Betterbird Blog

Why is Windows SmartScreen blocking so many installations? According to AI, SmartScreen uses various signals:

File reputation (the big one)

SmartScreen maintains a reputation score for that exact file hash:

• How many people have downloaded it
• How many have run it
• Whether users aborted or overrode warnings
• Whether it’s been reported as malicious

A brand-new binary has zero reputation, so it gets flagged even if it’s harmless.

Publisher reputation (certificate reputation)

This is where code signing comes in — but with a catch.

• A standard code-signing certificate starts with no reputation
• Reputation is built over time as many users run binaries signed with that cert
• Until then, SmartScreen still shows “Windows protected your PC”

So signing helps, but it does not give instant trust, unless an (expensive) Extended Validation) code-signing certificate is used. Using a self-signed certificate as "Trusted Root" may even have a worse rating as consequence.

We finally bought a code-signing certificate from the reputable source Certum, since they have a special deal for open source developers. Their CA is present on every Windows installation, see here in the Certificate Manager:

So expect a further announcement when our binaries are signed with the new certificate. Over time, the reputation in SmartScreen will also improve.

This article was partly created with the help of AI, however, manual adjustments were made where needed.

We've shipped Betterbird 140.7.1esr-bb18 today. Please refer to the Release Notes for full details.

The Thunderbird folks are preparing their 140.7.1 release for next Tuesday, 27th January 2026 to fix a vulnerability in an OpenPGP edge case. Due to scheduling constraints, we're already shipping this now.

Since only 13 days have passed since our Release 140.7.0esr-bb17, this release only contains a few items. By popular demand, we're now distinguishing in the Activity Manager now whether messages were downloaded or not by giving the icon a different colour:

We've also advanced 11 bug fixes the Thunderbird folks are not shipping to their ESR users, refer to our opinion about this policy in this prior blog post.

Placing advertisements on the Thunderbird start page was under discussion years ago when our CEO was still serving on the Thunderbird Council. Back then, request received by certain advertisers were deemed incompatible with the Thunderbird mission.

Of course, the in-product start page is seen by many users, and therefore offers itself to draw attention to hand-picked relevant products or partners. A few days ago, we were contacted by the CEO of Forward Email. This company offers full mail hosting for people who have registered their own domain, or just mail forwarding. As a "test balloon", we agreed to show a recommendation for their products on our start page, to see where the collaboration can lead.

We're going to try out their SMTP service, since the outgoing mail server that comes with our hosting package at the German hosting provider Hetzner sometimes doesn't have the best "reputation", and we end up sending mail via Gmail.

Update: Following Forward Email's instructions, we configured SPF, DKIM and DMARC, and hey, now we have an alternative outgoing server. Definitely a win for our project! Their setup doesn't force you to transfer the MX records to them, so it gives you the flexibility you may need. Disclaimer: We're using a paid plan, so all this is not part of the free plan.

Any users who don't want to see the advertisement can add an ads=no parameter to the Betterbird start page location, so is becomes:

https://www.betterbird.eu/start?ads=no&locale=%LOCALE%&version=%VERSION%&channel=%CHANNEL%&os=%OS%&buildid=%APPBUILDID%

There is also a dark version of the start page:

https://www.betterbird.eu/start/indexd.php?locale=%LOCALE%&version=%VERSION%&channel=%CHANNEL%&os=%OS%&buildid=%APPBUILDID%

which can be modified to:

https://www.betterbird.eu/start/indexd.php?ads=no&locale=%LOCALE%&version=%VERSION%&channel=%CHANNEL%&os=%OS%&buildid=%APPBUILDID%

Recently, it was brought to our attention by a user that the feed icon of "Charlie's Diary" (feed here) is displayed empty:

We looked into the issue and it turned out that Mozilla-base software has a problem displaying the icon, as also can be seen when opening it directly in Firefox, resulting in: "The image “http://www.antipope.org/favicon.ico” cannot be displayed because it contains errors."

However, Mozilla's "Places technology", also used in Thunderbird feeds, can display the icon:

So we contacted Charlie politely asking him to address this issue. We even supplied a repaired version of his icon, which is only 16 bytes bigger. Our first inquiry was ignored, but a friendly reminder, "Please address this issue", five days later received this reply:

No. Now fuck off.

Well, good luck, Charlie!

We've shipped Betterbird 140.7.0esr-bb17 today. Please refer to the Release Notes for full details.

Since only 11 days have passed since our Release 140.6.0esr-bb16, this release only contains a few items. By popular demand we implemented a "reveal" button in the primary password and mail password prompts.

The system tray support on Windows is pretty good in Betterbird, enhanced when compared to Thunderbird by an informative tooltip so check which folders contain new or unread mail:

Betterbird on Linux delivers the same functionality: System tray support, informative tooltip, minimise to tray, "tray icon always". It's all described in this section of our Expert Tips page.

We don't want to turn this post into another rant about Thunderbird, so it suffices to say that Thunderbird despite their new implementation in Rust here and here never pulled it off, their effort silently died off, and they never paid attention to a string of outstanding problems linked as dependents of this meta bug. The current state of Thunderbird affairs is that only Daily shows a permanent, fixed and pretty useless system tray icon with "Thunderbird Daily" as a tooltip - wow!

Now, with the advent of Wayland, system tray support has run into various issues:

For starters, Wayland doesn't have a concept of minimising windows, yes, you read correctly. Refer to these discussions: Gnome-Gtk and Free Desktop. Some quotes from the first reference:

Wayland does not have a concept of iconified windows.
I would suggest that we rename iconified to minimized in gtk4.
There is no minimize support in either the xdg-shell or the gtk-shell protocols; surfaces can request minimization, but ...
Plus, there's no state for minimization, which means we cannot set the state on configure, like we do for maximize/fullscreen.

Since Wayland doesn't have a concept of minimising, no minimise event is sent to a window that is being minimised, which is documented here. In Betterbird, we implemented a hack where our own code generates the missing event, when Betterbird's own control to minimise is clicked.

So it's understandable that the system controls on the system title bar don't work (reported here and here)

where as the controls drawn by Betterbird into the menu bar work:

Also not working: Clicking taskbar buttons, or pressing "minimise window" keyboard shortcuts that the window manager may offer, reported here.

To add insult to injury, there was a time when restoring a window from the system tray caused a graphics glitch, but that seems to have been fixed by changes in the Mozilla platform in Betterbird 140.

We decided to start the New Year with a fresh release of Betterbird 140.6.0esr-bb16. Too many fixes had accumulated since shipping "bb15" at the beginning of December:

• A user alerted us to a defective French localisation. The issue is also present in Thunderbird 140. We made a "spot fix" to include the missing strings.
• A user had asked us to provide a "dark reader" switch for the compose window to work around "back on black" issues.
• By popular demand we've implemented an option to include the event description in the mail body of the scheduling message.
• We're now enabling address book categories for compliant CardDAV servers which support vCard v4.0.
• "Recent Destination" now include a short MRU list on top of the longer alphabetically sorted list.
• By popular demand, filenames can now contain commas with -compose "attachment=..." is used.
• There was a Mozilla editor issue where the "insertion point" (caret) was displayed incorrectly. We're advancing Mozilla's fix since the issue was rather annoying.
• And finally: Embedded SVG images weren't displayed correctly under some circumstances, another puzzling issue.

And there is more, so please refer to the Release Notes for full details.

Update: No release without an issue. This time the localised strings for the new Categories functionality were missing, so all localised versions and language packs had to be replaced. This happened at 20:00 GMT.