Mozilla Connect

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

@ryanleesipes 

Title:
👉Towards the First Spam- & Phishing-free Inbox: Well-formed Only Mode

Text:
Hi Ryan, hi Thunderbird Team,

we’ve opened a Bugzilla ticket (Bug 1984618) describing a new approach called Well-formed Only Mode.
Instead of constantly chasing spam with filters and blocklists, Thunderbird could shift the paradigm:

• Step 1: accept only well-formed emails (valid headers, SPF/DKIM/DMARC alignment).

• Step 2: provide a clear quarantine folder with why a message was held.

• Step 3 (optional): add AI scoring + address book/customer match to separate legitimate senders from phishing.

• Step 4: optionally notify senders when their mail was rejected, including why (e.g. missing DKIM, From mismatch).
  → Legitimate senders can fix their systems. Spammers usually can’t.

• Step 5: offer all users a KPI Dashboard (blocked/quarantine/accepted, false positives, false negatives).
  → This should never be locked behind a paywall: transparency and trust matter more than a few dollars from a “Pro” version.
  → Visible success metrics will directly increase user satisfaction and demonstrate the real impact of Thunderbird’s security features.

The result: Thunderbird could become the first major mail client that offers a measurable, Spam- and Phishing-free inbox experience.

It’s a small implementation effort (RFC checks, UI for quarantine/feedback/dashboard) with a big user value: lower security costs, clear KPIs, transparent communication — and even a positive pressure on the global email ecosystem to improve.

We’d love to hear your thoughts — and whether this could enter the roadmap as an experimental feature flag for early adopters.

Ceterum censeo SPAM et PHISHING esse delendam. 🐷
(free after Cato the Elder – Ceterum censeo Carthaginem esse delendam)

Hi @ryan,
we’ve opened Bug 1984618 and shared an idea here on Connect: Well-formed Only Mode.

The concept:
✔ Accept only well-formed, authenticated emails (SPF/DKIM/DMARC)
✔ Quarantine + clear reasons
✔ Optional sender feedback
✔ KPI dashboard (not paywalled)
✔ Fits perfectly as an experimental feature flag for early adopters

We’d love your thoughts on whether this could enter Thunderbird’s roadmap.

„Ryan, wouldn’t it be nice if even your Bugzilla notifications never had to pass through traditional spam filters again?“ 😉

Ceterum censeo SPAM et PHISHING esse delendam.
(free after Cato the Elder)

See also https://connect.mozilla.org/t5/ideas/secure-thunderbird-out-of-the-box-add-ons-need-to-be/idi-p/4433...

@wsm 

Thank you for pointing to this related idea 🙏 – securing Thunderbird “out of the box” is indeed essential.

However, Well-formed Only Mode is not about add-ons or incremental hardening, but about a paradigm shift: instead of endlessly filtering spam, Thunderbird would only accept well-formed, authenticated emails (SPF/DKIM/DMARC). Everything else would move to a quarantine with clear reasons, optional sender feedback, and transparent KPIs.

This is less an add-on feature, more a foundation change – one that could make Thunderbird the first major email client with a truly spam- and phishing-free inbox. 🌱

Would love to hear if you see this as complementary or a separate path.

Ceterum censeo SPAM et PHISHING esse delendam.
(free after Cato the Elder)

Hi! I was mentioned on this post, but I think you may have meant to ping someone else - perhaps Ryan Sipes.

I'm not involved with Thunderbird; I'm just a random community member who happens to be named Ryan. Thanks!