Mail Auth Info Viewer

Mail Auth Info Viewer is a Thunderbird add-on designed to combat sophisticated phishing and "display name" spoofing. It analyzes message headers and body content locally, presenting a clear, color-coded dashboard showing sender alignment, authentication results (SPF, DKIM, DMARC), phishing link detection, and delivery routes with time delays directly on the message view.

Key features

Shadow DOM CSS isolation: The dashboard is encapsulated in a closed Shadow DOM, completely preventing HTML email CSS (e.g. * { font-size: 20px !important; }) from contaminating the add-on display.
Always-collapsed panel: The dashboard always starts collapsed, keeping the status badge and verdict reason tags visible at a glance without consuming screen space. Click to expand for full details.
Sender identity and alignment: Instantly spot discrepancies between the Display Name, Header From, and Envelope From addresses side-by-side.
Display name spoofing detection: Detects when the display name contains an email address from a different domain than the actual sender — a common phishing trick.
Domain verification badge: Prominently displays the actual authenticated domain (e.g. AUTH PASS example.com) to prevent false trust in fake display names.
Verdict reason tags: Shows exactly why the badge is not green (e.g. DMARC policy is p=none, Phishing indicator detected, Untrusted link domain) so administrators know what to fix or trust.
Four-tier link safety analysis: critical (deceptive link text, dangerous URI schemes like javascript: / data:, embedded HTML forms — promoted to a phishing badge); suspicious (IP-address links, IDN homograph attacks, URL shorteners); untrusted (external domain unknown to the extension, resolvable by trusting the domain); privacy (tracking pixels — informational only).
Link domain overview: Lists all unique link domains in the body, color-coded by alignment with the sender's organizational domain, with inline tracker markers.
Reply-To mismatch detection: Warns when Reply-To belongs to a different domain than the sender.
Trusted link domains with inline shortcut: When an untrusted link indicator involves a single external domain, a Trust button appears directly on the finding row for one-click whitelisting. Manage trusted domains from the add-on settings page with text-based import / export.
Authentication status with DMARC policy display: SPF, DKIM, DMARC pass / fail at a glance, with the DMARC policy color-coded for administrators.
DMARC alignment indicators (RFC 7489): SPF and DKIM alignment status shown within each authentication card. Alignment is evaluated only for signatures that actually passed authentication.
Individual DKIM signatures: When multiple DKIM signatures exist, each is shown with its status, signing domain, and DKIM selector (s=), with deduplication across headers.
RFC 8601 comment-aware parsing: The Authentication-Results parser correctly handles comments containing semicolons, such as the common DKIM key-info comment (2048-bit key; unprotected) emitted by some MTAs.
ARC chain visualization (RFC 8617): Displays the Authenticated Received Chain with verification status, signing domain, and authentication summary for each forwarding hop.
Delivery route visualization: Shows the path from sender to inbox with calculated time delays between hops, Envelope-To recipient, and IP type indicators (internal / external with IP tooltips).
Received-SPF fallback: When Authentication-Results lacks SPF data, falls back to Received-SPF for compatibility with older mail servers.
Trusted authentication filtering (authserv-id): Filters Authentication-Results headers to trust only those from the receiving mail server, preventing forgery from upstream injected headers.
Organizational domain comparison (RFC 7489): Uses a curated Public Suffix List covering more than 60 countries for accurate domain alignment.
Mailing list detection: Indicates via Mailing List when List-Id or List-Unsubscribe headers are present, explaining domain mismatches from list forwarding.
Dark mode: Full dark mode support that follows your system preference.
12 languages: English, Japanese, French, German, Spanish, Italian, Korean, Traditional Chinese, Simplified Chinese, Brazilian Portuguese, Russian, Arabic.

Privacy

All analysis is performed locally on your machine. No data is sent to any external server.
The trusted domain list is stored only in local Thunderbird storage.

Source code: https://github.com/showtimesh/mail-auth-info-viewer

This release introduces a four-tier link safety severity model: critical, suspicious, untrusted, and privacy. Each level has a distinct meaning and resolution path.

New "untrusted" level for findings that only indicate an unknown external domain (all-external links, external main CTA). These are shown in a softer amber color and carry a new Untrusted link domain verdict tag, making clear that the domain is simply not yet on your trust list — not evidence of wrongdoing.
New "privacy" level for tracking pixel detection. Privacy notices no longer contribute to the suspicious verdict and have their own informational style.
One-click Trust shortcut: when an untrusted indicator involves exactly one external domain, a Trust button appears directly on the finding row for immediate whitelisting.
Aggregated findings: IP-address, IDN homograph, and URL shortener findings now combine multiple hosts into a single row to prevent list bloat.
Dark mode support for the new untrusted and privacy styles.
i18n updates across all 12 supported languages.

The verdict philosophy is unchanged: untrusted findings still do not earn a green badge until the user explicitly trusts the domain. The add-on never assumes legitimacy for any unknown external domain.

Complements

Benvingut a complements de Thunderbird.

On the go?

Mail Auth Info Viewer 1.1.6

per Shota

Quant al complement

Informació de la versió

Versió 1.1.6 Publicat el abr. 11, 2026 73.5 KiB Funciona amb Thunderbird 115.0 and later