NOT Sending Signature Verification and Public Key Attachments
The latest version of Thunderbird does not seem to have a way to turn off automatic sending of public key and digital signature even when sending *unencrypted* messages. (Prior to 2020, I'm informed there was a way to uncheck "sign all outgoing messages" which I think might have addressed this).
Now letting everyone know my public key would be desirable, except bone-headed email systems -- such as Yahoo Mail -- seem to be more likely to consign my emails to the spam bin with these attachments to spam as being considered suspicious!
How can I have OpenPGP keys installed on an email account, set to not encrypt new messages, and NOT automatically send public key and signature attachments?
Perhaps I should mention that I am using the latest Thunderbird on Windows 11, via Proton Bridge, through the extremely infuriating Proton Mail service.
Thanks, Michael
すべての返信 (7)
Why would you have OpenPGP keys installed in Thunderbird for an account where the Proton Mail Bridge is handling the encryption/signing of your messages? You may ask in a Proton support forum.
Christ1 -- I am aware that Proton Bridge handles encryption between my laptop and the Proton servers. I am also aware that end to end encryption exists for emails between Proton users.
Most of the people I email with are not on Proton Mail.
So I need to have OpenPGP for end to end encryption with non-Proton accounts.
Since the OpenPGP keys are installed in Thunderbird, I believe this remains a Thunderbird question.
Thanks, Michael
Most of the people I email with are not on Proton Mail. So I need to have OpenPGP for end to end encryption with non-Proton accounts.
So then this is about a different email account not running via the Proton? I don't know much about Proton, but I'd assume you cannot use both, OpenPGP built into Thunderbird, and Proton with the same email account?
I am using a Proton email account with a custom domain utilizing a Thunderbird email client via Proton Bridge.
In early testing, use of OpenPGP keys with a tech-savvy non-Proton user seems to be working.
So apparently both can be used together.
So the question stands as to whether or not Thunderbird can stop automatically broadcasting public key and signature attachments. This otherwise great thing is a problem because some email systems (Yahoo) seem to treat the attachments as suspicious and toss my emails in the Spam Folder.
-- Michael
So the question stands as to whether or not Thunderbird can stop automatically broadcasting public key and signature attachments.
Both can be turned on or off in Account Settings - End-To-End Encryption - Advanced settings In addition the default can be overwritten on a per message basis. It certainly works fine here. Therefore I suspect the problem to be with Proton. But as said before, I don't really understand how the Proton Mail Bridge works.
christ1 -- Not surprisingly, you are right.
So I went into Proton mail settings in their web interface. I have the same OpenPGP encryption keys imported there for the same email accounts as in Thunderbird. While I had the advanced settings under End-to-End-Encryption in Thunderbird set to NOT send public key and signature verification with every email, I *DID* have them set to send with every email in the Proton online settings. Turned this off in Proton -- problem gone.
So --initial problem solved.
For anyone else trying to figure out how to deal with Thunderbird and Proton when it comes to OpenPGP settings:
1) For encrypted emails between two Proton accounts in the same Thunderbird client on the same laptop: DOES NOT WORK. Let Proton use its own security and do not also engage OpenPGP encryption. (This would not happen in the wild, but does happen when I'm trying to do testing!)
2) For encrypted emails between a non-Proton account and a Proton account in the same Thunderbird client on the same computer: ALSO DOES NOT WORK. Of course this does not exist in real life -- it just has also made my testing a living hell.
3) For encrypted emails between a Gmail account (online in Web interface) and a Proton account (in Thunderbird): WORKS PERFECTLY! So -- for this scenario -- Proton and Proton Bridge do not mess-up OpenPGP functioning. Please note that once the public keys for the Gmail account have been imported and accepted into Thunderbird's OpenPGP Key Manager, there is no indication when opening the message from the Gmail account in the Proton account (in Thunderbird) that the email arrived encrypted.
I will need to test two additional situations out later:
4) Two Proton accounts in two different Thunderbird clients on two different laptops. (This is stupid as there is no need to do this given Proton built-in security, but why not see?)
5) A non-proton account and a Proton account -- each in two different Thunderbird clients on two different laptops. (This one does matter and could happen in real life.)
Please note that creating the OpenPGP keys in Thunderbird Open PGP Manager and then trying to import them into Proton (web interface) does NOT work. Instead, the OpenPGP keys have to be created in Proton's web interface, and then imported into Thunderbird.
More later.
Thanks, Michael
Testing: 5) A non-proton account and a Proton account -- each in two different Thunderbird clients on two different laptops. (This one does matter and could happen in real life.)
I set up a Yahoo Mail account on a Thunderbird client on a Linux Mint machine.
I continued to use a Proton account on Thunderbird via Proton Bridge on a Windows 11 machine.
After sending public key of the Yahoo account to the Proton account, I then initiated an encrypted discussion.
It seems to sort of work... The messages when arriving in the Proton account in Thunderbird indicate that the message is signed but NOT encrypted (it WAS sent encrypted). I speculate without evidence that maybe Proton Bridge confuses Thunderbird about this??
When I reply back from the Proton account to the Yahoo account (both in Thunderbird on different machines) the message indicates it is both signed and encrypted, however the following error message always happens:
"The is an OpenPGP message that was apparently corrupted by MS-Exchange. If the message contents isn't shown as expected, you can try an automatic repair"
The repair button has worked both times I've tried it and I can then see the repaired encrypted message.
So... Works I guess?
I'm a little leery of trying this outside of testing on anything that matters.
-- Michael