Two new tools just landed in the Tools section:
-
mleak — a Thunderbird add-on that reads each incoming mail and shows you what the sender is actually disclosing: MUA fingerprint, server stack (Gmail / M365 / iCloud / on-prem), M365 tenant + datacenter, relay path, DKIM,
Authentication-Results. Local-only, no telemetry. Useful for OSINT, phishing triage, or just understanding where your mail comes from. -
mleak-files — the attachment companion. Peels open PDFs, OOXML (
docx/xlsx/pptx), OpenDocument and images, and shows the metadata they were trying to ship: real author names, organisations, editing tools, timestamps, macro hints, EXIF/XMP and sometimes GPS coordinates. Same posture as mleak — no network, no upload, everything stays on your machine.
Both are MPL-2.0, both ship on Thunderbird 115+, both have SHA-256 sums on their tool pages so you can verify the XPI before installing.
Coming next: OnionBird
And there’s a third one in the pipeline — OnionBird, a Thunderbird add-on that routes IMAP/SMTP through Tor and aggressively strips the headers historically used to deanonymise senders. Think of it as what TorBirdy should have grown up to be: actively maintained, working on current Thunderbird (128+ / 140 ESR), with a continuous SOCKS5-RESOLVE-vs-system-DNS leak canary that blocks sends if anything looks off.
Currently late-alpha, dropping here in the next few days. Stay tuned.
~ stay happy and read your metadata