fidzu : thunderbird

Earlier this month, we officially stood up Mozilla.org: a new 501(c)(3) nonprofit created to steward the long term success of the Mozilla Project.

Over the last year or so, I've said a lot about how AI is reshaping the web - and how we need to simultaneously stand up for the open internet Mozilla helped build and shape what the internet is becoming in the AI era. This is a huge and urgent challenge.

Mozilla has evolved and grown a great deal in order to step up to this challenge.

We are still a high impact philanthropic foundation and a browser company focused on user choice. But we are also: an email company built around privacy; an open source AI startup focused on developers; a place for people to create and share data on their own terms; and an investor in responsible tech startups.

These are all pieces of Mozilla today, and are all important levers as we try to shape where the internet is headed for the better.

We have created Mozilla.org to pull all of the different pieces of Mozilla together. It will act like a strategic endowment - allocating funding, managing our brands and shaping long term strategy - to ensure every part of Mozilla is well set up to advance the vision outlined in the Mozilla Manifesto. And, if we're successful, it will help all of the pieces of Mozilla add up to more than the sum of their parts.

This is an important milestone for Mozilla. The challenge of fusing the values of the Mozilla Manifesto into this next era of the internet is huge. This updated structure will make it easier to nimbly direct our resources and orchestrate our actions to step up to this challenge.

At the same time, what we love about Mozilla stays the same. All of Mozilla's organizations remain under the umbrella of the 501(c)(3) Mozilla Foundation, with the new non-profit operating the Mozilla portfolio of organizations on its behalf. Our mission - and our commitment to nonprofit ownership at the top - remain steadfast.

For more information on the new Mozilla.org non profit including an FAQ, see wiki.mozilla.org/mozilla_org

The post The web is evolving. So are we. appeared first on The Mozilla Blog.

23 Jun 2026 5:59pm GMT

Over the past several weeks, we have been welcoming early users from our waitlist into Thundermail, a few waves at a time. Many of you are now setting up your accounts, trying things out, and sharing your thoughts with us.

Naming updates

You may have noticed that we are now saying Thundermail more often, and Thunderbird Pro less.

Thunderbird Pro started as the name for our subscription services, including Thundermail, Appointment, and Send. But early feedback made two things clear: people cared most about Thundermail, and "Pro" created confusion about whether Thunderbird itself was becoming a paid or limited product.

So, to clarify things, Thunderbird Pro is now simply Thundermail: the email service from Thunderbird, with features like Appointment and Send included.

The Thunderbird Desktop and Mobile apps remain exactly what they are today: powerful, compatible with any email service, and free.

What we learned so far

Every day, members of our team are reading through your survey responses, your messages in the Thundermail Early Bird community chat, your support requests, and every new idea and vote on the board. We discuss what we are hearing, and we sort it into what we can address right away and what we want to plan for. Then we keep working in the open, where you can see what we are up to and tell us when something is not quite right.

Here are some of the things we've learned so far:

• Custom domains matter a lot. Many called this out directly, along with support for unlimited custom domain aliases. Several responses said these features stood out compared to other email providers.
• Multi-factor Authentication saw a lot of requests on the ideas board, and we listened. This is now in progress and will be available soon.
• Users appreciate that Thundermail is open and works with any email app. It has always been our intention to stick to open standards so Thundermail stays easy and open to use with Thunderbird or any other app.
• A bit of surprise that calendar and contacts are included. Apparently we should probably talk about that more.
• DNSSEC and DANE support picked up a lot of votes and is now on the roadmap.
• Requests for more pricing tiers and plans were frequently mentioned, which we will be adding once Thundermail is out of beta and open to the general public.
  • https://ideas.tb.pro/p/additional-pricing-tiers
  • https://ideas.tb.pro/p/a-la-carte-pricing

However, there was one request which came through louder than any other…

Webmail

Webmail was, by a wide margin, the most requested idea from our community, and whereas we had it in the plans for down the road, many people expected this to be a feature available from day one.

We moved webmail to the top of the list, shifted resources into the work behind it and we are excited to share that an early alpha version of it is coming next month. As with most early releases, it will have some rough edges, but will also allow for a much more interactive user experience for our beta testers. Everyone will have a vote in how it's shaped for the future.

A look at what is coming next

• Webmail! Arriving soon.
• Two factor authentication is now in progress.
• More reliable email, as we keep fine tuning things behind the scenes, training global mail servers and spam filters.
• Onboarding improvements for a smoother first time sign-up flow.

Send and Appointment

Our scheduling and secure file sharing tools are still here, and they are still part of your subscription. Our main focus right now is Thundermail and webmail, but we are continuing to care for both with steady improvements along the way.

• Send: Improved Thundermail integration, providing end-to-end encrypted file attachments without the need for a separate add-on. Users on our Daily version can already test this feature today.
• Appointment: Streamlined the sign up flow, added an easy one click connection with the Thundermail calendar, and refreshed the calendar view design.

We're looking for more ideas

If you are an Early Bird, we would love for you to visit our ideas board to share your suggestions and vote on the ones you would most like to see. We really do read every single one.

And if you have not been invited yet, you can join the waitlist. More waves are going out soon, and we are looking forward to welcoming you onboard.

Thank you for helping us build Thundermail.

The post Thundermail June 2026 update: what we learned after the first few waves of invites appeared first on The Thunderbird Blog.

23 Jun 2026 5:24pm GMT

If you've been running into endless CAPTCHAS or website login requests lately, you're not imagining things.

Websites, facing a rising tide of abusive traffic from bots, are adopting increasingly aggressive countermeasures, damaging user's experience of the web, their privacy and open access to the web.

In this post, we'll talk about a new initiative we're launching with Cloudflare, other web browsers, and web stakeholders to address this challenge while keeping the web anonymous by default.

Privacy and access in tension

The fight for privacy on the web has made real progress. Browsers that put privacy first are eliminating third-party cookies, restricting fingerprinting, and hiding IP addresses, pushing back against the trackers.

But every step forward has come with a cost.

Users are seeing more CAPTCHAs, more demands to log in, and more outright block pages than ever before. Building privacy into the browser means dismantling the passive signals, like IP addresses and browser fingerprints that are used to profile users, but are also relied on by anti-abuse systems.

At the same time, sites are facing large increases in bot traffic. The response from websites is understandable; volumetric abuse like credential stuffing and spam can do real damage. But the result is a lose-lose: users face mounting friction and reduced privacy, while sites drive away the legitimate visitors they wanted to serve.

If nothing changes, users will increasingly be forced to choose between their privacy and their access to the web.

Proposals have been made to tackle this dilemma, by asking users to prove to sites that their devices and software are 'trusted'. These proposals, such as Web Environment Integrity (WEI), transfer control of devices away from users and to a small handful of operating system and hardware vendors. This deprives users of choice and control and gives those gatekeepers control over which devices and software can access the web, the opposite of the open web, which Mozilla is working to protect.

Finding a better way forward

We think there's a better way forward. It starts from a simple observation: bots cause harm because they operate at scale. To stop that kind of abuse, a site doesn't need to know who you are, or that your device is restricted to running approved software. It only needs to know whether you're staying within a reasonable rate limit.

To make a rate limit work, it must be hard for attackers to create new identities and reset their allowance. That's one reason why sites demand an email address, a federated login or a device fingerprint: obtaining a new one is just costly enough to make the rate limit stick. The challenge is whether we can make rate limits work, without giving sites access to hard-to-change identifiers that also enable tracking.

Some sites naturally have a relationship with their users, like a subscription or a long-standing account. What if one of those existing relationships could quietly vouch for you elsewhere, so a site you've never visited could trust that you're a real person within its limits, without learning who you are or even where the vouch came from?

For example, consider a VPN service. Many websites block VPN traffic entirely due to the high rates of abusive traffic blended with legitimate traffic. What if a VPN service could vouch for each of its subscribers? This would let sites manage a per-subscriber rate limit, meaning users get fewer roadblocks and sites get more of the legitimate traffic they want. Of course, this requires that the vouching system doesn't enable sites to track VPN users, which would otherwise defeat the very purpose of using the VPN.

Enabling this kind of privacy-preserving vouching is already possible in a limited sense. Apple's Private Access Tokens, built on a cryptographic protocol called Privacy Pass, let Apple devices receive single use tokens they can later present to websites without those visits being linked together.

However, Private Access Tokens have some critical shortcomings. First, like WEI, they rely on device attestation, the very hardware gatekeeping we are determined to avoid. Second, there's no easy way to open up the system to let more parties vouch for users without compromising on user privacy, which means concentrating control in the hands of a few. To keep the web open, we need a system where any site can vouch for users, and where other sites can decide who they trust to vouch for users responsibly.

This is a much harder problem, but we think the cryptographic foundations exist to deliver it. Anonymous credentials let one party issue you a credential that you can later present to a site a limited number of times, whilst preventing sites and issuers from tracking its use. It's even possible to hide which party issued it, proving only that it came from a set of trusted issuers.

A fix is both essential and possible

Building this into a system for the open web, where any site could vouch and any site could set its own limits is challenging, but we believe it's both possible and essential in order to defuse the tension between privacy and access, while avoiding centralising control in a small number of gatekeepers.

Working with other web stakeholders, including Cloudflare and other browsers, we've started designing such a system. For a deeper dive, read our post on Hacks, which goes into more detail about the problem space and the approach we're working on.

Our goal is simple: fewer CAPTCHAs, fewer unnecessary blocks and fewer demands to identify yourself, without compromising on privacy. This is the kind of web that Mozilla built Firefox to offer: easy to use, private and open to all.

The post Keeping the Web Open and Private in the Bot Era appeared first on The Mozilla Blog.

23 Jun 2026 3:56pm GMT