There is another setting available in Thunderbird that you can configure to help protect your privacy and security: Return Receipt settings. You can also choose to digitally sign and encrypt your mail for an extra layer of protection, or use certificates and security devices. This section provides some other avenues to explore to get maximum protection.
Return Receipt Settings (Tools | Options | Advanced)
It is probably a good idea to configure your settings so that Thunderbird prompts you when you receive a request for a return receipt. That way, you will prevent spammers from even knowing that your account exists. (I do not recommend checking the "Always Send" box in this areaeither "Ask me" or "Never send" are better choices to protect your privacy.) Figure 11-5 shows one way you can configure your settings.
Figure 11-5. A good way to configure your Return Receipts options for maximum protection.
It is important that you have an anti-virus program installed on your computer. A number of anti-virus programs are compatible with Thunderbird. See the sidebar for some tips on programs that play well with Thunderbird.
Signing and Encrypting Your Email
Signing and encrypting your email are simple but effective ways to maintain your privacy while ensuring that no one is masquerading as you online.
Digitally Signing Your Email
Signing your mail is a good thing, especially because it is often difficult to discern by looking at the email header who actually sent the mail. If more people began signing their mail, spam would probably be nipped in the bud considerably because it would be possible to configure Thunderbird to not accept mail from unsigned senders.
By using specialized cryptographic techniques such as S/MIME, you can actually include a signature that lets you stamp your outgoing messages with a signature that proves you are the person who sent the mail. For a good overview of how to use digital signing, go to http://www.cs.washington.edu/lab/services/email/EmailSigningHowTo/.
Encrypting Your Email
Encrypting your email adds an extra layer of security beyond a digital signature because the encrypted email appears as garbage data unless the recipient has the key necessary to decrypt the information. If you want to take a deeper dive into learning about how to encrypt your mail in Thunderbird, a tutorial available at http://www.uk-dave.com/tutorials/misc/enigmail.shtml explains how to encrypt your email with Thunderbird, Enigmail, and GnuPG. Enigmail is an extension that allows you to encrypt/sign sent mail, as well as decrypt/authenticate incoming mail. Go to http://enigmail.mozdev.org/ to learn more about this program and how it can help you with encryption.
The certificate and security device management procedures are the same in Thunderbird as they are in Firefox. See Appendix F, "Security, Certificates, and Validation," for more information about using certificates and security devices.