Privacy basics - Thunderbird: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
m (Got rid of some of the 1.5 specific text since the reference to global options was causing confusion)
(added Advanced section, reworded several paragraphs)
Line 1: Line 1:
By default, Thunderbird blocks remote images and other content in messages from people you don't know. This protects your privacy because spammers can use remote content to detect if and when you've viewed a message from them, and thus to verify your e-mail address.'''
By default, Thunderbird blocks remote images and other content in messages from people you don't know. This protects your privacy because spammers can verify your email address by detecting if you viewed a remote image in a message from them. Its also possible to embed an executable (malware) in images.  


When you receive a message with remote images, Thunderbird will display an alert stating that remote images have been blocked, and the images in the message body will be replaced with simple place-holders ([http://kb.mozillazine.org/images/Tbird15_blockedimages.png screenshot]). If you do want to view the remote images—for example, if you subscribe to an e-mail newsletter that regularly includes remote images—all you need to do is click the "Show Images"  or "Load Images" button that appears to the right of the alert message.  
When you receive a message with remote images, Thunderbird will display an alert stating that remote images have been blocked, and the images in the message body will be replaced with simple place-holders ([http://kb.mozillazine.org/images/Tbird15_blockedimages.png screenshot]). If you do want to view the remote images—for example, if you subscribe to an e-mail newsletter that regularly includes remote images—all you need to do is click the "Show Images"  or "Load Images" button that appears to the right of the alert message.  


Thunderbird 1.5 defaulted to loading remote images from people who are in your Personal Address Book. Thunderbird 2.0 and later versions blocks all remote images by default.  You can display remote images when reading a message by clicking on "Click here to always load remote images from ..." in the e-mail message, as shown below:<br>
Thunderbird 1.5 defaulted to loading remote images from people who are in your Personal Address Book. Thunderbird 2.0 and later versions blocks all remote images by default.  You can display remote images whenever reading a message from a person by clicking on "Click here to always load remote images from ..." in the e-mail message, as shown below:<br>


[[Image:Tbird Remote Images.png]]<br>  
[[Image:Tbird Remote Images.png]]<br>  
Line 11: Line 11:
You might want to create a images address book and select it instead of the personal address book if its for a newsletter to which you can't reply.
You might want to create a images address book and select it instead of the personal address book if its for a newsletter to which you can't reply.


Another more dangerous choice is to just display all images from any sender.  You can change this setting by opening the [[About:config_entries|Config editor]] and toggling the preference,  ''mailnews.message_display.disable_remote_image''  to "false",  but this is not recommended since it will allow loading of all remote images and spammers will be able to verify your e-mail address, as mentioned earlier. 
==Advanced==


Although it can only be modified from the about:config editor (select "Options -> Advanced -> Config Editor ), the preference, ''mail.trusteddomains'' will allow you to specify entire email domains from which to automatically display remote images.  Note that there are obvious security implications in using this, unless you can guarantee that forged email that appears to come from the trusted domain will never reach your inbox. The format for this key is as follows:
Its possible to display all images from any sender, though its not recommended since malware can be embedded in images, and spammers will be able to verify your e-mail address. If you want to do this use the [[About:config_entries|Config editor]] to toggle the preference ''mailnews.message_display.disable_remote_image'' to "false"


Wildcards are '''not''' allowed. (I.E.: *.mozilla.com is not allowed).<br>Subdomains are '''not''' allowed. (I.E.: forums.mozilla.com is not allowed).<br> Multiple Domains '''are''' allowed. (I.E.: mozilla.com,mozilla.org). Note that the separator is a comma, and that there are no spaces.
A better alternative would be to use the [[About:config_entries|Config editor]] to create a 'mail.trusteddomains' setting that specifies what e-mail domains it should automatically display remote images for. This is much easier than having to specify each email address, but you're taking the risk that you won't get any messages with a spoofed From: header in one of those domains. The setting contains a list of domains separated by commas, with no wild cards, white space or subdomains allowed.  
 
For example:
 
:''mozillazine.org'' is okay
 
:''mozilla.com,mozilla.org'' is okay
 
:''*.mozilla.com'' is invalid 
 
:''mozilla.com, mozilla.org'' is invalid
 
:''forums.mozillazine.org'' is invalid


==See also==
==See also==

Revision as of 23:06, 7 September 2010

By default, Thunderbird blocks remote images and other content in messages from people you don't know. This protects your privacy because spammers can verify your email address by detecting if you viewed a remote image in a message from them. Its also possible to embed an executable (malware) in images.

When you receive a message with remote images, Thunderbird will display an alert stating that remote images have been blocked, and the images in the message body will be replaced with simple place-holders (screenshot). If you do want to view the remote images—for example, if you subscribe to an e-mail newsletter that regularly includes remote images—all you need to do is click the "Show Images" or "Load Images" button that appears to the right of the alert message.

Thunderbird 1.5 defaulted to loading remote images from people who are in your Personal Address Book. Thunderbird 2.0 and later versions blocks all remote images by default. You can display remote images whenever reading a message from a person by clicking on "Click here to always load remote images from ..." in the e-mail message, as shown below:


Doing this adds an entry to the address book that has the "Allow remote images in HTML mail" option checked for the specific sender. You can also change this option for an address book entry by going into the address book, looking at the properties for an entry, and selecting/deselecting the "Allow remote images in HTML mail" option. Unfortunately, you can only do this for one address book entry at a time.

You might want to create a images address book and select it instead of the personal address book if its for a newsletter to which you can't reply.

Advanced

Its possible to display all images from any sender, though its not recommended since malware can be embedded in images, and spammers will be able to verify your e-mail address. If you want to do this use the Config editor to toggle the preference mailnews.message_display.disable_remote_image to "false"

A better alternative would be to use the Config editor to create a 'mail.trusteddomains' setting that specifies what e-mail domains it should automatically display remote images for. This is much easier than having to specify each email address, but you're taking the risk that you won't get any messages with a spoofed From: header in one of those domains. The setting contains a list of domains separated by commas, with no wild cards, white space or subdomains allowed.

For example:

mozillazine.org is okay
mozilla.com,mozilla.org is okay
*.mozilla.com is invalid
mozilla.com, mozilla.org is invalid
forums.mozillazine.org is invalid

See also