As mentioned a few times, I have (had) two students working on a Thunderbird extension to support confidentiality and help avoid involuntary leaks of critical information by e-mail. Yesterday, these students officially turned this project in, which gave me and my colleagues the opportunity of reviewing the code and documentation.

So, what works ?

• The Thunderbird extension can detect that you’re trying to send e-mail to someone with a lower level of accreditation — although, for the moment, it gets confused easily. For this purpose, it may use either SELinux or a text database of recipients.
• The Thunderbird extension can warn you that you need to sanitize and decrease confidentiality of the information and can mark the outgoing e-mail as sanitized for a given level — the UI needs a bit polish, but that works.
• The Sendmail extension can detect that you’re trying to send e-mail to someone with a lower level of accreditation — although, for the moment, it gets confused just as easily and is subject to a number of security holes.
• The Sendmail extension can reject unsanitized e-mail going to unaccredited targets — logging needs a bit of polish, but that works.
• That’s it.

All in all, that’s about 150 lines of code in JavaScript, XUL, C and C++. Not quite ready for prime-time but a good 0.1 release. I expect either the students or I will upload it somewhere for public release in the near future.