Open Bug 212999 Opened 21 years ago Updated 2 years ago

submitting a form from an email should give a warning

Categories

(Core :: DOM: Core & HTML, enhancement)

Product:
Core
Component:
DOM: Core & HTML
Type:
enhancement

Tracking

()

People

(Reporter: advax, Unassigned)

References

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2.1) Gecko/20030225

I was trying to think of a way to alert on the PayPal fraud - an HTML mail
with paypal.com images includes a form for users to submit private information to
http://www.paypal.com.0000000...11100011@noapache.nomorebullshitsite.com
With standard settings there is only the warning about sending unencrypted data
that most users turn off.
While experimenting with settings I noticed that if a secure form sends data to
a totally different secure server there is no warning. But I guess this isn't
really a big problem and some legitimate businesses direct users around a series
of secure servers for load balancing.

Maybe there should be a warning when submitting a form from a mail message, such
as "this data will be sent to nomorebullshite.com; OK ?"

Reproducible: Always

Steps to Reproduce:
1.
2.
3.
There's really no difference between sending from a form in a mail, or in a
webpage. The problem with that PayPal scam (I got them too), is that you're
sending to a different host then you're thinking. Dupe of bug 122445 by way of
bug 212296.

*** This bug has been marked as a duplicate of 122445 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
The problem with the paypal scam is that you're typing your paypal password into
a form that is part of a page (in this case, an e-mail) that you cannot trust. 
This is not a dup of bug 122445. This is just invalid.
As Jesse says, although I refer to the PayPal scam, this is not
"warn user of scammy URLs", this is "warn user about what domain
they are sending data to" for an email message.
If a user is prompted to reply to an email, their client shows
the full email address and domain in a wide box, so they can 
decide if it looks legitimate.
If they visit a website, then they see the padlock icon, if SSL,
and they see the URL in the location bar and have an opportunity to
check the domain (var bug 122445). For an email message,
there is no equivalent. There is no "view message info" button, the user
must "show message source" and be able to read possibly obfuscated HTML to see
the destination of the form. The "From" address shown in "normal headers" is
totally forgable.

Many legitimate listservs and legitimate opt-in newsletters have
list management links or forms, so IMO it would be useful to have a
warning of some kind. It's not much good to tell people not to
display mail in HTML or never to trust email from anyone unless it has
an S/MIME signature, or always to read the fine print to discover which
organizations never send email and which do.

I realize that if the user has enabled JavaScript in email that the
message can send all sorts of user/browser information with no warning,
but at least the user hasn't typed in anything like a credit card number.
Status: RESOLVED → UNCONFIRMED
Resolution: DUPLICATE → ---
Ok, makes sense, at least when JavaScript is disabled in mail messages.  (When
JavaScript is enabled, the script can communicate form information to a site in
many ways, as you said.)

To protect against dialog fatigue, there could be a checkbox for "Don't warn me
when I submit e-mail forms to https://www.paypal.com".
Status: UNCONFIRMED → NEW
Ever confirmed: true
I think this is going to be a depends on bug 122445, and if so, I'll QA it. 

If not, remove the depenency and me from qa.
Depends on: 122445
QA Contact: ashshbhatt → benc
Assignee: form-submission → nobody
QA Contact: benc → form-submission
Component: HTML: Form Submission → DOM: Core & HTML
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.