Closed
Bug 1423444
Opened 7 years ago
Closed 7 years ago
Mailsploit: Remove domains from real name part
Categories
(Thunderbird :: Message Reader UI, enhancement)
Thunderbird
Message Reader UI
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: BenB, Unassigned)
References
Details
Attachments
(2 files)
Screenshot with email address in real name
This is part of bug 1423430. See there for background. Compare bug 1423440. If the real name part of the From: header contains something that looks like a domain name, then strip the dots from display. Given that users may see only the real name part, it can be used to fool unsuspecting and uneducated users. Please do not assume that users know email standards, so even things that are very similar to an email address should not be allowed. This should happen in the front end. Algo could be e.g.: 1. Look for "." in real name 2. Go to next non-alphanum char before and after the "." 3. Check whether the part after the "." is in the eTLD list. 4. If so, strip the ".". This should affect at least: * the real name display in the header section * the context menu on it * collected addresses * manually adding an From address to the address book.
|
||
Updated•7 years ago
|
Group: mail-core-security
|
Reporter | |
Updated•7 years ago
|
Group: mail-core-security
|
||
Comment 1•7 years ago
|
||
As far as I know you can only hide the email address, when it is in an address book (Display -> Advanced -> Show only display name for people in my address book). So your case of "given that users may see only the real name part" does not apply for harmful messages in almost any cases. This suggestion is not necessary and has potential side effects to upset TB's long standing user base. Please withdraw this suggestion.
|
|
Reporter | |
Comment 2•7 years ago
|
||
This demonstrates the problem. The email address in the real name part appears to be the From: in the UI. The actual From email address is pushed away, invisible for the user.
|
|
Reporter | |
Comment 3•7 years ago
|
||
This shows TB with an unreasonably wide window. It shows what TB tries to do. For us, it's clear what happens, and how to read this and where to look. However, we must write the application for people who are not email exports, or in fact no nothing about computers at all. If it confuses your grand mother or the waiter of a restaurant, it's not good enough. If somebody has a better idea, post it. It must be impossible to confuse untrained and unsuspecting users.
|
|
||
Comment 4•7 years ago
|
||
Is there somewhere a consensus, that TB gets developed for "near-users"? And how should someone install TB, when they are on such a level you describe? If you really want to have TB handle your case from comment #3 differently as up to now, then make the UI add a line break between the real name and the address when the line gets to long to be displayed. The address would then appear below the real name: President of the United States potus@whitehouse.gov <evil-spammer@hugebot.mafia> If the window gets too small to display even this form, then use the three dot notation: President of the United States... <evil-spammer-with-a-long-addr... This could be a configurable option under Preferences -> Display -> Advanced: Show long sender address on two lines Would this be an acceptable solution for you?
|
|
Reporter | |
Comment 5•7 years ago
|
||
From: potus@whitehouse.gov <donaldtrumpforwin@yahoo.com> is not exactly clear, either. Looks legit. But isn't.
|
||
Comment 6•7 years ago
|
||
There are use cases for everything. One case that come to mind is mailing lists, or some collaboration trackers that send out "foo@bar via oursystem <noreply@example.com>" formatted mails. I've seen this in the wild but I don't recall where. Another use case is telling people your email's about to update, you're about to retire, quit or whatever, and you have it contain info about where they can contact you in the future. Sure you can put the info in the mail body, but it's still a use case. All in all, I don't think we should we should implement this suggestion. People need to understand email addresses can be easily spoofed. There's no need to put the potus@whitehouse.gov as display name, you can just spoof the real email address instead.
|
|
Reporter | |
Comment 7•7 years ago
|
||
> People need to understand email addresses can be easily spoofed. Right. Just that they don't. Email spoofing is one of the biggest problems of email. It's so bad that my bank writes me paper letters to warn about email spoofing. That means that email clients completely failed to protect their users. The software must adapt to users, not the other way around. Clearly, this is a widespread problem, and we should fix it. We cannot expect our users to know all the technical background of email. You have to admit that without technical understanding, comment 5 can easily be misunderstood.
|
|
||
Comment 8•7 years ago
|
||
(In reply to Magnus Melin from comment #6) > All in all, I don't think we should we should implement this suggestion. So we have three Mailnews peers in agreement here (Magnus, Alta88, myself). As per bug 1423440 comment #2, domains and full e-mail addresses are used in display/real names, so we would cause a lot of surprises if we manipulated those. For a suggestion to improve the situation, see bug 1423432 comment #36.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
Just to add a little bit of color here: Mailspoit variant 5 (the only variant that lacks null characters) tricks some email clients into using the encoded (friendly-from) address in place of (or in addition to) the true address, not just visually for the end user but also when a reply is composed (thus the email client itself is fooled, and that would be a bug). Thunderbird is not vulnerable to this.
You need to log in
before you can comment on or make changes to this bug.
Description
•