Historie verzí doplňku Mail Auth Info Viewer

10 verzí

Se starými verzemi opatrně!

Tyto verze jsou dostupné pro referenční a testovací účely. Měli byste vždy použít poslední verzi doplňku.

Verze 1.2.4 91.2 KiB Podporuje Thunderbird 115.0 a novější

This release adds an optional Compact mode that reduces the height of the always-visible information bar shown at the top of each message.

  • New Display section on the settings page with a Compact mode checkbox.
  • When enabled, the info bar uses tighter padding and a smaller badge, sender domain, and copy button, so it takes up less vertical space on small screens.
  • Purely cosmetic: readability is preserved, dark mode is fully supported, and the badge, the SPF/DKIM/DMARC cards, and the verdict are unchanged.
  • Off by default; the new height applies the next time a message is displayed.

Based on a user request on GitHub (issue #8).

Verze 1.2.3 88.8 KiB Podporuje Thunderbird 115.0 a novější

New: a "Reported, unverified" notice. Some providers record authentication results where this add-on intentionally does not trust them for the verdict — an Authentication-Results header whose authserv-id cannot be attributed to your receiving server, or only inside the ARC-Authentication-Results chain (which is forgeable and not cryptographically checked here). Such mail previously showed a bare none. Those values are now surfaced as a compact "Reported, unverified" pill in the header (full caveat on hover). This is informational only and does not affect the badge, the cards, or the verdict; a result is still treated as passing only when it comes from an Authentication-Results attributable to your receiving server.

Verze 1.2.2 85.7 KiB Podporuje Thunderbird 115.0 a novější

Bug fix: authentication results were dropped for mail whose final delivery hop differs from the authenticating server. This affected Fastmail (messagingengine.com), where the last Received hop is an internal Cyrus LMTP host (e.g. slotpiXXmYY) while the Authentication-Results are written by phl-mx-NN.messagingengine.com, with several *.internal hops in between; the authserv-id did not match the last hop, so DKIM and DMARC were shown as none. The add-on now locates the boundary MTA (the most recent hop that received the message from a public IP) and matches the authserv-id against it; if the message was routed entirely inside the provider (self-sent mail), the first real public hostname in the chain is used. This complements the Gmail / Google Workspace fix in 1.2.1.

Verze 1.2.1 85.2 KiB Podporuje Thunderbird 115.0 a novější

Bug fix: authentication results were dropped for mail delivered through Gmail / Google Workspace. Google adds an internal handoff as the most recent Received header (Received: by 2002:<IPv6> with SMTP id ...), and the add-on used that hop's IP-literal by value as the receiving host when matching the authserv-id of Authentication-Results. An IP literal never matches a hostname authserv-id, so the legitimate results were discarded and SPF/DKIM/DMARC were shown as none. The add-on now skips leading Received hops whose by is an IP literal and matches the first real hostname instead (the boundary MTA, e.g. mx.google.com), so the trust boundary is preserved.

Verze 1.2.0 84.7 KiB Podporuje Thunderbird 115.0 a novější

Security hardening
  • ARC-Authentication-Results headers are no longer mixed into the main SPF/DKIM/DMARC verdict; they are shown in the ARC chain card only.
  • When no Authentication-Results header matches the receiving server (authserv-id), the message is now treated as unverified instead of trusting all headers.
  • The From header address is now extracted from the last angle-bracket pair (RFC 5322), defeating display-name spoofing with embedded fake addresses.
  • Deceptive link text (visible URL differing from the actual destination) is now always flagged, regardless of the trusted-domain list.
New features
  • Authentication strength insights: weak DKIM keys (below 2048 bits, when recorded by the receiving server), rsa-sha1 signatures, partial body signing (l= tag), DMARC sp=none and pct below 100 are shown inside the DKIM/DMARC cards. The badge verdict is not affected.
  • TLS visibility in the delivery route: each hop shows the transport encryption recorded in its Received header (TLS version, legacy TLS warning, plaintext protocol, or unknown), with cipher suites in tooltips.
  • One-click report copy: a Copy button in the dashboard header exports a structured plain-text analysis report to the clipboard.
Localization
  • Ten new strings translated in all 12 locales; the trusted-domain setting description was made more accurate in 10 locales.

Verze 1.1.8 75.3 KiB Podporuje Thunderbird 115.0 a novější

Bug fixes
  • Email relay/masking services (Firefox Relay, DuckDuckGo Email Protection, Apple Hide My Email, SimpleLogin, AnonAddy, and others) are no longer flagged as display-name spoofing or Reply-To mismatch. When the actual From: address belongs to a known relay service, the original sender's email address in the display name is recognized as legitimate forwarding behavior rather than impersonation.
  • The DKIM alignment failed verdict reason is no longer surfaced when DMARC overall passes (when SPF or DKIM aligns and DMARC is pass). This eliminates false-positive warnings for brand mail delivered through bulk platforms such as Sailthru, SendGrid, or Mailchimp, where DKIM is signed by the platform but SPF aligns with the brand's bounce domain. Per-signature alignment indicators inside the DKIM card are unchanged.
Acknowledgments
  • Thanks to @JerryLerman for the detailed bug reports on GitHub issues #3 and #4.

Verze 1.1.6 73.5 KiB Podporuje Thunderbird 115.0 a novější

This release introduces a four-tier link safety severity model: critical, suspicious, untrusted, and privacy. Each level has a distinct meaning and resolution path.

  • New "untrusted" level for findings that only indicate an unknown external domain (all-external links, external main CTA). These are shown in a softer amber color and carry a new Untrusted link domain verdict tag, making clear that the domain is simply not yet on your trust list — not evidence of wrongdoing.
  • New "privacy" level for tracking pixel detection. Privacy notices no longer contribute to the suspicious verdict and have their own informational style.
  • One-click Trust shortcut: when an untrusted indicator involves exactly one external domain, a Trust button appears directly on the finding row for immediate whitelisting.
  • Aggregated findings: IP-address, IDN homograph, and URL shortener findings now combine multiple hosts into a single row to prevent list bloat.
  • Dark mode support for the new untrusted and privacy styles.
  • i18n updates across all 12 supported languages.

The verdict philosophy is unchanged: untrusted findings still do not earn a green badge until the user explicitly trusts the domain. The add-on never assumes legitimacy for any unknown external domain.

Verze 1.1.5 71.0 KiB Podporuje Thunderbird 115.0 a novější

Security Fix
  • DKIM alignment evaluation hardened: the security verdict now considers only DKIM signatures that passed authentication when evaluating alignment, preventing false alignment matches from failed signatures.

UI Fix
  • Added missing CSS rules for alignment labels in SPF/DKIM cards. "Aligned" and "Not Aligned" labels are now properly color-coded (green/red).

Locale Consistency
  • Unified alignment terminology between status labels and verdict reason tags in Japanese, Simplified Chinese, Traditional Chinese, Arabic, and Russian.

Verze 1.1.4 71.1 KiB Podporuje Thunderbird 115.0 a novější

v1.1.4 — Review Compliance Update

  • DOM Safety: Replaced all innerHTML usage with safe DOM APIs (document.createElement, textContent, replaceChildren) in options page and confirm dialog, per ATN review policy.
  • Always-Collapsed Panel: The dashboard now always starts collapsed for every email. Status badge and verdict tags are visible at a glance in the header bar; click to expand for details.
  • Header Cleanup: Removed the GitHub repository link from the main click area of the feature panel header, per ATN no-surprise policy.

Verze 1.1.3 70.8 KiB Podporuje Thunderbird 115.0 a novější

v1.1.3 — Trusted Link Domains, Link Mismatch Badge and All-External Detection

Trusted Link Domains (Whitelist)
  • "Trust" button appears next to external domains when link warnings are detected
  • Confirm dialog prevents accidental whitelisting
  • Trusted domains shown with shield icon in blue, suppress link mismatch and external-link warnings
  • Manage from add-on settings page with text-based import/export

Link Mismatch Badge
  • Renamed from "PHISHING" to "LINK MISMATCH" — flashing skull animation unchanged
  • Better describes the detection: displayed URL differs from link destination

All-External Link Detection
  • Warns when all links point to external domains (replaces sole-link check)
  • Main CTA external detection no longer requires minimum area threshold
  • Both checks respect trusted domain whitelist

Other Changes
  • Alignment terminology updated to RFC 7489 standard across all 12 languages
  • New "storage" permission for whitelist persistence (no network access)