Thunderbird and Enigmail

I have been trying to use Thunderbird since the security benefits that come from it are a lot (I think), and while it has taken me a bit to get used to the UI and all its features, I think it’s pretty cool.

I have some doubts, too. First of all, which protocol should I choose? I picked POP3 but maybe SMTP or IAMP are better? What’s the difference?
I know you can’t log out, but how do I use it for other accounts? Is there a way to password protect the whole software? Because if there is anything downloaded there, even if someone needs my e-mail password to keep receiving, sending or etc, they can see what’s currently on my inbox.

Also, would someone be so kind of helping me with how to use Enigmail? I would like to send one and see if I’m
doing it right, you have to use your real e-mail.


i’m using gpa with my webpage email, lol

I mean c’mon ppl why you guys use email clients if there option to go to webpage ?

AFAIK e-mail clients are much safer since you don’t need JavaScript and there isn’t a way in which malicious scripts can be run, or not in the same way at least.

1 Like

I think it’s just matter of opinion. POP3 stores emails locally instead of the server, so you may prefer it for privacy reasons, while IMAP leaves them on the server and may be easier when you use multiple devices.

SMTP is for sending email.

You can enable master password, similar to Firefox, from settings, but that doesn’t protect them on your disc. If you use a shared system, you may want to look into encrypting your home directory assuming you trust the other users. I recently tried these instructions:

The advantages of encrypting just home directory are disputed as you cannot know if there is sensitive material outside of it e.g. in swap or logs.

I would need more accurate question. It has a setup wizad and there is also

My name at myname dot info or you can find it from my PGP key. Any of the email addresses should work (non-GMail ones even have WKD so automatic encryption when you type my address to the recepient box), but I will be responding from the one I named.


  • I am teaching myself to not use webmail.
  • I receive a lot of PGP signed emails from mailing lists, <distrution> security announcements, NCSC-FI mailing lists…
  • I can tell the mail client to only send plaintext emails while at least GMail (todo: migrate away) wants to sneakly enable HTML emails.
  • I can view plaintext or simplified html in the email client.
  • Email client can be less annoying in bad network conditions.
  • I want to benefit from WKD, autocrypt etc.
  • I want to sign all emails I send.

You literally trusting someone’s else server to run your emails i can easily hijack you at anyway i want. its like i’m who build this thing i can do anything i want because i know what i built. I just mean i not need JS to hack you


and i can switch to plaintext too (if im remember right) so for me webmail is more good :stuck_out_tongue:

So you copy-paste PGP/inline everywhere (rather than have Enigmail/<client> do it, or better, PGP/MIME) for you and confuse the people you are in contact with?

By the way I have been lazy with my email, so sorry if I have missed anything, feel free to poke me here or in private message or anything if there is something, I am thinking of attempting to go through it after having a shower in a few hours.

Thanks, I guess I’ll go with POP3 then.

But master passwords does make it impossible for someone sharing my device from seeing them? I think I’ll go with this, I don’t think I want to encrypt my home directory.

Well, I simply don’t understand how it works, do I have to give you my public key first? How do I activate Enigmail? Do I select Write->Enigmail->Encrypt and that’s it?

I’m going to read the manual, thanks!

So it would I don’t know what to do with the .asc file. I’m really stupid, sorry. :disappointed_relieved: :sob:

I am not certain on it’s security, but I think it blocks casual observer from opening Thunderbird, while on disk the emails are probably not encrypted.

I need your public key to verify your signatures and encrypt emails to you. It doesn’t matter whether I receive it directly from you or from or similar, while I should get your fingerprint directly from you to know it’s yours. E.g. mine is 69FF 455A 869F 9031 A691 E0F1 9939 2F62 BAE3 0723.

I would beginb from Enigmail -> Setup wizard (or guided install or something, it’s Ohjattu asennus for me) from the main window of Thunderbird, press and hold Alt to get the menu bar visible if you have it hidden. But to encrypt emails, that is the method as long as you have the key and it should fetch one automatically as you type as the recepient.

What I would do is gpg --fetch-keys but I hope double clicking it would open it in something like Seahorse or Kleopatra and import the key.

No, usability is one of the things that OpenPGP gets criticised for and most of people aren’t going to bother so they will just use Signal or something similar instead. (Signing or verifying Signal keys or similar? I ranted about it at Discussion: GnuPG | File Encryption).

Hi, what was the situation with this, did you ever get it working?

Best practice IMO - advantage of using sanboxed environment (in case of good browsers) and MFA as an option.