Thunderbird just tries to sneak it in, and gives users no choice in disabling it.

And then you said, "Checking for updates is not optional, The team do not want folk using old versions of the software as it exposes them to increased security risks as each version contains security enhancements." Do you not realize how dripping of arrogance this response is? But the funny part is that every day, including just now as I was typing this, I get a popup that complains that "Thunderbird is unable to update to the latest version. Download a fresh copy of Thunderbird and we'll help you to install it." And I have to click "Not Now" to make that notification go away. If that's happening because I'm blocking thunderbird-settings.thunderbird.net then oh well, maybe they should give users more choices and not have them making a connection that exposes them to who know what, just to get updates. Personally I don't like to be among the first to get an update when a new major version comes out, particularly because I am using a Mac version and I have found that the Mac versions of cross-platform software are not always tested fully, and I don't want to risk losing all my old email or not being able to receive email because of some change that has been made, or a bug that's not yet been addressed.

But what really got me was this paragraph in your response: "If you have software identifying either an malware sites or some other imagined bad sites then I suggest you get rid of it. This is course unless you suspect Thunderbird or Mozilla of nefarious intentions in which case you probably want to remove their products and use another mail client and browser." First of all, I suspect ANY software that makes unknown connections to places it doesn't need to go to in order to perform its primary purpose of nefarious intentions - if Thunderbird or Mozilla doesn't want people to suspect that, they need to be more transparent about why they are connecting to various sites, and also give users the ability to opt out of telemetry and other things they may not want. Firefox is much better about this but Thunderbird still seems to be attempting the "let's sneak this in and hope users don't notice" approach. As for removing Thunderbird and using something else, the one and only reason I switched to it in the first place is because it supports oAuth authentication to Gmail. which I needed because Google stopped supporting "insecure" logins and Apple Mail doesn't support oAuth. But also I have been slowly trying to get away from using Apple products because the day may come when I switch to a Linux desktop, because every new version of MacOS seems a little less functional than the previous versions.

But when someone starts asking questions that potentially have security implications and the response is that maybe you should use some other product, that makes me waaay more suspicious. Now I am starting to understand why Thunderbird has relatively few users and why even the major Linux platforms are switching to alternatives. At this point in time I am not aware of any other cross-platform mail product that supports oAuth, but this response has given me some motivation to begin searching for one.

Honestly I am not at all happy with this response, first of all because it doesn't fully explain the purpose of the connection to thunderbird-settings.thunderbird.net, but as much as it does explain it, it makes me realize that blocking connections to that site is probably a good idea until Mozilla become more transparent about this and gives users the option to not send data that they don't want to send. But also, as a relatively new user of Thunderbird (less than a month), I did not expect this type of rather condescending response, especially given that Mozilla has been around a while and should understand by now that some users have concerns about security, particularly when it comes to their emails. I don't need nor want software that "phones home" and send I don't know what data about my system, but if that's the only software that works for the intended purpose (which, again, is reading and responding to email) then my only other option is to block those connections that don't further that purpose. My only suggestions are that Thunderbird gives users options similar to Firefox, where the sending of telemetry and similar data can be blocked in the preferences, and that Thunderbird use a separate site address for updates only so that people can block all that other stuff and still have the option to receive Thunderbird updates.