Thunderbird Community Forum

I've finished setting up the S/MIME encryption in Thunderbird, and imported all the certificates needed. When people with the certificates emailed me, I could receive and read all the emails. However, when I replied to the same people, I got the error message saying 'End-to-end encryption requires resolving cerficiate issues'. My colleagues imported the same certificates without any issues. Do you have any suggestions for me to solve the issue? Thank you very much!

Hi, I have three email adresses installed on Thunderbird. All have Junk folders I see on screen. But while two addresses sow junk files one is all the time empty. But this address on mail app on iPadAir displays yhe lot od junk messages in the same time. All settings for the three adresses on Thunderbird are he same. My PC is Win 11 64-bit Desktop HP Pavilion. Icon for bad junk folder is a little bit different than the icons 1 Version of Thunderbird is 28.6.0esr (64-bit)

I've long blocked remote images in my Thunderbird messages, and I have pretty good spam filtering at both server and app level, but when spam gets through it's invariably of the "image only" type. That is, an image with the product/scam/junk text and stuff all within the graphic.

Even though I have the Reading & Display setting of "View attachments inline" NOT checked, and the Files & Attachment settings for content type of JPEG Image and PNG Image (and everything else) all set to "Always Ask" –  STILL the images are shown to me when I select the spam message for deletion.

I can't be the only one getting image-based spam, so I'm a bit surprised that I can't find a solution to simply not display image attachments. I do still want to see the original HTML (many emails are a mess in plaintext only), but is there no means to keep the formatting but simply not load & show images?

Again - this is not about REMOTE images, rather image attachments.

Thx if anyone has some input

Wir können wir die Verschlüsselung einer Nachricht aktivieren? Diese ist bei uns durchgestrichen und lässt sich nicht auswählen. Da wir oftmals Befunde verschicken müssen und den Datenschutz nicht verletzten wollen, würde wir gerne die Option der verschlüsselten Nachricht nutzen wollen. Bitte um Hilfe diesbezüglich, danke.

I have set a Primary Password in Thunderbird, but when it requests it, pressing cancel for some times bypass the request and I can login without any problem

I'm on Linux Mint 21.3 Cinnamon

today I received an email from the thunderbird Newsletter team advising me of a data breach relating to MailChimp. It came on a unique disposable address only used for Thunderbird matters. Everything about it checks out as genuine and the various clickable links are the same as those I received on my original subscription email, but when I tried to use the "change my preferences" link (which again links to the genuine site, I got to a site which said it would send a verification email to my email address h t t p s:/ /thunderbird.us12.list-manage.com/profile/send-email (obfuscated for forum) . No such email arrives. There are NO ways I can see of contacting anyone on the newsletter team. I am trying to change the address used to send the newsletter to me, but am unable to do so as the verification email never arrives. Two questions - is this "important notice about your thunderbird newsletter subscription" genuine, and secondly - how do I update my preferences if I never get the verification email and can't otherwise contact the newsletter team? Thanks for any assistance, I can't see any other way of contacting the team.

Unable to receive new emails sending works fine. Receiving emails works with no security but do not wish to continue with this mode. No errors for ssl/tls, just doesn't receive emails. I tried switching to oAuth2 but no go either. Version: 128.10.2esr. This started on the 21st of May.

Junk button on main page is grayed out. I right click on junk emails and use the button at the top of the menu to mark them as junk but I keep getting mail from the same senders.

Microsoft Outlook Client emails are legally valid in a court of law, but Thunderbird emails are not. Can we start taking baby steps towards making Thunderbird emails a little more viable in legal applications?

While I do not understand these things in the depth required, can we start taking baby steps towards achieving legal validity of emails downloaded from Thunderbird?

I am presenting below a conversation that I had with chat GPT regarding this matter for the help of anyone who wishes to take this up.

Chat GPT:

QUESTION 1: 1. As per my limited knowledge, Outlook client emails are legally valid because the header cannot be edited. This however, is not true of Thunderbird emails. Do I understand correctly? 2. What are the challenges in making Thunderbird header not user editable, so that Thunderbird emails also have the same benefit?

Chat GPT: Your question touches on email authenticity and legal validity—especially in regulated or evidence-sensitive contexts. Let's break it down:

Is it true that Outlook headers are immutable and Thunderbird’s are not?

Partially True — but needs clarification.

Email headers in both Outlook and Thunderbird

Can be viewed by recipients, but cannot be edited after the email has been sent. Only during composition can certain headers (like `From`, `Reply-To`) be changed, depending on the setup.

What you cannot change post-sending:

After an email is sent (from any client), the core SMTP headers (`Date`, `From`, `Message-ID`, etc.) are locked. These are generated by the sending server and cryptographically traceable via server logs or DKIM.

Outlook’s extra layer:

Outlook integrates closely with Microsoft Exchange, which stores server-side logs, message tracking, and non-editable audit trails (e.g., via journaling). That’s what gives Outlook/Exchange emails more evidentiary credibility, not just the client itself. In contrast, Thunderbird usually connects via standard IMAP/SMTP, without server-side logging, unless used with a corporate mail server like Postfix + Dovecot + journaling.

In Summary: Table Feature Outlook (w/ Exchange) Thunderbird Headers editable during composition Yes (some fields) Yes (same) Headers editable after sending No No Built-in server-side logging Yes (Exchange) No (unless configured) Strong evidentiary trail Common in enterprise Requires external setup

What are the challenges in making Thunderbird headers non-editable during composition?

The challenge lies not in technical impossibility, but in the design philosophy of Thunderbird:

a. Open Source & User Control

Thunderbird is open source, so users can customize or even extend the client to manipulate headers (via extensions or config changes). This is powerful for advanced users, but not ideal in regulated or high-trust environments.

b. Lack of Server-Side Enforcement

Thunderbird relies on whatever SMTP/IMAP servers it connects to. Unless the server enforces policies (like DKIM signing, DMARC, or header filtering), client settings are only soft limits.

c. Missing Native Audit Features

Outlook/Exchange logs metadata like when a message was sent, delivered, read, etc. Thunderbird lacks that unless paired with enterprise-grade backends. How Could Thunderbird Improve Legal Trustworthiness?

1. Header Locking During Composition

  	Disable or grey out fields like `From`, `Date`, `Message-ID`.
  	Possible via extension, but not enforced by default.

2. Enforced Server-Side Signing (e.g., DKIM)

  	Ensure outgoing mail is cryptographically signed to verify integrity.
  	Requires a properly configured mail server, not just Thunderbird.

3. Journaling or BCC Archiving

  	Auto-BCC all sent mail to a tamper-proof archival system.
  	Thunderbird can do this via rules or server configuration.

4. Extension or Mode for “Forensic Compliance”

  	Custom Thunderbird modes that restrict editing headers, disable extensions, log actions, etc.

Final Thoughts

You're correct in understanding that Thunderbird offers less baked-in legal reliability than Outlook + Exchange. But this isn’t due to insecure design—rather, it's due to Thunderbird’s flexibility and lack of tight server integration. Thunderbird can be made trustworthy with the right server configuration (DKIM, archiving) and possibly some custom add-ons.

If you’re looking to build or propose a “forensic-grade” Thunderbird environment, I can help design one with proper technical constraints and audit trails. Let me know!

QUESTION 2: My legal Counsel has told me that emails downloaded from the Gmail server into the outlook client are legally valid. So even without Microsoft Exchange and all the other server side logging, Outlook emails are legally viable. Chat GPT

Yes — your legal counsel is broadly correct, and here’s the nuanced explanation:

Emails Downloaded via Outlook (from Gmail) Can Be Legally Valid

Even without Microsoft Exchange, emails downloaded into Outlook (say via IMAP or POP from Gmail) can still be legally viable evidence, because:

1. Outlook stores email in a tamper-evident format

Outlook saves emails in `.pst` or `.ost` files. These files have a structured, proprietary binary format that is hard to tamper with without detection. Courts often accept these files (with chain of custody) as original records.

2. Outlook preserves server headers

Even when connected to Gmail, Outlook does not modify or fake headers. It shows server-signed headers (like `Message-ID`, `Date`, etc.) exactly as received. These headers can be verified independently against:

Gmail’s “Show Original” → raw headers DKIM/DMARC authentication

3. Integrity from Gmail itself

Gmail assigns unique `Message-ID`s and signs outgoing mail with DKIM. DKIM proves the message has not been tampered with since it left Google’s servers. So even if Outlook is the client, the source of trust is Gmail + DKIM, not just the software.

In Legal Contexts

4. What courts typically require is:

 A copy of the original message as received (headers intact)
 Some form of chain of custody (who had access, how was it stored)
 Optionally, confirmation from the mail server logs (if challenged)
 Outlook is often used in corporate/legal environments because:

It does not let users easily forge full headers The data format is harder to manipulate Legal teams and forensic experts are familiar with `.pst` files

So even without Exchange, emails received and stored in Outlook are trusted, provided:

The full headers are intact The `.pst` or `.ost` file has not been tampered with

5. How This Differs from Thunderbird

Thunderbird also preserves headers and stores messages locally — but: Table: Aspect Outlook Thunderbird Storage format `.pst`/`.ost` (proprietary) `.mbox` or plain text Header immutability Enforced by format Editable via text file (with effort) Forensic familiarity High (in legal circles) Moderate Tamper-evidence Strong (binary format) Weak (editable with text editors)

So Thunderbird messages can technically be altered more easily after download, especially if stored in `.mbox` or `.eml` formats. That’s why they are viewed with more caution in legal settings.

Conclusion

Yes — emails downloaded into Outlook, even from Gmail, are generally accepted as legally valid, provided the headers are intact and the file has not been manipulated. Outlook's storage format and market reputation contribute to its legal trustworthiness — even without Exchange.

If you want to achieve similar legal credibility with Thunderbird, the focus should be on:

Enforcing DKIM-signing (from Gmail, already done) Locking down `.eml` or `.mbox` file access Possibly archiving in tamper-evident formats

Let me know if you’d like a workflow to export Thunderbird emails into a legally robust format similar to `.pst`.

I tried to open settings because I need to change account passwords. As soon as I open settings Thunderbird crashes after showing the settings page for half a second. Latest Thunderbird version under latest windows 11 version. Anyone else has this problem? Restarting the PC (miracle cure for problems under windows) did not solve the problem. Anyone else has this? Anyone knows a solution?

I cannot access my accounts passwords, so the problem is rather worrisome and urgent.

I ask a person to send me a signed email so that i can send them an encrypted email. How is this process supposed to work in thunderbird? I receive a signed email, what next? Clearly, thunderbird sees the signature but does not add the public key to the contact. This is in contradiction with [page] that states: The standard way of distributing a person's certificate is to send a digitally signed email. If you have received a signed email from your correspondent, click the email to view it. If Thunderbird considers the email's signature and the sender's certificate valid, it will automatically be imported and available when you attempt to encrypt an email to that correspondent using the S/MIME technology. If you don't have a signed email from your correspondent yet, you could ask them to send a digitally signed email to you.

Note that certificates issued by CAs may have a short validity period. Certificates are no longer usable after the validity period has expired. In that case your correspondent will have to obtain a new certificate. Once that happened they will be able to send you a new digitally signed email with a valid certificate.

Organizations that operate an LDAP server may configure their server to store S/MIME certificates. If an LDAP server is configured, Thunderbird may automatically query the LDAP server if it needs to obtain a S/MIME certificate.

To review the list of S/MIME certificates that you already have, you can use Thunderbird's Certificate Manager.

The certificate shows that it is valid, yet, clicking reply gives "key issues" which shows no key available. Similarly, if I sign an email with pgp key and send it, thunderbird sees that it is signed but tells me that i need to obtain public pgp key. So it seems that signatures and encryption are completely unusable.

A few days ago my Thunderbird client was downloading messages. I could not see the email that was to be downloaded next. However, a notice appeared, apparently from a hacker that was ending the next email. It was asking me to let it override some information that allowed me to get messages. Then a popup from Thunderbird displayed. It said no decent public site would ask to override anything. So I clicked CANCEL. This happened repeatedly. I kept clicking CANCEL. But no emails downloaded, only the message. Then I got help from the Dell tech support that I paid for when buying the computer. It has always been very effective fixing problems, even if they were not with the computer itself. They could not fix the problem. I can see and answer my emails on Primus webmail. Now. no more emails download in the Thunderbird client after. So apparently some setting has been overridden. I got in touch with Primus, and they told me what to reset the port to, but nothing has been downloaded. I am able to send emails from the Thunderbird client. They told me that the server connection (IMAP) was the same port for send and receive. When I click Get Messages in the Thunderbird client, it says something like Checking server availability. But no new emails download. I have read this from Thunderbird:

"To manually configure an account, you will need to have the following details which can be supplied by your email provider. incoming mail server and port (for example, "pop.example.com" and port 110 or "imap.example.com" and port 143) outgoing mail server and port (for example, "smtp.example.com" and port 25) security setting for the connection with the server (for example, "STARTTLS" or "SSL/TLS" and whether or not to use secure authentication) First, open the Account Settings: In the Thunderbird menu bar, click the ToolsEdit menu and select Account Settings, or click the Application menu button and select OptionsPreferences and Account Settings from the sub-menu." I have tried all this to no avail.

What can I do to get email to download to the Thunderbird client? Can I uninstall the Thunderbird and reinstall without disturbing my Webmail? I would be happy for any help you can give me! Thanks!

Greetings. I'm using Thunderbird with SendGrid. I have three accounts I'm trying to send mail through. SendGrid uses a username of "apikey" and a long key as the password. I read the instructions here: https://support.mozilla.org/en-US/questions/1495483 which seems to suggest this is possible. I've set up accounts for each of the three and they all work as long as I don't save the password. When I save the password the smtp saved password is saved for whichever one I'm using. I can't seem to save all three. If I save one and then move to the next account, the old password is used.

Can anyone confirm if this is possible? And if so can I get some suggestions about what I may be doing wrong?

I've read several of the threads that suggest that most people go wrong when they select the smtp server. I have followed the directions to select from the Outgoing Server list at the bottom of the left pane. Each copy of the smtp server has a unique description. I suspect its because the username is the same for each one. Which is required by SendGrid. Thanks!

Thunderbird wants verificationfrom gmail but there is no where i can click locked in page have to ctrl>alt>delete to get out. No where to click on continue. I think the page is too big and aI cant see the next or accept or any other button. Can't use thunderbird to send or to see address or anything else

Thanks for your help

Stu

Hello

I've been setting up Thunderbird on MacOS. I was adding few Gmail accounts. Every account was using 2FA so I had to enter new verification code each time. When I was adding 3rd or 4th account and was entering Google verification code into the form it suggested one of the codes I used before. Codes had same first two numbers so I guess I know why this form suggested one of the old codes but where does Thunderbird store these codes? I've deleted search history and cache in Thunderbird and attempted adding another gmail account but this time when I was asked for 2FA code I started with older verification codes and this form remembered all of them. Is there a way to remove them? Where does Thunderbird store these codes?

Thanks for any suggestions

I am getting an annoying popup stating that Dan.Hromada@citizensforfreespeech.org is asking for my Google password....this email account is not associated at all with Google or Gmail. It's hosted on the organization's server. Please see the screenshot of the pop-up.

Thank you, Dan Hromada

Tools>options>privacy & security>Passwords. Click 'show passwords' brings up the saved passwords in a separate box. Need ability to resize the box (and colums within the box). The columns are too small to see the entire contents of a column. Using TB 138.0