Desktop email clients, such as Thunderbird and Claws Mail, are preferred over their web counterparts by many professionals and power users due to their additional convenience and security. However, one big downside is that they often expose the sender's IP address to the receivers, since many SMTP servers record the sender's IP address and put it in the header, something similar to Received: from [xxx.xxx.xxx.xxx] (my.example.com. [xxx.xxx.xxx.xxx]) . This, unfortunately, puts the sender's privacy in great jeopardy, as an IP address can reveal so much information including location, ISP, and institution names.

To address this issue, one simple solution is to let the email client connect via a proxy. While a system-widely available proxy works for many users, some of us just want our email clients, but not other programs, to go through a specific proxy. In this post, I'll demonstrate how to use an email client automatically via SSH tunneling. The instructions are specifically tailored for GNU/Linux and MacOS users, as it involves some uses of UNIX commands and bash scripts; if you are on Windows, you can still follow the instructions with the help of Cygwin.

Before we start, I'll assume that you have

bash 4+ installed. (For MacOS users, look into here.)

an SSH server, referred to as ssh.example.com , with public key authentication set up. If you don't have one, you can easily get one by purchasing a VPS on DigitalOcean, Linode, or interserver.net.

Configure Proxy Settings in the Email Client

First, you need to configure your email client to use a SOCKS proxy. For example, in Thunderbird, it is in Menu → Preferences → Advanced → Netowrk & Disk Space → [Connection] Settings..., and fill in something similar to the follows:

You are free to change the port number to a different number. In the rest of the post, I'll assume 22222 is the port used.

Symbiotize the Email Client and an SSH Tunnel

Save the following lines to a script e.g., email.sh , and give it executable permission (Replace thunderbird with the command to your favorite email client):

#!/bin/bash # https://www.topbug.net/blog/2018/11/17/automatically-conceal-senders-ip-address-in-email-clients-via-ssh-tunneling/ ssh -S none -C -N -D localhost:22222 ssh.example.com & thunderbird & wait -n pkill -P $$

For the impatient, in the future, simply run this script to start your email client, and the proxy will be automatically set up and you are all set!

Here's an explanation for the curious: