This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Thunderbird accessing many sites by IP address

more options

Hi,

Thunderbird tries to access many websites, even when it is in the background and apparently idle. In the last two or three weeks, it has tried to access about sixty websites that Little Snitch (Macintosh) reports by IP address, not domain name. Without knowing the domain name, I cannot tell what Thunderbird is trying to do, so I do not allow it to access those sites.

I know that Firefox does this also and that Thunderbird is built on Firefox.

In the Mullvad browser, built on Tor's browser, which is, in turn, built on Firefox, this problem is resolved by setting an option to use the user's default DNS resolver. I cannot find such an option in Thunderbird. Might there be one in a configuration setting? Or some other way to deal with this matter?

Thanks for any help.

Rick

Hi, Thunderbird tries to access many websites, even when it is in the background and apparently idle. In the last two or three weeks, it has tried to access about sixty websites that Little Snitch (Macintosh) reports by IP address, not domain name. Without knowing the domain name, I cannot tell what Thunderbird is trying to do, so I do not allow it to access those sites. I know that Firefox does this also and that Thunderbird is built on Firefox. In the Mullvad browser, built on Tor's browser, which is, in turn, built on Firefox, this problem is resolved by setting an option to use the user's default DNS resolver. I cannot find such an option in Thunderbird. Might there be one in a configuration setting? Or some other way to deal with this matter? Thanks for any help. Rick

All Replies (5)

more options

You can probably set a custom DNS in Settings/Network & Disk Space, Connection, but I would first check the domains for the IP addresses with any of a number of online services. The domains are probably the sources of remote images in html messages.

Helpful?

more options

Thanks, sfhowes.

All the IP addresses that I checked are at big tech data centers. They would not be for remote images because I don't allow remote images in Thunderbird. I don't know why Thunderbird tries to access 27 Microsoft servers that are not needed for e-mail functions. Maybe for links in Exchange messages?

I changed a config editor setting, network.connectivity-service.DNS_HTTPS.domain, to remove cloudflare-dns.com. I am optimistic about this change because I think it will cause DNS calls to be resolved by my usual service instead of Cloudflare. Then I should be able to see the domains that Thunderbird is trying to access by name instead of by IP address.

I don't see an obvious way to change the DNS resolver in Settings - Network & Disk Space, but I don't understand all the options there. Maybe not using any proxy would have the effect that I want?

Rick

Helpful?

more options

re we discussing the limitations of apple software. The tool replorts IP addresses. It needs an upgrade.

Personally I use windows and the ping command as that resolves the IP address on screen. No major looking up required.

Personally I would change to DNS over HTTPs in settings. It is more secure. The only down side is traffic into the USA where all internet traffic (originating outside the USA?) is intercepted, analysed and saved. But you do not have to use cloudflare. It is just convenient. BUt using the default DNS which is not encrypted is a huge security hole. One you can only close by hosting your own on site DNS. That is often complex, slow and prone top being out of date.

As the the DNS requests are now encrypted between your device and the responding DNS server when using DNS over HTTPS . DNS is no longer a convenient plain text way to snoop your browsing history. It sounds to me like you are trying to improve your security by resuming unencrypted DNS lookups as that is the standard and default DNS for every operating system I have even had.

What I do know is If I wanted to protect my privacy I would not be using email hosted anywhere but Germany. Everyone else thinks the government has the right to read your email and keeps passing legislation to give their enforcement greater and greater powers to just look at whenever they want and force the companies that are doing the hosting to provide the data to them in an unencrypted format. German privacy rules largely prevent that privacy creep that is occurring in all the jurisdictions I follow. The five eyes

The number of URLS at microsft could well be linked to the required usage of oAuth. It is loaded to the gills with redirects in Microsoft's "modern authentication" implementation. The only one that could explain that would probably be Microsoft

There is a lot of talk about China and what their government requires companies to do at the request of government agencies, personally I do not see them all that much different to my own country which is rated as the "most free" in the world in this matter.

Helpful?

more options

Thanks for your thoughts, Matt.

My software reports domain names, not IP addresses, almost all the time. Thunderbird/Firefox create many exceptions, so I am seeking a solution there.

I have good privacy protection in my DNS look-ups already. I do not need it in Thunderbird.

The connections to Microsoft's data servers are not for authorization.

Anything else would be off topic, so I will end here.

Rick

Helpful?

more options

In case this information helps someone else:

The IP addresses at Microsoft seem to be related to calendar services.

Changing the config editor setting, network.connectivity-service.DNS_HTTPS.domain, to remove cloudflare-dns.com did not stop IP addresses from being reported through Little Snitch.

Whether or not turning off Cloudflare DNS is a good thing is another topic.

Helpful?

Sual ver

You must log in to your account to reply to posts. Please start a new question, if you do not have an account yet.