The Suspicious Email Submitter is an extension for common web browsers and email clients that enables the user to easily submit a suspicious email with all the information necessary to a pre-configured destination for further analysis, such as a MISP instance or email address.
This project is hosted by the Computer Incident Response Center for Civil Society (CiviCERT), representing the needs of the at-risk communities Rapid Response Network member organizations serve. The extension will be built to be easily configurable for use by other organizations and communities both within and beyond these communities.
The Suspicious Email Submitter requires configuration or a configuration file in order to function. This can be as basic as a destination email address (entered as mailto:email@address.com
) in the Server URL of the configuration file.
In the global menubar there will be an entry, “SES”, with two child items: “Edit configuration” which allows you to view and edit the current configuration, and “About Suspicious Email Submitter”, which will take you to SES’s home on the web.
Both the 3-pane view toolbar and the single-message-view toolbar have a button added labeled “Report via Suspicious Email Submitter”. Once SES is configured, this button will send the email off to whatever MISP upstream has been set up.
In the mail context menu there’s a “Report via Suspicious Email Submitter” entry.
You will need Python 3.5 or later to build from source.
- Download the latest source and uncompress it to a directory of your choice
- Open a terminal window and change to that directory
- Run
python3 ./make-xpi.py
, which will placeses-tb.xpi
in your home directory - Start Thunderbird
- Install the
.xpi
file found in your home directory - Restart Thunderbird
- In
Preferences->Toolbar Layout
(View->Toolbars->Customize
on macOS), click and drag the “Report via Suspicious Email Submitter” button where you like in your Thunderbird toolbar
The Suspicious Email Submitter is licensed under GPLv3.