Thunderbird is feature-rich and extensible, so hardening should cover account security, extensions, and content policies.
¶ Account and Auth Security
- Enforce TLS with strict certificate validation.
- Prefer OAuth2/app-password auth methods over primary account passwords.
- Enable MFA at the mail provider side.
¶ Extension and Update Hygiene
- Install extensions from trusted sources only.
- Remove unused add-ons and review extension permissions.
- Keep Thunderbird updated for security fixes.
¶ Content and Privacy Controls
- Disable remote content auto-loading in emails.
- Enable phishing/scam detection features.
- Use OpenPGP for sensitive communication where policy requires.