All Products Community Forum

It recently came to my attention that Gmail is using my (and others) emails to train their AI to provide "overviews" for email threads. I didn't find that in any of the recent Agreement changes so feel safe is stating Alphabet/Google never obtained my permission for this training. I'm not a fan of the far-flung use of AI and the mounting examples of how horrendously Google AI performs hasn't done anything to relieve my concerns.

I began a search for a better, reliable email client and there is a depressing shortage of them that fulfill the average email users' needs. Thunderbird looks pretty good but reading through the Help section, Community Forum questions and just general articles hasn't clarified a couple of questions I have.

1. Is Thunderbird a comprehensive email client, independent of other clients, or does it provide service by partnering with another client?

2. Does Thunderbird utilize AI for any purpose that requires the "review" and storage of individual users' emails?

Many thanks, MarilynB

2019 MacBook Pro

For about the past 10 days or so Tbird has been presenting me with a request for my user name and password for, i am assuming, inclusion as an added account. They want

The problem is that in have no idea who caldav is or where they got my link to Tbird. My concern is that this may well be malicious. They want me to authenticate with username and password. What user name and what password?

Does anyone in the forum know what this is all about and how i can get them permanently excluded? With all the fake / criminal challenges on the net these days, i am very nervous (77 years old).

Any help would be really appreciated. Thank you

Assuming that I don´t want any Google server to track me what could I click in the attached? It's a nice feature but as it is not clear what the last three options do a bit of a guess.

I have received an email from what looks like Mozilla, it says that there has been a massive data breach and my details were compromised. I'm checking to verify if this is correct.

One of my email friend's email has been hacked into. I had a request by him to send some money through Amazon, I fell for it. I found out that his identity had been clone from a Facebook friend.

Happily, I got a refund from Amazon, but has my email been compromised or hacked into also?

Any help would be appreciated,

i was about to add another account to TB and checked for cves first and saw this:  CVE-2025-11715

Ubunut is affected by it but there is no way to update my installed version to a stable release in the ubuntu software centre. I dont have the technical ability to know how to install directly from the website. Is it possible to know if people unable to update have been affected by the CVE and what to do if upgrades are not possible?

Thanks

Im new to thunderbird. Even though I have created a main password I find that I suddenly I can open the application and view accounts and even security info, without putting it in anyway. I press cancel and the application opens and I can see accounts.

I havent saved the password anywhere so its not automatically being filled in. Is this just for offline access? How can I tell if my accounts are secured and what my  offline/ online status is when using thunderbird?

Hallo,

(new information at the end)

in an effort to understand why one s/mime signed message I received could not be verified by Thunderbird (140.3.0esr (64-bit) on Ubuntu 24.04.3 LTS) (error 1041, "unknown problems with this digital signature"), but by all other clients I and others could check (including cli tools openssl, cmsutil), I did a few tests using my own certificate (using rsaEncryption, SHA256).

Inital observation: Messages signed with "openssl smime -sign -in msg.txt -to <email> -from <my-email> -subject test -signer mycert.pem -inkey mykey.pem -out signed.eml" and opened in Thunderbird showed error 1041. Any modifiers like -crlfeol, -text, -binary, ... did not make a difference.

Omitting signed attributes (-noattr) however helped. The signature was verified.

Further investigations now showed that the reason for that is a mismatch of the signing time in the signed attributes block with the RFC 5322 date in the header (or a missing date, which is the reason, the openssl smime output is rejected). If there is no match, Thunderbird shows a 1041 error (unknown problems with the signature).

However, I'm wondering whether such a test a reasonable. The standards don’t instruct MUAs to compare signingTime to the RFC 5322 Date. Flagging a mismatch is not required by spec and in my opinion adds little to no security value. The RFC date header can be easily modified and the signing time is openly readable.

Does anyone knows why it has been decided to test that?

Mozilla Thunderbird Email wants to access your Google Account

This will allow Mozilla Thunderbird Email to:

Read, compose, send, and permanently delete all your email from Gmail

See, edit, download, and permanently delete your contacts

See, edit, share, and permanently delete all the calendars you can access using Google Calendar

Mzila Fire Fox that has me perplexed. There is a line that reads, In part….. https://accounts.google.com/signin/oauth/legacy/consent? uthuser=0&part=AJi8hAO27SA1jp0smbnYjSww31z06r6NnelkFAEXAX1pRgQq_2fkoC2lI-Rs0mf3jYCnMSdoG2Gr9V6XDkmWlQydzTYpDy4U-OREnYRGiXK0wIrp32BEL1sC1QyzBm-ZzUFPi6sQw3DCq7hh-HL7ZEAw9QDzw22rmwU7DPjP1nMpdWenxE6fE4LwyjUnAobeE3RPLIWik4O3f5U4lSI1Hwj0AiWBCsLD-

I just had another credit card get fraudulent charges. I have no clue how they are getting my card numbers, I have pulled all but 1 from anywhere online, but they just got another one. I couldn't get Mozilla VPN to work it just quit working at all. I turned Pocket off but I'm still getting 17 to 18 instances of Firefox. Dont know where to go now. Thinking of pulling the plug and starting over.

I am looking for a way to protect specific e-mails from being viewed from the list of e-mails, i.e. when the laptop has shut down due to inactivity and someone else opens it again and the Thunderbird window is still open. Albeit the TB password, once in the programme all e-mails are easy to view. Critical, individual e-mails could be protectes. I can do that when using a web browser for the mail provider (instead of the TB software) with a plugin Mailvelope (which unfortunately will discontinue soon). What programms could I use instead? this is NOT about end-to-end encryption, but individual protection of mails, e.g. with a password (or key) shared with the addressee alone. Any ideas or suggestions? thanks Robert

I have a problem with thunderbird. I can't fetch the certificate in my account settings, it seems it's not security approved. Normally when I type "fetch certificate" a window pops up asking me to confirm a security exception, but this function no longer works on thunderbird. Is there another way I can confirm the security exception?

So I keep getting this pop-up message from Norton, "Not seeing new emails in your email app?" Everything seems to work appropriately in Thunderbird. I'm getting new emails as I always have. The problem is as long as Thunderbird is open Norton keeps popping this stupid thing up every 10 or so minutes. Has anyone had this? Have you found a way to get Norton to realize everything is fine and stop popping up? It's like playing a game of wack a mole all day.