- How-To Booklet
- 1. How to protect your computer from malware and hackers
- 2. How to protect your information from physical threats
- 3. How to create and maintain secure passwords
- 4. How to protect the sensitive files on your computer
- 5. How to recover from information loss
- 6. How to destroy sensitive information
- 7. How to keep your Internet communication private
- 8. How to remain anonymous and bypass censorship on the Internet
- Glossary
- Hands-On Guides
- avast! - anti-virus
- Spybot - anti-spyware
- Comodo Firewall
- KeePass - secure password storage
- TrueCrypt - secure file storage
- Cobian Backup
- Recuva - file recovery
- Eraser - secure file removal
- CCleaner - secure file deletion and work session wiping
- Riseup - secure email service
- Pidgin - secure instant messaging
- VaultletSuite - secure email client
- Thunderbird - secure email client
- Firefox - secure Web browser
- Tor - anonymity and circumvention
- Portable Security
Security Settings
Submitted by admin on Fri, 11/21/2008 - 00:31
Security in Thunderbird generally refers to protecting your computer from malicious email messages. Some of them may just be spam, others may contain viruses and spyware. There are several options that need to be switched on and configured in Thunderbird in order to strengthen its security. It is crucial that you also have anti-malware and firewall software installed.
Please refer to How-to Booklet chapter 1. Protecting your Computer from Viruses, Malware and Hackers for more information about tools such as Avast, Comodo Firewall and Spybot.
3.1 How to Disable the Preview Pane in Thunderbird
The standard Thunderbird console is divided into three areas: The left side displays the different folders for your email accounts, the right side shows a list of received messages, and the bottom pane displays a preview of the selected email message. The preview comes up automatically as soon as a message has been selected. If that email contains any malicious code, then this message pane could activate it. To avoid this, you should disable this option by performing the following step:
Step 1. Select View > Layout and click the Message Pane option to disable it as follows:
Figure 29: Disabling the Message Pane
The Message Pane will disappear, and you must double-click an email message to read its contents. If an email message looks suspicious (perhaps because it has an unexpected or irrelevant subject title or an unknown sender) you now have the option of deleting it without having to preview its content.
3.2 How to Disable the HTML Feature in Thunderbird
Thunderbird has the ability to create and display email using the same language that is used for web pages, HyperText Markup Language (HTML). This lets you send and receive messages that include images, fonts, colours and other formatting features. If you leave HTML formatting enabled in Thunderbird however, malicious emails can expose you to some of the same threats posed by web pages.
To disable HTML formatting feature, perform the following steps:
Select View > Message Body As > Plain Text as follows:
Figure 30: Disabling the HTML option
3.3 How to Set Privacy Options
Thunderbird has a special settings screen in which the majority of the privacy and security options are configured.
Step 1. Select Tools > Options
Step 2. Click: 
Figure 31: The Thunderbird Privacy Settings window
Step 3. Check the relevant options in the Junk tab as shown in Figure 31 if you want Thunderbird to delete email that you have determined to be junk mail. Additional junk mail settings are described later on in this section.
Step 4. Click the Email Scams tab.
Email scams, also referred to as phishing emails, usually try to make you click on a link that is embedded within the email. Frequently, this link directs your browser to a web site that will attempt to infect your computer with a virus. In other cases, the link will take you to a website that appears to be legitimate, in the hopes that you will enter a valid username and password, which can then be used or sold by the person or people that created the malicious site. Thunderbird can help to identify and warn you about emails like this. Additional tools that can help prevent infection from malicious websites are described in the Other Useful Mozilla Add-Ons section of the Firefox chapter.
Step 5. Check the Tell me if the message I'm reading is a suspected email scam option to enable this feature as follows:
Figure 32: The E-mail Scams tab
Step 6. Click the Anti-Virus tab.
This option lets your anti-virus software scan and isolate individual messages as they arrive. Without this setting enabled, it is possible that your entire Inbox folder could be 'quarantined' if you receive an infected message. Obviously, this assumes that you have a functioning anti-virus program installed. Please refer to Avast guide for more information on how to install and configure anti-virus software.
Step 7. Check the Allow anti-virus clients to quarantine individual incoming messages option to enable it as follows:
Figure 33: The Anti-Virus tab
Step 8. Click the Passwords tab.
Every email account that is registered in Thunderbird requires a password to send and receive email. If you have several accounts, repeatedly entering the same passwords can become an annoying task. You can configure Thunderbird to remember these passwords for you; after that, all you will need is to set a Master Password that will encrypt and protect the other passwords.
Step 9. Check the Use a master password to encrypt stored passwords option to enable it as follows:
Figure 34: The Passwords tab
Step 10. Click: 
Step 11. Enter your Master Password twice in the text fields as follows:
Figure 35: The Change Master Password screen
Step 12. Click: 
to return to the Options window.
Step 13. Click: to return to the Thunderbird main console.
Now you can set Thunderbird to save your email account passwords. The next time you see a window prompting you for your password, enter that password, and then check the Use Password Manager to remember this password option as follows:
Figure 36: The Mail Server Password Required screen
You will then be prompted to enter your master password.
Step 14. Enter your master password and click OK as follows:
Figure 37: The Master Password screen
Now your email account password is encrypted and stored in Thunderbird and you do not need to enter it again. You will be prompted for your master password each time Thunderbird starts up. This feature is very useful if you have more than one email account in Thunderbird.
3.4 How to Enable the Junk Mail Filters
Thunderbird has two built-in junk mail filters that can attempt to determine which of your incoming messages are 'spam.' By default, these filters are disabled, so you must change the necessary settings if you wish to use them. Even when they are enabled, you will continue to receive junk mail, but Thunderbird will automatically sort them into the Junk folder.
Step 1. Select Tools > Account Settings
Step 2. Select the Junk Settings option in the sidebar
Step 3. Check all four options as follows:
Figure 38: The Thunderbird Junk Settings screen
Step 4. Select the SpamAssassin option after Trust junk mail headers set by: as shown in Figure 38.
RiseUp's email servers flag junk mail with SpamAssassin headers, so this setting will be helpful if you are using Thunderbird with a RiseUp account. If you are using Gmail however, it will have no effect.
Printer-friendly version
PDF version