DIY Encrypted Email 2: Thunderbird

DIY Encrypted Email Thunderbird GPG and Enigmail

This is the second in a multi-part series on setting up your own email encryption.  Today we will cover installing and setting up Mozilla Thunderbird.  Thunderbird is a desktop mail client that allows you to access your email from a platform other than the browser.  This is a necessary step because of the vulnerabilities inherent in internet browsers.  Thunderbird is popular (I am far from the first person to post a Thunderbird tutorial) and capable.  For our purposes it will be used to remove email (and crypto) from the browser into a more secure environment.

Thunderbird Setup

Setup Wizard:  The first step in this process is to download the application.  Once you have downloaded it, begin the installation process.  The Setup Wizard will guide your through most of this. For our purposes a standard installation (shown below) is fine.

ThunderbirdFirst Steps – Adding an Email Account:  Once you have installed Thunderbird, you will have to allow it to access your email account.  The “Set as Default” window will allow you to use Thunderbird as your default mail application.  I recommend setting it as the default.  However, be sure to uncheck “Allow Windows Search to search messages”.

ThunderbirdThe next screen will offer to let you set up a new email account.  Don’t do this.  Instead click “Skip this and use my existing email”.

ThunderbirdOn the next screen enter your name.  This is the name that will appear on your outgoing emails.  Enter your email username and password.  If you have two-step verification enabled on your Gmail account, you should create an app password for this.

ThunderbirdTo create an app password, login to your Gmail account from your browser.  I covered app passwords a couple of weeks ago.  Create a custom name (as shown below) and give it a descriptive name.

ThunderbirdAfter the app password has been displayed and you have copied it into Thunderbird, it will be displayed in your list of app passwords.

ThunderbirdThe name, username, and password entered.  Ensure that “Remember password” is checked.  This will prevent you from having to re-authenticate each time you open Thunderbird.

ThunderbirdIf you use a common provider like Gmail, Hotmail, or Yahoo! the server information will automatically populate.  By default, the radio button for IMAP will be selected.  This protocol is more accurately known as “webmail” and allows you to check your email from multiple devices.  Your emails are stored on a remote server (Gmail’s server in this case).  The other protocol, POP3 (Post Office Protocol 3), will download messages to your computer and delete them from the remote server.  This is the more secure protocol, but it means you can only check email from a single device.  You can decide for yourself which of these protocols is better for you.  Click “Done”.

ThunderbirdA popup window will appear from Gmail.  This is Gmail validating your password and two-factor token.

ThunderbirdTwo-factor token validation.

ThunderbirdAfter the username and two-factor token have been validated, Gmail will confirm that you want to allow access to your email. Click “Allow”.

ThunderbirdYour email should now be imported into Thunderbird.  If you are using a Gmail account with a lot of emails, downloading them all may take some time.  You should now be able to receive, send, and reply to emails.

ThunderbirdI will publish the second part of this series in a couple days.  In the meantime I recommend getting familiar with Thunderbird.  Before you can encrypt email you need to be familiar with the basics of sending and receiving email, so practice!

If you enjoyed this article and would like exclusive content, sign up for the Operational-Security Newsletter.

Leave a Reply