Enigmail Configuration Manual

Expert Settings

The expert settings are available if the checkbox Display expert settings is enabled in the basic preferences.


  1. Sending
  2. Key Selection
  3. Advanced
  4. Keyserver
  5. Debugging


Enigmail Sending Preferences

  • Add my own key to the recipients list: If activated, all messages that you send encrypted are encrypted with the recipients' public keys as well as with your own public key as specified in the settings of the current account. This is required to enable you to decrypt the messages you have encrypted (which would otherwise not work).

  • Rewrap signed HTML text before sending: If you have enabled composition of HTML mails, signed inline PGP mails have to be rewrapped before they can be sent in order to avoid invalid signatures. However, rewrapping can cause the text to look differently from what you have typed. It is recommended to turn this option on if you send signed messages using inline PGP, unless you have problems caused by rewrapping.

  • Always trust people's keys: OpenPGP encryption uses a notion of trust with identification of the keys. Normally, you cannot encrypt messages to untrusted keys. This option overrides the trust of the keys, so that you can encrypt to recipients, even if you don't trust their keys (e.g. concerning the ownership).

  • Allow empty subject: Stops Thunderbird/SeaMonkey complaining about an empty subject line.

  • Always confirm before sending: If enabled, you are prompted with a confirmation dialog before sending any message, so that you can check the encryption/authentication status. It is advisable to turn off this option if you also send S/MIME signed or encrypted messages from time to time.

Key Selection

Enigmail Key Selection Preferences

  • By pre-set rules only: prompt for a per-recipient rule for every email address in the recipients list (if no rules is yet present).

  • By rules and email addresses: if Enigmail can't determine the keys for all email addresses for encrypting mails (after having applied the per-recipient rules), display a key selection dialog to allow for manually selecting the keys to encrypt with.

  • By email addresses: if Enigmail can't determine the keys for all email addresses for encrypting mails, display a key selection dialog to allow for manually selecting the keys to encrypt with. No per-recipient rules are used

  • Manually: Enigmail will never decide which keys to use. Whenever encrypted emails are to be sent, display the selection dialog.

  • No manual key selection: if no valid key can be determined for all recipients, automatically send the email unencrypted. Per-recipient rules are applied.


Enigmail Advanced Preferences

  • Encrypt if replies to encrypted messages: when this option is enabled, replying to (or forwarding) an encrypted message automatically turns on encryption, i.e. the option Encrypt message is activated, regardless of the default settings for the account.

  • Add Enigmail comment in OpenPGP signature: enable this option to have Enigmail inserting a comment in OpenPGP encrypted or signed messages ("Using GnuPG with Thunderbird/SeaMonkey - http://www.enigmail.net").

  • '--' is a signature separator: when signing, lines starting with '-' are replaced with '- -' by GnuPG according to the OpenPGP standard. This however makes the lines no longer appear as separator between the messsage body and a signature, which is normally displayed in grey. By enabling this option, enigmail enables some workarounds when reading and composing messages to treat such lines correctly.

  • Use gpg-agent for passphrase handling: GnuPG version 2.0.x is distributed with the GnuPG passphrase agent, a tool for caching passphrases. This is especially useful if several passphrases are used. Enabling this option makes Enigmail use the gpg-agent also for GnuPG version 1.4.x (requires the tools gpg-agent and pinentry to be installed!). Note that in some distrubutions, Seahorse is installed instead of gpg-agent. This may cause trouble when using OpenPGP SmartCards. If you use a smartcard for your key, then either use gpg-agent and enable this option or unset it AND make sure the environment variable GPG_AGENT_INFO is unset prior to starting Enigmail since GnuPG expects gpg-agent be running once it detects GPG_AGENT_INFO.

    Do not activate this option, if you want Enigmail to ask you for your passphrase.

  • Use ´<´ and ´>´ to specify email addresses : Hushmail is a provider for OpenPGP encryption over the web. However, if a user generates his/her key with Hushmail, it is not fully compatible to OpenPGP. According to the standard, e-mail addresses are surrounded by <> (e.g. Example User <example@domain.invalid>), but this is not the case with Hushmail. When encrypting messages Enigmail relies on this for security reasons (i.e. to avoid potential confusions), but this has to be turned off for Hushmail keys. De-activating this option removes the < and > characters from e-mail addresses.

  • On SeaMonkey there is an additional option shown here:
    Hide SMIME buttons/menus: The S/MIME button is hidden after Enigmail is installed by default, in order not to confuse users. By disabling this option, the S/MIME button is made visible again. This option is not available on Thunderbird because the toolbar can be customized by the user.

  • Only download attachments when opened (IMAP only): If you are using IMAP folders, message of more than ca. 40 kB size are often not decrypted correctly. This is due to Thunderbird/SeaMonkey loading IMAP attachments on demand and not knowing that the encrypted message isn't a true attachment. By turning off this option, PGP/MIME messages of any size are correctly decrypted with IMAP servers.

  • Use Additional parameters for GnuPG to pass further parameters to GnuPG directly, e.g.

    --comment "This is an additional comment line within the OpenPGP signature"

Key Server

Enigmail Keyserver Preferences

  • Specify your keyserver(s): contains a space separated list of OpenPGP key servers. The key servers may be preceeded with a protocol (e.g. hkp://keyserver.example.com).

  • Automatically download keys for signature verification from the following keyserver: GnuPG can automatically try to download keys to verify signed messages from a key server. If you enter a value in this field, then GnuPG will request to download any unknown key from the specified server. This option can only take exactly one server address.


Enigmail Debugging Preferences

This group of options can help to track down why Enigmail doesn't work as expected.
  • Log directory: This value contains the name of a directory where log files are created (e.g. C:\TEMP\ENIGMAIL or /tmp/enigmail-debug). The directory must exist in order to be used. Changing this value requires Thunderbird/SeaMonkey to be restarted.

    After restarting, a file named enigdbug.txt will be created in the log directory containing the trace log. You can view this file using the View logfile menu item in the Enigmail menu of the Mail window.

  • Test email: enter an email address here that is available in your OpenPGP key list (e.g. your own) and press the Test button next to it. Enigmail will then perform a couple of tests and inform you about the result. You can check the details of such a test using the Enigmail Console available from the Enigmail menu in the Mail Window.

  • Test: pressing this button starts the execution of the tests.