1270282 - 'customize from address' should be suppress-able

Status: RESOLVED WONTFIX

(Thunderbird :: Preferences, defect)

Description

[jeff.dalton]

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Firefox/38.0
Build ID: 20160420141331

Steps to reproduce:

TB 45 introduced the ability to customize the 'from' address of an email.  


Actual results:

While this may be good for the casual user, this opens a multitude of potential issues for the corporate user, as emails can be easily spoofed, in particular when using the 'edit as new' option.


Expected results:

There should be a way to customize the release to corporate users to suppress this feature.

Comment 1

[jeff.dalton]

Additionally, the 'edit as new' defaults to the original sender of the message, not the logged-in user.  This is a massive change in user experience and is bad practice for any mail server to have emails from someone when in truth it is someone else. This is mis-representation of the sender and requires urgent correction from a security point of view.

Comment 2

[marinar]

Hello 

Thanks to https://www.thunderbird-mail.de/thread/73757-benutzerdefinierte-absenderadresse-deaktivieren/ post.

To remove "Customize From Address..." menu,  place the following in to the userchrome.css

#msgIdentityPopup > menuseparator,
#msgIdentityPopup > menuitem[command=cmd_customizeFromAddress] {
        display: none !important;
}

Comment 3

[marinar]

The above settings in userchrome.css do not work in Thunderbird 60.2.3

It worked for 52.x.

Please advise.

Comment 6

[Magnus Melin [:mkmelin]]

If there's a concern of misuse, it's easy enough for the corporate server to disallow sending from an address one should not.
Hiding this in Thunderbird won't make any difference for someone wanting to spoof, as there are many ways to do it, like adding a custom identity, using other software etc...