Enable Enigmail by default if a GnuPG secret key is detected
It was reported that a user accidentally sent sensitive content via email in cleartext because they somehow lost their persistent Thunderbird settings, and when they added their email account to Thunderbird again, they forgot to enable Enigmail in the preferences, and sent a sensitive email in cleartext.
I think issues like this could be easily prevented by enabling Enigmail in Thunderbird by default (that is Account Settings -> OpenPGP Security -> Enable OpenPGP support (Enigmail) for this identity). In effect, when writing an email for which no secret gpg key was found, it will display the red warning “This message will be unsigned and unencrypted”.
This could be achieved by simply creating
/etc/skel/.thunderbird/profile.default/prefs.js with this content: