Researchers have developed code exploiting several vulnerabilities in PGP (including GPG) for email. In response, EFF’s current recommendation is to disable PGP integration in email clients.

Disabling PGP decryption in Thunderbird only requires disabling the Enigmail add-on. Your existing keys will remain available on your machine.

  1. First click on the Thunderbird hamburger menu (the three horizontal lines).

2. Select “Add-Ons” from the right side of the menu that appears.

3. Select "Extensions" (the puzzle piece icon) on the left if it isn't selected already. Click “Disable” in the “Enigmail” row.

Your Thunderbird instance will now be disconnected from PGP.

Once the Enigmail plugin is disabled, your emails will not be automatically decrypted in Thunderbird.

You can download this email as a file. Then, you can decrypt the message on the command line, described for each major operating system here: