Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Sort mail based on valid PGP signatures

mozthrilla
New member
‎22-08-2025 12:40 PM
Status: New idea

I've been sprooking this idea for some time. But it always seems to have fallen on deaf ears. In my travels recently I even bumped into an old thread from the enigmail mailing list. Having discussed this very concept... for 20 years.

The crux of which is. If in the event of an email which is unsigned or has an invalid signature. Thunderbird could simply redirect that mail to a different folder. i.e. "Unsolicited". People would still automatically know where to look for their password reset emails. Wisely sent, in plaintext; by every company in the world.

Thus It would be highly effective in blocking spam email, while not adversely effecting anything else. In due course all the other convoluted and largely ineffective spam mitigation strategies could probably be deprecated.

It pains me to point out that the future of Thunderbird. Is inherently tied to the future of E-Mail as a usable form of communication. I suspect the great exodus of people who moved away from email as a form of daily communication. Very likely is attributable to email spam. But now peoples phones are absolutely swamped with scam calls and texts. If we have a method to deal with the situation properly. I really think we will quite probably win a lot of people back. 🙂

Most importantly, and highly relevant to the current situation regarding the provision of government ID. Just to use essentially any service on the internet. PGP by FAR provides the better option vis-à-vis proving identity. Without providing my drivers license to foreign corporate entities. Which have dis-earned my trust definitively.

See more ideas labeled with:
Comment
4 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager
‎25-08-2025 10:00 AM
‎25-08-2025 10:00 AM

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

MozMike
Making moves
‎27-08-2025 10:09 PM
‎27-08-2025 10:09 PM

Firstly, nothing happens until we pause and acknowledge how great of a username you have there.  

MozMike
Making moves
‎27-08-2025 10:37 PM
‎27-08-2025 10:37 PM

Hey MozThrilla, 

First of all thank you for sharing this. Your comment made me pause for a moment so I could really think about this and look up some statistics so I can give you a proper reply.  I think that the appeal is obvious, yeah?: inbox equals trusted, everything else equals “Unsolicited.” It is clean, simple, and would honestly be a great system that solved a lot of headaches if the ecosystem were ready for it.

Now we get to the 'but', which is the big challenge of adoption. Today, only about 1 in every ~1,500 (napkin math) emails we see is actually signed with PGP or S/MIME. That means if Thunderbird were to enforce this by default, something like 99.[math] percent of legitimate mail,  like newsletters, invoices, receipts, and even password resets (sans Plain Text) would get directed into the “Unsolicited” bucket. That would be a pretty rough user experience for the average user, which is most people.

That said, the spirit of what you are proposing is super valuable. One way to look at this could be through an optional “Trusted Inbox”: a view or folder where only signed and verified messages appear for users who want that extra level of assurance. Something like that could let power users experiment with the model you are describing - while the broader user base continues to benefit from more traditional and widely compatible spam filtering strategies.

The goal here is making email a safer and more trusted medium for communication. We have to remember that bad actors love to play the cat-and-mouse game and spammers can (and will) adapt quickly. Your idea really illustrate well, the gap between the future we would like to live in and the messy reality of adoption. These are exactly the kind of conversations I like to give a full, thoughtful reply to. 

TL;DR:  Simple and clever solution, perhaps for power-users to enable and explore 

MozMike
Making moves
‎28-08-2025 02:19 AM
‎28-08-2025 02:19 AM

Hey I was playing around and you can actually implement this concept in TB yourself today, right out of the box. Because Tb is kinda awesome and our message filters are pretty robust, they let you do cool things like build rules based on PGP status. For example, you can, hypothetically set up a filter to:

  • Look for a header: X-Enigmail-Status

  • Match a value: no signature or invalid

  • Perform an action: Move to folder “Unsolicited”

That gives you the exact workflow you were describing without waiting on a core feature. Ping if you need any help getting it set up. Happy hacking.

Also, I took screenshots and forgot I cannot upload them here. 

Copyright © 2025 Khoros, LLC