Gemal's Psyched Blog - Comments on Phishing Detection Support to Thunderbird checked in

By me

Fri, 21 Jan 2005 12:16:31 +0100

Good job. But most people don't know what a "URL" is. I suggest using a different term, while retaining "URL" in parentheses to be specific for technical users.

By Damien Guard

Fri, 21 Jan 2005 12:57:36 +0100

I have to agree with the other poster that while the detection is great the sort of users it's trying to protect won't understand this message and will just click anyway.

What would be great is a "Thunderbird thinks this is junk" style message at the top as you read it indicating "Thunderbird believes this message has suspicious hyperlinks that could be an attempt to steal your personal information."

Or something...

[)

By minghong

Fri, 21 Jan 2005 14:35:31 +0100

Maybe combine both idea. Using a dialog like this:

Thunderbird thinks this is a phishing site.

More >>

Clicking "more" will then show the detail information.

By Michael Romero

Mon, 24 Jan 2005 08:17:33 +0100

It's important to avoid the word "phishing" as most people probably don't know what it is. I think the message should say something like "This e-mail appears to be fradulent. Click on links with care" or something, with a link to a description of what a phishing email is.Basically, my point is that in order to explain it, you should definately use laymen's terms so that it is easily understood.

By Victor Bogado

Mon, 24 Jan 2005 11:53:59 +0100

I agree with what most people are saying here, I think that instead of "URL" you should place "Address" that is more popular name. I also think that it could probably contain the word fraud, or something like this, and that should be very visible, to make it catch the atention of the reader. Probably instead of yes and no, that are easily recognized something other could help deincentivate the "blind click" of a button. Probably something in the line of two links "I think this is fraud" and "I trust this site". What do you think?

By Henrik Gemal

Mon, 24 Jan 2005 20:55:05 +0100

I even made it to ZDNet:
http://news.zdnet.co.uk/internet/security/0,39020375,39185311,00.htm

By Supergugler

Tue, 25 Jan 2005 13:58:51 +0100

And you also made it to Webwereld, a wellknown Dutch internet magazine. Thunderbird should build up a name as the most secure e-mail program around, whatever the solution for the Phishing problem will be. Only then it has a chance of taking noticable market share from Outlook (Express)

By Joshua Tauberer

Tue, 25 Jan 2005 17:08:40 +0100

I've somewhat recently written a Thunderbird extension that looks for phishing in a different way -- using SPF and DomainKeys on the From: address. See: http://taubz.for.net/code/spf

By bloodnok

Tue, 21 Mar 2006 16:33:31 +0100

phishing detection needs options to allow you to tell it to ignore certain emails/addresses. email from my support droids gets tagged everytime.