Betterbird Blog

If you read the article about discontinuing the Revolut payment link, you will already have heard of credit card testing attacks: Fraudsters effect (small) payments to "merchants" to test the validity of stolen/leaked credit card details. As you can see in the picture, nine attempts were made within less than 40 minutes. All Revolut did was to block our account, they don't offer any mitigation tools.

As of March 2026 our Stripe payment USD link also came under attack. It started with small payments between $0.50 and $2, which we blocked, but later they increased to $5 to $20, and even payments of $100 or $1000 were "tested".

To mitigate the issue the following measures were taken on top of Stripe's so-called Radar which has its own heuristic for fraud detection:

• Small donations blocked
• Donations from Algeria blocked, there seems to be a nest of fraudsters
• Now requiring 3D Secure payments (when available)
• Stricter address checking
• USD payment replaced twice and all payment links now obfuscated (supplied via JS on page load or user click)
• Proactive refund of suspicious payments, since every dispute carries a fee of $20
• Last not least: The Link payment method was disabled, a Stripe invention, which makes these attacks faster for the fraudsters.

Unfortunately, Stripe's own mitigation isn't very good, in on case there were at least 8 failed tests from the same IP address within 33 minutes, and Stripe still allowed a subsequent payment from that IP address, which of course we refunded immediately to avoid a costly dispute:

If your genuine donation in USD was declined, please get in touch and we'll find a different payment option. In a dialogue with a donor we found out that Bank of America generally allows outgoing ACH payments. For "regular" customers they charge a fee, it's free for customers with a "preferred status".

Strange what tasks arise in an open source project which aims at providing the world's best e-mail client.

We've shipped Betterbird 140.8.0esr-bb19 today. Please refer to the Release Notes for full details.

This new release offers four new functions and a fix for an annoying issue. Here are some details:

The add-on Send Later to schedule sending of messages has many users. Its author doesn't test his add-on in Betterbird, instead he publishes this disclaimer (quote):

Send Later is known to have issues with Betterbird
The Send Later add-on is not regularly tested with the Thunderbird fork called Betterbird, and there are known, unresolved issues which may prevent the add-on from functioning as intended. Using Send Later with Betterbird is therefore not recommended.

We're not aware of any issues, other than the ~55 issues the add-on has anyway. But the good news is, delayed sending in the background is now supported in Betterbird, if you set the following two preferences:

mailnews.sendInBackground set to true and mailnews.sendInBackground.DelayMinutes set to the desired delay in minutes. Be aware that if you close Betterbird before all messages are sent, there is currently no warning.

This is not aimed at replacing the add-on completely, it's aimed at providing a "send delay" that users of MS Outlook are used to.

As we detailed in previous posts like this one, we're now signing our Windows binaries with a code-signing certificate from a reputable source.

By popular demand, the 'Search PreferredSearchEngine for "..." ' option is now also available in the context menu in the compose window.

People who have used Thunderbird for a long time will know that for IMAP accounts, messages read on the server with a different client, like a mobile device, were not subjected to message filtering. That was later changed by introducing preference mail.imap.filter_on_new. However, the filter didn't work when it was run after the junk classification. This has now been fixed.

Thunderbird released version 140.7.2 yesterday to follow Firefox 140.7.1 which fixes a security issue, a heap buffer overflow in libvpx. That's a video codec. The Thunderbird folks wrote this in their advisory:

In general, these flaws cannot be exploited through email in the Thunderbird product because scripting is disabled when reading mail, but are potentially risks in browser or browser-like contexts.

So, only Betterbird users who use Betterbird as a web browser, or browsing news feeds with embedded videos may be affected. Since the security risk is extremely low and since Betterbird 140.8.0esr-bb19 will ship before the 24th of February 2026, we decided to skip this release.

The "colourful" picture shows the all the test failures that occurred in Thunderbird's release automation and are shown in the so-called "treeherder" (dashboard). Each orange box is a test failure, and it's not advisable to ship the product with so many test failures without investigating them.

In other words: Even if we had built Betterbird based on this Thunberbird release, it could be quite broken. BTW, this is not the first release chagrin, refer to these earlier articles [1] and [2] for more.

Update: Apologies to the Thunderbird folks for the incorrect statement above. We heard that the test failures were analysed and that they came to the conclusion that despite what was displayed on the dashboard, the product showed no functional failures and was safe to ship. That was confirmed by their QA team, in fact, we also tested that Thunderbird release and didn't see failures.

Our article was overreacting to the fact that in the past, test failures were ignored and the product did get shipped with minor functional issues.

Three days ago we noticed a number of 1 € payments via our Revolut payment link using a credit card. We were wondering what this was about.

Today we received this message from Revolut: It is with regret that we must inform you of our decision to discontinue the support for your freelance activity. [...] in an effort to mitigate potential risks associated with providing you with our acquiring services, we have temporarily restricted fund withdrawals from your account for the next 90 days.

Wow! AI sprang to help to explain that our payment link had become the targe of a so-called credit card testing attack, where the link was used by fraudsters to test stolen credit cards. AI went on to say:

What Stripe actually does (and Revolut doesn’t)

• aggressively rate-limits payment attempts
• runs real-time card testing detection
• blocks suspicious patterns before they hit the merchant
• absorbs the fraud risk by default
• does not punish merchants for being targeted

That’s why Stripe payment links are safe to publish publicly.

What Revolut does instead

• exposes a public card entry page
• performs basic checks
• then pushes all residual risk downstream to the merchant
• treats anomalous traffic as merchant risk

So yes — they look the same on the surface, but they are not in the same category operationally. This is not something a normal user can or should infer.

Update: Revolut chat isn't very helpful, mostly pre-canned and/or AI replies. They say that blocking the account is based on their Payment Processing Service Agreement which also includes these Business Terms, but none of the documents specify a block for 90 days. Neither do any of the ten reasons for suspension in section 7 apply.

So this looks like a Goodbye to Revolut. Adding to this is the poor quality of the data they provide: For some donors, name and e-mail address are supplied, for others, only the e-mail, and for quite a few, only the name, so we can never contact the donors to thank them. Furthermore, there is zero reporting, we have to "scrape" the textual data off the Android screen (using this Copy app).

We've shipped Betterbird 140.7.1esr-bb18 today. Please refer to the Release Notes for full details.

The Thunderbird folks are preparing their 140.7.1 release for next Tuesday, 27th January 2026 to fix a vulnerability in an OpenPGP edge case. Due to scheduling constraints, we're already shipping this now.

Since only 13 days have passed since our Release 140.7.0esr-bb17, this release only contains a few items. By popular demand, we're now distinguishing in the Activity Manager now whether messages were downloaded or not by giving the icon a different colour:

We've also advanced 11 bug fixes the Thunderbird folks are not shipping to their ESR users, refer to our opinion about this policy in this prior blog post.

Placing advertisements on the Thunderbird start page was under discussion years ago when our CEO was still serving on the Thunderbird Council. Back then, request received by certain advertisers were deemed incompatible with the Thunderbird mission.

Of course, the in-product start page is seen by many users, and therefore offers itself to draw attention to hand-picked relevant products or partners. A few days ago, we were contacted by the CEO of Forward Email. This company offers full mail hosting for people who have registered their own domain, or just mail forwarding. As a "test balloon", we agreed to show a recommendation for their products on our start page, to see where the collaboration can lead.

We're going to try out their SMTP service, since the outgoing mail server that comes with our hosting package at the German hosting provider Hetzner sometimes doesn't have the best "reputation", and we end up sending mail via Gmail.

Update: Following Forward Email's instructions, we configured SPF, DKIM and DMARC, and hey, now we have an alternative outgoing server. Definitely a win for our project! Their setup doesn't force you to transfer the MX records to them, so it gives you the flexibility you may need. Disclaimer: We're using a paid plan, so all this is not part of the free plan.

Any users who don't want to see the advertisement can add an ads=no parameter to the Betterbird start page location, so is becomes:

https://www.betterbird.eu/start?ads=no&locale=%LOCALE%&version=%VERSION%&channel=%CHANNEL%&os=%OS%&buildid=%APPBUILDID%

There is also a dark version of the start page:

https://www.betterbird.eu/start/indexd.php?locale=%LOCALE%&version=%VERSION%&channel=%CHANNEL%&os=%OS%&buildid=%APPBUILDID%

which can be modified to:

https://www.betterbird.eu/start/indexd.php?ads=no&locale=%LOCALE%&version=%VERSION%&channel=%CHANNEL%&os=%OS%&buildid=%APPBUILDID%

Recently, it was brought to our attention by a user that the feed icon of "Charlie's Diary" (feed here) is displayed empty:

We looked into the issue and it turned out that Mozilla-base software has a problem displaying the icon, as also can be seen when opening it directly in Firefox, resulting in: "The image “http://www.antipope.org/favicon.ico” cannot be displayed because it contains errors."

However, Mozilla's "Places technology", also used in Thunderbird feeds, can display the icon:

So we contacted Charlie politely asking him to address this issue. We even supplied a repaired version of his icon, which is only 16 bytes bigger. Our first inquiry was ignored, but a friendly reminder, "Please address this issue", five days later received this reply:

No. Now fuck off.

Well, good luck, Charlie!

We've shipped Betterbird 140.7.0esr-bb17 today. Please refer to the Release Notes for full details.

Since only 11 days have passed since our Release 140.6.0esr-bb16, this release only contains a few items. By popular demand we implemented a "reveal" button in the primary password and mail password prompts.

We decided to start the New Year with a fresh release of Betterbird 140.6.0esr-bb16. Too many fixes had accumulated since shipping "bb15" at the beginning of December:

• A user alerted us to a defective French localisation. The issue is also present in Thunderbird 140. We made a "spot fix" to include the missing strings.
• A user had asked us to provide a "dark reader" switch for the compose window to work around "back on black" issues.
• By popular demand we've implemented an option to include the event description in the mail body of the scheduling message.
• We're now enabling address book categories for compliant CardDAV servers which support vCard v4.0.
• "Recent Destination" now include a short MRU list on top of the longer alphabetically sorted list.
• By popular demand, filenames can now contain commas with -compose "attachment=..." is used.
• There was a Mozilla editor issue where the "insertion point" (caret) was displayed incorrectly. We're advancing Mozilla's fix since the issue was rather annoying.
• And finally: Embedded SVG images weren't displayed correctly under some circumstances, another puzzling issue.

And there is more, so please refer to the Release Notes for full details.

Update: No release without an issue. This time the localised strings for the new Categories functionality were missing, so all localised versions and language packs had to be replaced. This happened at 20:00 GMT.

After a string of bad design decisions, like turning the default view to threaded and removing connecting thread lines, moving the main menu bar to underneath the unified toolbar, and the recent folder naming disaster, the new kids on the block are now moving to the implementation of a feature that allows filtering on untagged messages. This was requested in 2011.

Betterbird had an initial implementation in version 91 in 2021 with a second button, called the "two button solution": where a second button allowed selecting untagged messages additionally. This was replaced in version 115 by the ability to negate not only tags, but also the other filter buttons (unread, starred, in-address-book, etc.) as well as text filters:

Thunderbird's director bagged on this implementation, as reported in an earlier post.

Now watching the now Thunderbird kids trying to implement the feature is a real disaster. At first, the suggestion to add a third selector to Any of / All of is put forward:

When a reviewer voices objection (quote):

I don't think this is the way to implement this. "None" is totally a different thing from AND/OR, and totally mess with the mental data model of the filtering.

he is swiftly removed. The patch author, now impersonates the UX team and replies:

The UX team analyzed this and they agree that this is an acceptable first implementation to add a very simple feature..

And then a well-meaning clueless employee suggests:

But I have a second idea: A virtual "untagged" tag. This additional tag is shown alongside the others and its default state is "not", to match the current behavior when tags mode is enabled, but users can flip it to show only messages without tags.

Wow, wow, wow, such genius. Only that this very same solution was considered and rejected in 2016. And there is more brilliance:

What was that sentence? "Perfection is the enemy of good" 😄 That's a long-standing Thunderbird principle: Wait (forever) until the perfect solution comes alone.

And then, in reply to a comment, You are aware that exclusions work today via right-click and that the excluded tag(s) is/are struck out? we have:

I don't see a strike out when I use shift

Dazzling, for sure, from someone who has been on the project from 24 years.

What's up next?