Enigmail Configuration Manual

Enigmail User Preferences Information


Enigmail has many settings that can be accessed by means of User Preferences added to your user.js or prefs.js file.
Most of these settings can be accessed by means of the user interface as described below, and should only be set by means of a pref in user.js or prefs.js if you do not wish them ever to be changed.


UI: indicates that this value can be set using the Enigmail User Interface
JS: indicates that this value can only be set by entering it in user.js or prefs.js

Default preference values

The default values can be reviewed in the enigmail.js source.

The first part of this page lists all general preferences.
In the second part you can review the per-identity/account settings default values.
The third part consists of all preferences which are not accessible by the Enigmail UI.

General UI preferences

Hide many settings and menus for not advanced users

UI: Enigmail > Preferences > Basic; Display expert settings
Off by default.

Path to gpg executable

UI: Enigmail > Preferences > Basic; GnuPG executable path
If gpg executable is in the path, it can be left blank.

Additional parameter(s) to pass to gpg executable

UI: Enigmail > Preferences > Advanced; Additional Parameters for GnuPG
empty by default.

Selection which keys to accept

UI: Enigmail > Preferences > Sending; Manual encryption settings; To send encrypted, accept
0: accept valid/authenticated keys
1: accept all keys (except disabled, expired) (Default)

Selection to allow Per-Recipient Rules

UI: Enigmail > Preferences > Key Selection; Checkbox: By Per-Recipient Rules
true by default.

Allow Email addresses to select keys

UI: Enigmail > Preferences > Key Selection; Checkbox: By Email Addresses according to the keymanager
true by default.

Select keys manually if missing

UI: Enigmail > Preferences > Key Selection; Checkbox: Manually if Keys are Missing
true by default.

Always select keys manually. May also be used in combination with other selections as a final check.

UI: Enigmail > Preferences > Key Selection; Checkbox: Always (also) Manually
false by default.

Enable automatically decrypt/verify

UI: Enigmail > Automatically decrypt/verify messages
On by default.

Automatically download keys for signature verification

UI: Enigmail > Preferences > Keyserver > Automatically download keys for signature verification
Empty by default.

Selection for automatically send encrypted messages

UI: Enigmail > Preferences > Sending > Manual encryption settings > Automatically send encrypted
0: Never
1: If possible (all keys are found and accepted, Default)

Ask to confirm before sending a message

UI: Enigmail > Preferences > Sending > Manual encryption settings > Confirm before sending
0: never (Default)
1: always
2: if sent encrypted
3: if sent unencrypted
4: if rules changed the default encryption setting

Treat '-- ' as signature separator

UI: Enigmail > Preferences > Advanced; Treat '--' as signature separator
On by default.

Encryption model

UI: Enigmail > Preferences > Sending

Method to use for encryption settings:
0: Convenient encryption settings (Default)
1: Manual encryption settings

Disable '<' and '>' around email addresses

UI: Enigmail > Preferences > Advanced; Do not use '<' and '>' to specify email addresses (for old Hushmail keys)
Off by default.

Enable encryption for replies to encrypted mails

UI: Enigmail > Preferences > Sending; Encrypt if replying to encrypted message
On by default.

Display all keys in the OpenPGP Key Manager

UI: Enigmail > Key Management: if no text is entered in the search field, display all keys (true), or none (false)
true by default.

List of keyservers to use
user_pref("extensions.enigmail.keyserver","pool.sks-keyservers.net, keys.gnupg.net, pgp.mit.edu");

UI: Enigmail > Preferences > Keyserver
Default string shown above.

Keep passphrase for ... minutes

UI: Enigmail > Preferences > Basic; Remember passphrase for ... minutes of idle time
Default set to 5 minutes.

No passphrase for GnuPG key needed

UI: Enigmail > Preferences > Basic; No passphrase for user
Off by default.
Note: Will only be shown if you use GnuPG Version 1.x.

Use GnuPG's default comment for signed messages

UI: Enigmail > Preferences > Advanced; Do not add Enigmail comment in OpenPGP signature
On by default.

Use gpg passphrase agent for passphrase handling

UI: Enigmail > Preferences > Advanced; Use gpg-agent for passphrase handling
Off by default.
Note: if GnuPG v2.0 or newer is used, then gpg-agent is mandatory and the option is not shown.

Wrap HTML messages before sending inline PGP messages

UI: Enigmail > Preferences > Sending; Rewrap signed HTML text before sending
On by default

Per Account/Per Identity UI Settings

These settings can be accessed by Tools > Account settings > (your account) > OpenPGP security
All following UI explanations start at this point.

Important: You can have multiple identities per account and you should take care to configure all of those you want to use with Enigmail, especially if you added them after running the Enigmail Setup-Wizard.
You can access the settings for additional identities by Tools > Account settings > (your account) > Manage identities > (your identity) > Edit > Tab: OpenPGP Security

Enable encryption of drafts
user_pref("mail.identity.default.autoEncryptDrafts", true);

UI: Checkbox: Encrypt draft messages on saving
On by default

Always attach your own public key
user_pref("mail.identity.default.attachPgpKey", false);

UI: Advanced > Checkbox: Attach my public key to messages
Off by default

Sign messages by default
user_pref("mail.identity.default.defaultSigningPolicy", 0);

UI: Checkbox: Sign messages by default
0 = Off by default
nonzero = On

Encrypt messages by default
user_pref("mail.identity.default.defaultEncryptionPolicy", 0);

UI: Checkbox: Encrypt messages by default
0 = Off by default
nonzero = On

Enable OpenPGP support (Enigmail) for this identity
user_pref("mail.identity.default.enablePgp", false);

UI: Checkbox: Encrypt messages by default
Off by Default

Control sending of OpenPGP headers
user_pref("mail.identity.default.openPgpHeaderMode", 0);

UI: Advanced > Checkboxes: Send OpenPGP Key ID/Send URL for key retrieval
0 = Off by default
0x1 = Send Key ID from pgpkeyId preference below
0x10 = Send URL for key retrieval from openPgpUrlName preference below
0x11 = Send both

Specify URL for "Send URL for key retrieval"
user_pref("mail.identity.default.openPgpUrlName", "");

UI: Advanced > Fill box right of "Send URL for key retrieval"
Empty string by default

OpenPGP Key Id for this identity
user_pref("mail.identity.default.pgpkeyId", "");

UI: Fill box below "Use specific OpenPGP key ID" or click on "Select key..."
Empty string by default

Mode to obtain Key Id for this identity
user_pref("mail.identity.default.pgpKeyMode", 0);

UI: Radio buttons "Use specific OpenPGP key ID" or "Use email address of this identity to identify OpenPGP key"
0 = Get Key ID from Email address (Default)
nonzero = Use Key ID from pgpkeyId preference (Recommended)

user_pref("mail.identity.default.pgpMimeMode", false);

UI: Checkbox: "Use PGP/MIME by default"
false = Inline PGP (Default)
true = PGP/MIME

Sign non-encrypted messages (After application of defaults and rules)
user_pref("mail.identity.default.pgpSignPlain", false);

UI: Checkbox: sign non-encrypted messages
Off by default.

Sign encrypted messages (After application of defaults and rules)
user_pref("mail.identity.default.pgpSignEncrypted", false);

UI: Checkbox: sign encrypted messages
Off by default.

JS preferences

Warning: Editing the following preferences in the prefs.js or user.js files yourself can result in misbehaviour and data loss when introducing a syntax error! It is not recommended for new or average users! If you want to do it anyway, close Thunderbird/Seamonkey beforehand. And, as always: Make backups!

Disable X-Enigmail-xxx headers

JS: If this is set to true, Enigmail adds custom mail headers to all outgoing mail. These headers are not currently used for any function, but may be used by a future Enigmail specific function. Currently the header added is:
    X-Enigmail-Version: 1.7.2
Off by default.

The last configured Enigmail version

This should not be changed.

Countdown for alerts when composing Inline PGP HTML messages

JS: This sets the number of times a warning message will be shown when composing HTML messages and attempting to send using Inline PGP.
3 by default.

Handling of partially signed messages

JS: Display message at the top of the headers in the message reading pane if only part of the message is signed.
If you set this to false, PGP headers that appear within the message body will be ignored and displayed literally – except for those PGP headers at the beginning and the end of the message body when the whole message is signed (which is the normal case).
If this is set to true, Enigmail even removes preceeding quotes (">") from signed text embedded in the rest of the body if the message itself as a whole is not signed. This only works if the embedded quote has not been modified in the slightest way.
On by default.

Try to match secondary uid to from address

JS: When verifying signed messages, this option forces Enigmail to search secondary ID's on a keyring to find the matching ID for the email address used to send the message and display it instead of the default key ID.
On by default.

Show warning message when clicking on sign icon

JS: Warns when changing signing by clicking on the sign icon in the bottom right hand corner of the compose pane.
On by default.

Select encryption method if there are attachments

JS: Stores the value of the last encryption method used when sending an attachment to an encrypted message.
Possible values:
0: Do not encrypt attachments.
1: Encrypt attachments inline (default).
2: Encrypt Message and attachments using PGP/MIME.
3: Neither encrypt message nor attachments.

Display dialog to select if attachments shall be encrypted (and remember selected state)

JS: Display dialog to select whether attachments shall be enrypted or not.
0: do not skip, display dialog (default)
1: skip if possible, use encryptAttachments setting from above. If not possible, display the dialog nevertheless.

Allow encryption to newsgroupds

JS: Enables a warning dialog and/or sending of encrypted messages to newsgroups.
Default: Do not allow encrypted messages, show warning dialog.

Encrypt to self

JS: Encrypt to self
On by default.

Enable 'Decrypt & open' for double click on attachment (if possible)

JS: Enables automatic decryption and opening of encrypted attachments with a double click.
On by default.

Warning for 'failed to initialize Enigmail'

JS: Displays a warning if Enigmail fails to initialize.
On by default.

Use -a for encrypting attachments for inline PGP

JS: Turns on ASCII Armor for attachments to inline PGP encrypted messages.
Off by default.

Extension to append for encrypting attachments using inline PGP

JS: Sets the extension to be used when creating attachments with inline PGP encrypted messages.
Default extension shown above.

Extension to append for signatures for attachments using inline PGP

JS: Sets the extension to be used when creating a signature for attachments with inline PGP encrypted messages.
Default extension shown above.

Debug log directory

JS: Directory for Debug log. If filled, a debug log file will be created in the specified directory.
Empty by default.

GnuPG hash algorithm

JS: Force GnuPG to use a specific hash algorithm. Possible Values:

0: let GnuPG choose (Default)
1: SHA1
2: RIPEMD160
3: SHA256
4: SHA384
5: sha512
6: SHA224


JS: Due to technical reasons it is not possible to use both PGP/MIME and S/MIME in one message. This option decides which standard to choose if both are activated (after Per-Recipient rules were processed). Possible Values:

1: ask (Default)

Show quoted printable warning message (and remember selected state)

JS: Warns when Enigmail detects that a message is to be sent that contains 8 bit characters and that it will use Quoted Printable encoding.
0 by default.

Use http proxy settings as set in Thunderbird/Seamonkey

JS: Use the HTTP Proxy settings defined in Thunderbird/Seamonkey when retrieving keys from keyservers.
On by default

Enable using gpgkeys_*

JS: Enables Enigmail to use gpg to retrieve keys from keyservers. If false, Enigmail will use an internal mechanism to download keys, which will only work for hkp keyservers.
On by default

Confirm when passphrase is cleared.

JS: Show a confirmation dialog when passphrase is cleared after selecting the corresponding Menu item.
On by default

Enable warning about lengthy download when keys for all contacts are to be downloaded (and remember selected state).

JS: When downloading keys for all contacts, this can be a lengthy process, depending on network speed and number of contacts. This setting remembers the selected state.
On by default

Warn if gpg-agent must be used, but cannot be found (and remember selected state).

JS: If Enigmail cannot connect to gpg-agent although it must be used (using GnuPG 2.0 and later). This is the case when your system uses a specialized tool for passphrase handling such as gnome-keyring or seahorse-agent. Unfortunately Enigmail cannot control the passphrase timeout for those tools.
Therefore the passphrase timeout settings in Enigmail are disregarded.
On by default

Show "conflicting rules" message (and remember selected state)

JS: Shows a warning when sending a message to multiple addresses with Per-recipient rules that conflict with each other.
Off by default

Enable a warning about lengthy download when all keys are to be refreshed (and remember selected state).

JS: When refreshing all keys, this can be a lengthy process, depending on network speed and number of keys. This setting remembers the selected state.
On by default

Other settings (change Mozilla behaviour)

Disable "flowed" format style for plaintext messages.
user_pref("mailnews.send_plaintext_flowed", false);

JS: Send messages using the "flowed" format style (RFC 2646). This allows the sender and the recipients to re-wrap the text, which will break signatures.
Off by default, as it is not compatible with OpenPGP.