Security extension for Thunderbird. Analyses emails and detects phishing attempts with a 0-10 score. 100% offline and private.
- Automatic analysis with scoring from 0 to 10
- Multi-criteria detection: suspicious domains, typosquatting, shortened URLs, urgent language, dangerous attachments
- Contact verification in Thunderbird address book
- Customizable lists (blacklist/whitelist) with JSON import/export
- 100% offline and private: no data sent to external servers
- Multilingual: French and English
- Database: red.flag.domains integration (30,000+ domains)
- Download the extension
email-security-scanner.xpi - Open Thunderbird
- Menu > Add-ons and Themes > ⚙️ > Install a module from a local file...
- Select
email-security-scanner.xpi
- Download the full project
- Open Thunderbird
- Menu > Add-ons and Themes > ⚙️ > Debug Add-ons
- Load Temporary Add-on > Select
manifest.json
The red.flag.domains.txt file is included with a base version. For the complete version:
- Download https://dl.red.flag.domains/red.flag.domains.txt
- Place it at the project root or import it via Options
- Open an email in Thunderbird
- Click the shield icon in the toolbar
- View the security score and details
- Blacklist a sender (moves to spam)
- Whitelist a trusted sender
- Manage lists via the extension's Options
email-security-scanner/
├── manifest.json # Configuration
├── background.js # Analysis logic
├── popup.html/js # Main interface
├── options.html/js # Configuration
├── lists.html/js # List management
├── settings.html/js # Settings
├── i18n.js # Translations
├── red.flag.domains.txt # Database
└── icons/ # Icons (to create)
| Criterion | Penalty |
|---|---|
| Contact in address book | Perfect score (10/10) |
| Domain in whitelist | Perfect score (10/10) |
| Blacklisted domain | -8 points |
| Typosquatting detected | -5 points |
| Urgent/suspicious language | -1.5 to -4 points |
| Shortened URLs | -1.5 to -3 points |
| Suspicious links | -2 to -5 points |
| Dangerous attachments | -3 points |
| SPF/DKIM authentication failure | -2 points |
| Score | Level | Description |
|---|---|---|
| 10 | ✅ Safe | Known contact or whitelist |
| 9-10 | ✅ Safe | No suspicious indicators |
| 7-9 | Minor warning signs | |
| 5-7 | Suspicious indicators | |
| 3-5 | 🚨 High Risk | Signs of phishing |
| 0-3 | 🛑 Dangerous | Likely a scam |
Modify background.js to adjust:
- Score penalties
- Suspicious keywords (
SUSPICIOUS_KEYWORDS) - Trusted domains (
checkHomoglyphs()) - Your custom list (
CUSTOM_BLACKLIST)
- ✅ No internet connection during analysis
- ✅ No data sent to servers
- ✅ 100% local storage
- ✅ No telemetry or statistics
- ✅ Transparent source code
This extension is a decision support tool. It does not replace your personal vigilance and common sense. Always be cautious with suspicious emails.
This project is licensed under the MIT License. See the LICENSE.md file for details. The red.flag.domains database is licensed under Creative Commons BY-NC-SA 4.0.