mleak is a small Thunderbird add-on that turns every incoming mail into a short forensic readout. It parses the headers (and a few body markers) and shows you what the sender is actually disclosing: their mail client, the server stack they’re on (Gmail / Microsoft 365 / iCloud / on-prem), the M365 tenant and datacenter if present, the relay chain in Received:, DKIM domain and selector, and the Authentication-Results verdicts. Useful for OSINT, phishing triage, or just understanding where your mail comes from.
It runs entirely on your machine. No network calls, no telemetry, no remote parsing service. You can view the result in a popup or have it shown inline above the message body.
Links
- GitHub: https://github.com/c0decave/mleak
- Latest release: https://github.com/c0decave/mleak/releases/tag/0.6.16
- Thunderbird Add-ons (ATN): listed — search for
mleakon https://addons.thunderbird.net/ - Sister projects:
mleak-counter(outbound stripping) · mleak-files (attachment metadata)
Build
- Version: 0.6.16 (2026-05-11)
- File:
mleak-0.6.16.xpi - SHA-256:
bf84251d2ad479319a1cb37ab564460eeb6d888df8901a98d60a983d2945d0b9 - License: MPL-2.0 · Thunderbird 115+
- Contact:
mlux@undisclose.de