If you want to send and receive GnuPG-encrypted emails in Thunderbird, there is no way around the Enigmail encryption plugin. We have recently become aware of a potential problem in Enigmail, whereby the user's IP address is revealed to the recipient of an email. It affects Enigmail 2.0 and later.
As soon as you compose a new email and enter a valid email address in the To: field, Enigmail automatically sends an unsolicited HTTPS request to the recipient's email domain to check whether the public PGP key is available. The same happens if you click on "reply" in an existing mail - so you effectively send a notice of receipt, because the composed email or reply does not need to be sent. The HTTP request happens as soon as a valid address is found in the sender field.
The called URL is formed according to a standardized IETF draft scheme [1]. For example, for the email address john.doe@example.com, the URL would look like this:
https://www.example.com/.well-known/openpgpkey/hu/<HASH>For the Enigmail developer this is not a problem, but a desired feature: GnuPG has introduced in version 2.1.16 "Web Key service for Enigmail" [2], [3], which provides this feature.
However, the Enigmail developer points out the possibility to disable this behavior. Go to the Thunderbird settings and navigate via "Advanced" to "Config Editor" and search for "extensions.enigmail.autoWkdLookup". There set the value to 0.
However, the problem with the notice of receipt remains. If you do not want unsolicited packets to be sent to the recipient domain, you should apply the workaround mentioned above.
[1] https://datatracker.ietf.org/doc/draft-koch-openpgp-webkey-service/ [2] https://gnupg.org/blog/20170803-web-key-in-enigmail.html [3] https://sourceforge.net/p/enigmail/bugs/889/