Closed
Bug 282491
Opened 20 years ago
Closed 20 years ago
Add a Phishing Notification Bar to the message pane
Categories
(Thunderbird :: General, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
Thunderbird1.1
People
(Reporter: mscott, Assigned: mscott)
Details
Attachments
(4 files)
|
7.53 KB,
patch
|
Bienvenu
:
superreview+
|
Details | Diff | Splinter Review |
|
45.66 KB,
image/png
|
Details | |
|
1.30 KB,
patch
|
Details | Diff | Splinter Review | |
|
4.02 KB,
patch
|
Details | Diff | Splinter Review |
screen shot
Just like we have notification bars for junk mail and remote content, we should
have a bar for when we think a message is an e-mail scam.
|
Assignee | |
Updated•20 years ago
|
Status: NEW → ASSIGNED
Target Milestone: --- → Thunderbird1.1
|
|
Assignee | |
Comment 1•20 years ago
|
||
We need to decide several things:
1) Do we want to add a button to the bar that when clicked takes you to a web
page on our site that talks about phishing for end users?
2) OR should we have a button in this phishing bar that allows you to override
our decision that this is an email scam like we currently do for over riding
the junk status and remote content.
I'm leaning towards YES on Option #2 instead of Option #1
3) Is the wording ok or do we need to be more verbose: "Thunderbird thinks this
message is an email scam."
4) Will need to talk to Arvid and Kevin about an icon for the phishing bar. I'm
currently re-using the remote content image.
|
|
Assignee | |
Comment 2•20 years ago
|
||
|
|
Assignee | |
Comment 3•20 years ago
|
||
Comment on attachment 174513 [details] [diff] [review]
first pass at a phishing Bar implementation
you can't tell from the diff but
gMessageNotificationBar.setPhishingMsg(aUrl);
is being called from:
// this is called when layout is actually finished rendering a
// mail message.
function OnMsgParsed(aUrl)
so we are sure the DOM exists for the message before we look for phishing URLs.
Attachment #174513 -
Flags: superreview?(bienvenu)
|
||
Comment 4•20 years ago
|
||
Comment on attachment 174513 [details] [diff] [review]
first pass at a phishing Bar implementation
thinks this message is an email scam.
perhaps instead of "is" "might be". Your call...
Attachment #174513 -
Flags: superreview?(bienvenu) → superreview+
|
|
Assignee | |
Comment 5•20 years ago
|
||
the initial implementation patch has been checked in with David's suggested
wording change which I like.
|
|
Assignee | |
Comment 6•20 years ago
|
||
An experiment on Windows and Linux, get rid of the separate toolbar colors for
junk mail, remote content and phishing, unifying them all to have
InfoBackground style rules like the Firefox browser message bar.
|
||
Comment 7•20 years ago
|
||
Just a comment as I realize this is still a work in progress. Today I received
a valid email from Fidelity using the 2005-02-18 nightly. This email contained
a form to search fidelity.com (bad idea, but it did) which I think triggered the
phishing detector. That in itself isn't such a bad thing, but the phishing bar
blocked the image bar ([Patch: make sure the phishing bar always takes
precedence over the remote image bar.]) so there was no obvious way to display
the images for the email, making it unreadable.
Implementing "2) OR should we have a button in this phishing bar that allows you
to override our decision that this is an email scam like we currently do for
over riding the junk status and remote content." and then displaying the
"Display Images" bar would solve this issue.
|
|
Assignee | |
Comment 8•20 years ago
|
||
your right that furthers the argument that we should have a "Not an E-mail Scam"
button in the message bar to clear the alert...
|
|
Assignee | |
Comment 9•20 years ago
|
||
adds a button to the phishing bar that you can click to say this message is not
a scam. That causes us to reload the msg, such that if it has remote images
you'd next see the remote images bar, then you'd reload it again to actually
see no messages....
I'm writing a custom integer property on the msg hdr called "notAPhishMessage"
to remember this value for the msg.
Attachment #174906 -
Flags: superreview?(bienvenu)
|
|
Assignee | |
Comment 10•20 years ago
|
||
I wonder if a user says the msg is not a scam if we should also set the "allow
remote content" field as well so he/she doesn't have to then turn around and
click the allow remote content button....
|
||
Comment 11•20 years ago
|
||
(In reply to comment #10)
> I wonder if a user says the msg is not a scam if we should also set the "allow
> remote content" field as well so he/she doesn't have to then turn around and
> click the allow remote content button....
No. The two are separate things entirely. I block remote content to stop Web
bugs - including those from people who email me regularly. I think it's better
to leave separate features separate and not try to guess what the user is trying
to do.
Also, see bug 282985
|
|
Assignee | |
Updated•20 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 20 years ago
Resolution: --- → FIXED
|
|
||
Comment 12•19 years ago
|
||
Comment on attachment 174906 [details] [diff] [review]
add a button to say this msg is not a scam and then remember that setting
obsolete request
Attachment #174906 -
Flags: superreview?(bienvenu)
You need to log in
before you can comment on or make changes to this bug.
Description
•