A powerful Thunderbird extension that reveals the real destination of obfuscated email security links and shortened URLs with privacy-preserving resolution options.
Supports 17+ email security services including Microsoft, Proofpoint, Mimecast, Barracuda, Cisco, and more.
Detects and resolves shortened URLs (bit.ly, tinyurl.com, t.co, etc.) with clear privacy warnings.
- 🚀 Direct Resolution (fast, <1s) - Available now
- 🧅 Tor Resolution (private, in development) - Anonymous via embedded Tor
Warning button automatically appears in the message toolbar when opening emails containing obfuscated links, showing the exact count of protected URLs detected.
Right-click any protected or shortened link → Select "Deobfuscate Link" → See the real destination or choose resolution method.
- Clean, modern interface that respects your system theme (light/dark mode)
- Shows both original and decoded URLs side-by-side
- One-click copy buttons for easy URL sharing
- Clear privacy warnings before any network requests
- All protection service processing happens locally in Thunderbird
- No automatic URL resolution - always requires user consent
- Clear privacy warnings explain what information is exposed
- No external servers or tracking for protection services
- Original emails remain completely unchanged
Decoded URLs open in Firefox (or your default browser), not within Thunderbird.
|
Enterprise Solutions
|
Additional Services
|
Popular Services
- ✅ bit.ly / bitly.com
- ✅ TinyURL (tinyurl.com)
- ✅ Twitter (t.co)
- ✅ Google (goo.gl)
- ✅ Ow.ly
- ✅ is.gd
- ✅ Buff.ly
Social Media & Enterprise
- ✅ LinkedIn (lnkd.in)
- ✅ YouTube (youtu.be)
- ✅ Facebook (fb.me)
- ✅ Amazon (amzn.to)
- ✅ eBay (ebay.us)
- ✅ Rebrandly (rebrand.ly)
Privacy-Focused Services
- ✅ URLVanish (urlvanish.com)
Additional Shorteners
- ✅ adf.ly, bc.vc, clck.ru, db.tt, ity.im, q.gs, qr.ae, qr.net, smarturl.it, su.pr, trib.al, u.to, v.gd, x.co, zip.net, zpr.io, and more!
- Download
deobfuscator.xpifrom Releases - Open Thunderbird
- Go to Add-ons and Themes (≡ menu → Add-ons and Themes)
- Click the gear icon ⚙️ → Install Add-on From File…
- Select the downloaded
deobfuscator.xpifile
- Clone this repository
- Open Thunderbird → Add-ons and Themes
- Click gear icon ⚙️ → Debug Add-ons
- Click Load Temporary Add-on…
- Navigate to the
src/folder and selectmanifest.json
- Open an email with a protected link
- Look for the warning — A warning button automatically appears in the message toolbar showing:
⚠️ Warning: 3 Obfuscated Links ⚠️ - Right-click on any obfuscated URL
- Select "Deobfuscate Link" from the context menu
- Review the popup showing:
- 📄 Original link: The wrapped/protected URL
- ✅ Clean URL: The real destination
- Choose an action:
- 🟢 Open Clean Link — Opens the decoded URL (recommended)
- 🔴 Open Original Link — Opens the wrapped URL (if needed)
- ⚪ Cancel — Close without action
- 📋 Copy — One-click copy either URL to clipboard
Example:
Before: https://nam12.safelinks.protection.outlook.com/?url=https%3A%2F%2Fexample.com
After: https://example.com
-
Open an email with a shortened link (bit.ly, tinyurl.com, etc.)
-
Right-click on the shortened URL
-
Select "Deobfuscate Link" from the context menu
-
Review the warning — Extension detects shortener and shows:
⚠️ URL Shortener Detected Service: bit.ly (URL shortener) ⚠️ Destination Unknown -
Choose resolution method:
🚀 Direct Resolution (Fast)
- Exposes to shortener: Your IP address, timestamp, that you checked this link
- Speed: Usually <1 second
- Click: "Resolve Directly"
🧅 Tor Resolution (Private) — In development
- Will hide your real IP (uses Tor exit node)
- Anonymous resolution via embedded Tor
- Expected speed: 3-10 seconds
- Status: Not yet available
-
After resolution, see the final destination:
- 📄 Shortened link: bit.ly/abc123
- ✅ Final destination: https://example.com/real/page
-
Choose an action:
- 🟢 Open Destination — Opens the resolved URL (recommended)
- 🔴 Open Shortened Link — Opens the shortener URL
- ⚪ Cancel — Close without action
Example:
Before: https://bit.ly/3xY2zQ
Privacy Warning → User Confirms → Resolution
After: https://example.com/real/destination/page
Email Security Links:
- ✅ 100% local processing
- ✅ No network requests
- ✅ Instant results
URL Shorteners:
- ✅ Detection happens locally (no network)
⚠️ Resolution requires network request- ✅ Always asks permission first
- ✅ Clear warnings about privacy trade-offs
- ✅ User chooses between speed and privacy
- 🚫 Never resolves automatically
A build script is included for your convenience:
./build.shThis creates deobfuscator.xpi from the src/ directory with all necessary files.
Manual build:
cd src
zip -r ../deobfuscator.xpi *deobfuscator/
├── src/
│ ├── background.js # Core deobfuscation logic, shortener detection & resolution
│ ├── popup.html # Popup UI with multiple views (protection/shortener/resolved)
│ ├── popup.js # Popup behavior, resolution flow & clipboard functionality
│ └── manifest.json # Extension manifest (v2)
├── build.sh # Build script
├── deobfuscator.xpi # Packaged extension
└── README.md # This file
The extension uses a multi-tier detection and resolution system:
- Message Monitoring: Listens for
messageDisplay.onMessageDisplayedevents - Content Scanning: Fetches and scans message body for obfuscated link patterns
- Visual Warning: Displays warning button in message toolbar with link count
- Real-time Updates: Warning appears/disappears as you switch messages
- Shortener Detection: Identifies 25+ URL shortener services by domain pattern
- Right-Click: User right-clicks any link in the message
- Analysis: Background script identifies the protection service or shortener
- Instant Decoding: Extracts real URL using service-specific logic (local only)
- Display: Shows both URLs in themed popup window
- Action: Opens selected URL in default browser
- Detection: Identifies shortened URL (bit.ly, tinyurl, etc.)
- Privacy Warning: Shows clear warning about what data will be exposed
- User Consent: User explicitly chooses resolution method
- Direct Resolution:
- First tries HTTP HEAD request (minimal data transfer)
- Falls back to GET only if needed
- Follows redirects automatically
- Parses HTML for meta refresh/JavaScript redirects as last resort
- Tor Resolution (in development): Will use embedded Tor (anonymous, slower)
- Display: Shows original and resolved URLs
- Action: User decides which URL to open
This approach works around Thunderbird's security restrictions on owl:// and imap:// protocols.
Email Security Services:
- Microsoft Safe Links: Extracts
urlparameter - Proofpoint v2: Custom character substitution decode
- Proofpoint v3: Path-based extraction
- Generic Services: Tries common parameter names (
url,u,dest,target, etc.)
URL Shorteners:
- Detection: Domain pattern matching (local, no network)
- Direct Resolution:
- Tries HTTP HEAD request first (minimal data transfer, privacy-friendly)
- Falls back to GET only if HEAD doesn't work
- Follows HTTP redirects automatically
- Parses HTML for meta refresh and JavaScript redirects as last resort
- Tor Resolution (in development): Arti (Tor in WebAssembly) for anonymous resolution
Email Security Links:
- ✅ All processing is local
- ✅ No network requests
- ✅ No data collection
- ✅ Instant results
URL Shorteners:
- ✅ Detection is local (no network)
⚠️ Resolution requires network request (exposes your IP)- ✅ Always requires explicit user consent
- ✅ Clear privacy warnings before any request
- ✅ Uses HTTP HEAD first (minimal data transfer)
- ✅ Falls back to GET only when necessary
- ✅ Follows HTTP redirects automatically
- ✅ Parses HTML for meta refresh and JavaScript redirects (last resort)
- ✅ No resolution history or caching
- 🔧 In development: Embedded Tor for anonymous resolution
General:
- ✅ Minimal permissions required
- ✅ No external servers or tracking
- ✅ Open source and auditable
Clean, modern interface showing original and decoded URLs with action buttons.
Automatically adapts to your system theme for comfortable viewing.
No configuration needed! The extension works out of the box with sensible defaults.
Contributions are welcome!
- Edit
src/background.js - Add hostname detection in
deobfuscateUrl() - Add service name in
identifyService() - Test with sample URLs
- Submit a pull request
- Edit
src/background.js - Add domain to
SHORTENER_DOMAINSarray - Test detection and resolution
- Submit a pull request
- ✨ Initial release
- 🛡️ Support for 17+ email security services
- 🔗 URL shortener detection (26+ services including URLVanish)
- 🚀 Direct shortener resolution with privacy warnings
- 🔒 Privacy-friendly HTTP HEAD requests (minimal data transfer)
⚠️ Automatic detection with warning indicator in message toolbar- 🎨 Theme-aware popup interface with multiple views
- 📋 Copy-to-clipboard functionality
- 🌐 Opens URLs in default browser
- 🔐 Privacy-first design with explicit user consent
- 🧅 Embedded Tor support for anonymous shortener resolution (via Arti WebAssembly)
- ⚙️ User preferences and settings page
- 🔄 Redirect chain detection for nested shorteners
- 📊 Bulk shortener resolution for multiple links in one email
- 🎯 Improved resolution success rate
This project is licensed under the MIT License - see the LICENSE file for details.
- Built for Thunderbird 102+
- Designed with privacy and security in mind
- Community-driven development
- 🐛 Found a bug? Open an issue
- 💡 Have a suggestion? Start a discussion
- 📧 Need help? Check the Wiki
Made with ❤️ for the Thunderbird community