Tails includes Thunderbird for:

  • Reading and writing emails

  • Reading RSS and Atom feeds for news and blogs

To start Thunderbird choose Applications ▸ Internet ▸ Thunderbird.

To store your emails, feeds, and settings across different working sessions, turn on the Thunderbird Email Client feature of the Persistent Storage.

For more documentation, visit the official Thunderbird Support website.

Configuring an email account

  1. When starting Thunderbird for the first time, an assistant appears to guide you through the process of configuring Thunderbird to access your email account.

    To start this assistant again in the future from the main window of Thunderbird, choose Menu ▸ Account Settings and then, from the Account Settings dialog, choose Account Actions ▸ Add Mail Account….

  2. Enter your name, email address, and password into the corresponding fields.

  3. Click Continue.

  4. The assistant tries to configure automatically the correct settings to connect to your email provider based on your email address.

    If the automatic configuration fails, consult your email provider about how to configure your email account manually.

  5. If the automatic configuration succeeds, you might have to specify which protocol to use to connect to your email provider, either IMAP or POP.

    • With IMAP, Thunderbird constantly synchronizes with the server and displays the emails and folders that are currently stored on the server. IMAP is better suited if you access your emails from different operating systems.

    • With POP, Thunderbird downloads the emails that are in the inbox on the server and possibly deletes them from the server. POP is better suited if you access your emails from Tails only and store them in the Persistent Storage.

    To know more, see also this comparison between POP and IMAP by Riseup.

Gmail

You can use your Gmail account with Thunderbird in Tails.

  1. Make sure that you have 2-Step Verification turned on in your Gmail account.

    See Google Account Help: 2-Step Verification.

  2. Configure the new account as IMAP when Thunderbird asks you to choose between POP and IMAP.

Enhanced privacy

Thunderbird in Tails is configured for additional privacy and anonymity.

For example, Thunderbird in Tails:

  • Removes information about the language of your session or spellchecker from the headers of the emails that you send.

  • Removes information that could identify you as a Tails user from the headers of your emails.

  • Only allows secure protocols and disables insecure protocols, like SSLv3.

  • Disables tracking technologies, like cookies and JavaScript, when viewing emails or feeds in HTML.

Emails and feeds in HTML format are displayed in plain text by default and can become harder to read.

These enhancements are inherited from the former TorBirdy extension.

Using Thunderbird in your language

To use Thunderbird in another language, you can install the thunderbird-l10n-lang package using the Additional Software feature. Replace lang with the code for your language. For example, vi for Vietnamese.

Tails already includes language packages for Arabic, German, Spanish, Farsi, French, Hindi, Bahasa Indonesia, Italian, Portuguese, Russian, Turkish, and Simplified Chinese.

List of available Thunderbird language packages

OpenPGP encryption

Since Tails 4.13 (November 2020), Thunderbird 78 replaces the Enigmail extension with built-in support for OpenPGP encryption. If you used Enigmail before Tails 4.13, follow our migration instructions.

See also the official OpenPGP in Thunderbird - HOWTO and FAQ.

Setting up a Primary Password (recommended)

In Thunderbird, OpenPGP private keys are not protected by a passphrase. That's why we recommend that you set up a Primary Password.

With a Primary Password, your private key is encrypted in your Thunderbird profile and is only unlocked while Thunderbird is running. If your Thunderbird profile is stored in your Persistent Storage, then your private key is encrypted twice: once by Thunderbird in your profile and a second time by the encryption of the Persistent Storage.

  1. Choose Menu ▸ Settings.

  2. Choose Privacy & Security.

  3. In the Passwords section, select the option Use a Primary Password.

  4. In the Primary Password dialog, enter your Primary Password and click OK.

Importing an existing private key

Thunderbird uses a different keyring than GnuPG.

If you already have an OpenPGP private key outside of Thunderbird, follow the instructions below to export it from GnuPG and import it into Thunderbird.

Export your private key using Kleopatra

From the desktop:

  1. Choose Applications ▸ Accessories ▸ Kleopatra.

  2. Select the private key that you want to migrate to Thunderbird.

  3. Choose File ▸ Backup Secret Keys… and save this private key to your Home directory.

  4. Close Kleopatra.

Import your private key in Thunderbird

In Thunderbird:

  1. Choose Menu ▸ Account Settings.

  2. In the left pane, identify the account that corresponds to the private key that you want to import and choose End-to-End Encryption.

  3. In the right pane, click the Add Key… button.

  4. In the Add a Personal OpenPGP Key dialog, choose Import an existing OpenPGP Key and click Continue.

  5. Click the Select File to Import… button and choose the private key that your exported from Kleopatra.

  6. In the next dialog, make sure that your private key is listed and that the option Treat this key as a Personal Key is selected.

  7. Click Continue, enter the passphrase for your private key (if any), and click Continue again.

    Your private key should now be listed in the End-to-End Encryption settings of your account.

  8. Select your private key to enable OpenPGP encryption for this account.

Generating a new OpenPGP private key

  1. Choose Menu ▸ Account Settings.

  2. In the left pane, identify the account for which you want to create a new OpenPGP private key and choose End-to-End Encryption.

  3. In the right pane, click the Add Key… button.

  4. In the Add a Personal OpenPGP Key dialog, choose Create a new OpenPGP Key.

  5. Review the settings in the next dialog, click the Generate key button, and then click Confirm.

    Your private key should now be listed in the End-to-End Encryption settings of your account.

Encrypting an email

To prevent you from sending unencrypted emails by mistake, Thunderbird in Tails is configured with the option Enable encryption for new messages turned on by default in the account settings.

When composing an email:

  • If the Encrypt toggle button is on, Thunderbird will encrypt the email before sending.

    Thunderbird warns you if you miss the key of some of the recipients or if you still have to accept some of their keys.

    Choose Security ▸ Key Assistant to see the keys of the receipts and solve any issue.

  • To send an unencrypted email, turn off the Encrypt toggle button.