Remove a 'whitelisted' email address from showing remote content
When I receive an email from a new source I have an "Options" pull down where I can either: 1) Allow remote content from various websites 2) Allow remote content from the sender's email address.
I can see under Tools -> Preferences -> Privacy and Security -> Mail Content -> Allow remote content in messages. This is unticked, but there is also a button for "Exceptions". These contain URLs, however I cannot see any references to whitelisted email addresses, in this list,or indeed any other.
My concern was started over a spam email, which seemingly tried to send an email without notification or any evidence in my sent folder. The only reason I noticed this is from a failure message:
Sending of the message failed. An error occurred while sending mail. The mail server responded: The mail server could not deliver to *******@tqjpialcwg.com.uk ........................
It was then I noticed I could not check or edit whitelisted email addresses.
Can anyone assist?
BTW it's very difficult to find this 'form' to ask a question in the Thunderbird support forum!
All Replies (6)
It's actually worse than I thought.
I deleted all "Exceptions", confirmed there were no entries in the list and shutdown Thunderbird.
When restarting Thunderbird the list becomes populated with all the likely suspects, presumably URLs embedded within whitelisted email addresses.
You couldn't make this up!
Allowing remote content by email address is not related to outbound emails. That list is just to allow remote content coming in. That unwanted message may be related to a virus on your PC.
Despite current scans showing zero threats I keep an open mind to whether my PC is infected with a virus. I'm conscious that not all trojans are known, but email client behaviour of this kind would normally attract attention.
In general it is impossible to prove that "Allowing remote content by email address is not related to outbound emails". And I would go further to say it is foolish to make such a statement.
What I can say, is that a URL embedded in that email is:
https://aptrk11.com/?a=1920&oc=14053&c=39721&m=3&s1=
Which if you enter into:
https://www.urlvoid.com
gives a blacklist status of 4/44
A spam detection report by my hosting company says:
1.2 URIBL_ABUSE_SURBL Contains an URL listed in the ABUSE SURBL blocklist
I have lost confidence in Thunderbird, where I can not view which email addresses are whitelisted. By the way, this is one email in literally thousands I have received, that attempted to reply without my knowledge, and didn't leave any telltale presence in my sent or drafts folder.
Mike said
My concern was started over a spam email, which seemingly tried to send an email without notification or any evidence in my sent folder. The only reason I noticed this is from a failure message: Sending of the message failed. An error occurred while sending mail. The mail server responded: The mail server could not deliver to *******@tqjpialcwg.com.uk ........................
That is the calling card of backscatter. In the vast majority of cases the email did not originate with you or from your account. The existence of a delivery failure is not proof of anything other than someone in the world sent a mail purporting to be from your address. Nothing more.https://en.wikipedia.org/wiki/Backscatter_(email)
These replies also routinely arrive in their thousands, depending on the quality of the spammers mailing list
In general it is impossible to prove that "Allowing remote content by email address is not related to outbound emails".
Not really the send code really does not reach out to display anything, that is because the send code is simply about transferring the data to the recipient.
I have lost confidence in Thunderbird, where I can not view which email addresses are whitelisted.I assume this is based on this spurious assumption
These contain URLs, however I cannot see any references to whitelisted email addresses, in this list,or indeed any other.
A picture is worth a thousand words they say. My exceptions list contains lots of email addresses..
I will conclude that you are trying to conflate the actions of a spammer probably half a world away in India or the USA using your email address to send spam, with something happening in your Thunderbird install or even involving your mail provider. Almost certainly neither are involved, except for receiving the fallout of the delivery failures.
Modified
This is not backscatter.
The message was from Thunderbird in an attempt to send a message my hosting server could not find.
1) I received a message to my email address from *******@tqjpialcwg.com.uk The ********* signify a part of my email address.
2) Thunderbird then tried to send a message to *******@tqjpialcwg.com.uk from my email address. There is a nice purple curly arrow on the offending received email to add further proof it was Thunderbird that tried to send a message.
I repeat, this is not backscatter.
It seems a well kept secret that once whitelisted, you can never remove an email address from your whitelist.
If anyone can hint where this is kept that would be helpful. If in a SQLite database, then at least that will be editable.
re :1) I received a message to my email address from *******@tqjpialcwg.com.uk The ********* signify a part of my email address.
That was an email from a scammer abusing your email address.
re :2) Thunderbird then tried to send a message to *******@tqjpialcwg.com.uk from my email address. There is a nice purple curly arrow on the offending received email to add further proof it was Thunderbird that tried to send a message.
The curly purple arrow that points up and to the left signifies a 'Reply'. 'Message said' : An error occurred while sending mail. The mail server responded: The mail server could not deliver to *******@tqjpialcwg.com.uk
Is the part made bold your email address. So in effect, an attempt to send to you from you ?
At this point, even if you opened the email to view it, you are stating - you did not click on any 'Reply' buttons nor hovered the mouse over any part of the opened email. The received email - did it have any attachment or did it display an image?
Check: 'View' > 'Display attachments inline' - is this selected or not ? It is best not to have this auto selected. Only use it when you are sure of the sender and content.
I would say that it would be unlikely for your email address to be in a show remote exception list. I would doubt you would be sending emails to yourself just to see remote content.
If your email address is in one of your address books and you have set up Junk Settings to whitelist those address books, then Thunderbird should not be labeling your email address as Junk. So, I'm assuming the email arrived in the Inbox and not in the Junk/Spam folder.
re :Preferences -> Privacy and Security -> Mail Content -> Allow remote content in messages.
You say that option was not selected and I presume it is still not selected. That means remote content does not display by default unless you have made an exception.
Preferences > General
'Reading and Display' subsection
click on 'Return Receipts'
What setting have you set up for 'Return Receipt'?
Post an image as it displays everything rather than you typing it all out.
I added an exception of my website into the remote content exception list and saved changes at a specific time. The only file that got updated was the 'permissions.sqlite' file located in the 'profile name' folder. Help > More TRoubleshooting Information Click on 'Open Folder' to see contents of 'profile name' folder. Exit Thunderbird before you perform any change to any files.
Note: Regarding checking for virus etc as you do not want a keylogger etc.
Exit all programs. Restart the computer in 'Safe Mode' so it boots up using basics and has no internet connectivity. Then perform full scans.