Phishing Detection Support to Thunderbird checked in

The following was just checked into the trunk of Mozilla Thunderbird:
Get a phishing detector going for Thunderbird. I'm sure it can be improved quite a bit but this starts to catch some of the more obvious scams.

More info in the bug report:
When the user clicks on a URL that we think is a phishing URL, he now gets prompted before we open it. Handles two cases so far. Hopefully we can add more as we figure out how. The host name of the actual URL is an IP address. The link text is a URL whose host name does not match the host name of the actual URL.. I added support for a silentMode so later on we can hopefully walk an existing message DOM and call into this routine on each link element in the DOM. This would allow us to insert an email scam warning bar in the message window down the road.

See screenshot
View bug report

January 21, 2005 09:04 AM | Posted in Mozilla

Related entries


Back Next


Good job. But most people don't know what a "URL" is. I suggest using a different term, while retaining "URL" in parentheses to be specific for technical users.

Comment by me at January 21, 2005 12:16 PM | Permalink

I have to agree with the other poster that while the detection is great the sort of users it's trying to protect won't understand this message and will just click anyway.

What would be great is a "Thunderbird thinks this is junk" style message at the top as you read it indicating "Thunderbird believes this message has suspicious hyperlinks that could be an attempt to steal your personal information."

Or something...


Site icon Comment by Damien Guard at January 21, 2005 12:57 PM | Permalink

Maybe combine both idea. Using a dialog like this:

Thunderbird thinks this is a phishing site.

                                           More >>

Clicking "more" will then show the detail information.

Site icon Comment by minghong at January 21, 2005 02:35 PM | Permalink

It's important to avoid the word "phishing" as most people probably don't know what it is. I think the message should say something like "This e-mail appears to be fradulent. Click on links with care" or something, with a link to a description of what a phishing email is.

Basically, my point is that in order to explain it, you should definately use laymen's terms so that it is easily understood.

Site icon Comment by Michael Romero at January 24, 2005 08:17 AM | Permalink

I agree with what most people are saying here, I think that instead of "URL" you should place "Address" that is more popular name.

I also think that it could probably contain the word fraud, or something like this, and that should be very visible, to make it catch the atention of the reader. Probably instead of yes and no, that are easily recognized something other could help deincentivate the "blind click" of a button. Probably something in the line of two links "I think this is fraud" and "I trust this site".

What do you think?

Comment by Victor Bogado at January 24, 2005 11:53 AM | Permalink

I even made it to ZDNet:,39020375,39185311,00.htm

Site icon Comment by Henrik Gemal [TypeKey Profile Page] at January 24, 2005 08:55 PM | Permalink

And you also made it to Webwereld, a wellknown Dutch internet magazine. Thunderbird should build up a name as the most secure e-mail program around, whatever the solution for the Phishing problem will be. Only then it has a chance of taking noticable market share from Outlook (Express)

Site icon Comment by Supergugler at January 25, 2005 01:58 PM | Permalink

I've somewhat recently written a Thunderbird extension that looks for phishing in a different way -- using SPF and DomainKeys on the From: address. See:

Comment by Joshua Tauberer at January 25, 2005 05:08 PM | Permalink

phishing detection needs options to allow you to tell it to ignore certain emails/addresses. email from my support droids gets tagged everytime.

Comment by bloodnok [TypeKey Profile Page] at March 21, 2006 04:33 PM | Permalink

Post a comment

Remember Me?

Please enter the security code you see here

You're here: Home - Phishing Detection Support to Thunderbird checked in
Get the Mozilla Firefox browser