Saturday, May 21, 2016

Thunderbird

I have heard that Mozilla is deciding to scrap Thunderbird.  I hope this is not true because I have standardized on it.  Why?  Because once you pick a POP / IMAP email client you don't want to change It.  Here is why.  I have mine configured for multiple email accounts which are separate from each other.  When I encounter messages I want to save I move them into the Local Folders area.  Ergo, if Thunderbird vanishes there went my history and it is back to thrashing around finding and taming a new email program that will inevitably be worse than Thunderbird.  Why did I select Thunderbird besides these book-keeping and history reasons?

I want a POP / email client program that won't render HTML  Remember that I am coming at this from a security standpoint. Rendering HTML is a great way to open yourself up as more vulnerable to phish.  So I don't want HTML rendering except maybe on a toggle on temporarily basis.  There are times that I am sick or distracted and everybody makes mistakes.  So if the Thunderbird team changes this aspect of rendering HTML, at least make it configurable via some easily found method to turn it on or off via about:config.  I can understand a turn on temporarily for a particular message but in general it is nice to see white space.  Somehow for the vast majority of my all email messages all white means there is nothing for me to click on and invariably it is something bad.

I can already hear somebody saying to me, "Thunderbird has about:config?  Where do you type it?  Well you don't.  For me on Linux you go to Edit (Preferences may be some place else on Windows or Macintosh), then select Preferences.  Set that window's tab to General.  Then click on the Config Editor button.  Here is picture of what that will look like:





I just got a tip from my colleague in France that I know by the nom-de-plume of Airelle that this is good thing to use for taming the Locky or Ransomware I get so much of in my email box.  Locky and Ransomware is a zipped Javascript attachment in email right now and for the foreseeable future.  They normally use zip but some times they use rar and I even have one where they used gzip to zip the file.  Anyway, once you have clicked on Config Editor you will have to click affirmatively on the "I'll be careful, I promise" query.  It is always there for me because I don't go in there all that much and want to be warned I am inside where I can maybe harm myself.  Okay, so far we are okay.  Now start typing "javascript" in the Search box.  Find this item:

javascript.enabled

position the pointer over the Value which is probably set to true and right click on it and select Toggle.  That should change it to false.  Does it help?  I hope so, but I still some times see a scripting message when saving Locky zip files.  So it may not help but it doesn't hurt.  If somebody wants to tell us how to do this with other email client programs I would be grateful. This is especially true if you give it for Outlook.  It is probably the number one email client program used for POP and IMAP email.

I have also used about:config to also change these two settings for Thundebird because I am always typing "attach", "attached" and other words derived from "attach" with no intentions of using an attachment:

mail.compose.attach_reminder
mail.compose.attach_reminder_agressive

I changed both of them via Toggle from true to false.  Now, if somebody could tell me that there is some way I could use about:config to make it show me the full From address I would appreciate it.  That is about the only thing I would change on Thunderbird.  I would change it to show the full email address.  I did see that they had this one:

mail.phishing.detection.ipaddresses

I don't know what it does, but all of my Locky malware is sent from special pupose send-only SMTP servers dropped onto hacked Windows machines.  I can tell because of the X-Originating-IP line in the header that qmail thoughtfully provides.  The IP address given there never matches the A record for the MX hosts for the purported sending domain.  But what I am trying to prevent there is somebody or some bot sending you email that says just "YourBuddy" where your buddy is at "YourBuddy@TheRealDeal.org" and the message you have is supposedly from "YourBuddy@FlyByNight.org" but actually comes from a hacked machine place else.

I guess it could be worse.  At least one Microsoft Exchange SMTP server ignored the originating IP address and instead looked up the MX record for the purported sending domain (mine doesn't use my domain name in the MX record that handles it email) which was mine, and then looked up the IP address and substituted it.  How do I know?  There is no such user as dfad452xz  at my domain and thus no way of sending email from them.  But email is configured to accept email to any valid sounding user name so I have a dandy mini honey-net whether I want it or not due to how my IMSP / IWSP configured it.  After taking almost two years to educate email admins not to bounce Locky type messages to the purported from domain.  I wonder what Microsoft Exchange will do on those domains I encountered that didn't even have MX records because they were parked?

So, Mozilla. please keep Thunderbird going.  I shudder to even think of using any other email client program for email.

Thank You!