Closed Bug 282491 Opened 15 years ago Closed 15 years ago

Add a Phishing Notification Bar to the message pane

Categories

(Thunderbird :: General, defect)

x86
Windows XP
defect
Not set

Tracking

(Not tracked)

RESOLVED FIXED
Thunderbird1.1

People

(Reporter: mscott, Assigned: mscott)

Details

Attachments

(4 files)

Just like we have notification bars for junk mail and remote content, we should
have a bar for when we think a message is an e-mail scam.
Status: NEW → ASSIGNED
Target Milestone: --- → Thunderbird1.1
We need to decide several things:

1) Do we want to add a button to the bar that when clicked takes you to a web
page on our site that talks about phishing for end users?

2) OR should we have a button in this phishing bar that allows you to override
our decision that this is an email scam like we currently do for over riding
the junk status and remote content. 

I'm leaning towards YES on Option #2 instead of Option #1

3) Is the wording ok or do we need to be more verbose: "Thunderbird thinks this
message is an email scam." 

4) Will need to talk to Arvid and Kevin about an icon for the phishing bar. I'm
currently re-using the remote content image.
Attached image screen shot
Comment on attachment 174513 [details] [diff] [review]
first pass at a phishing Bar implementation

you can't tell from the diff but 

gMessageNotificationBar.setPhishingMsg(aUrl);

is being called from:

// this is called when layout is actually finished rendering a 
// mail message. 
function OnMsgParsed(aUrl)

so we are sure the DOM exists for the message before we look for phishing URLs.
Attachment #174513 - Flags: superreview?(bienvenu)
Comment on attachment 174513 [details] [diff] [review]
first pass at a phishing Bar implementation

thinks this message is an email scam.

perhaps instead of "is" "might be". Your call...
Attachment #174513 - Flags: superreview?(bienvenu) → superreview+
the initial implementation patch has been checked in with David's suggested
wording change which I like. 
An experiment on Windows and Linux, get rid of the separate toolbar colors for
junk mail, remote content and phishing, unifying them all to have
InfoBackground style rules like the Firefox browser message bar.
Just a comment as I realize this is still a work in progress.  Today I received
a valid email from Fidelity using the 2005-02-18 nightly.  This email contained
a form to search fidelity.com (bad idea, but it did) which I think triggered the
phishing detector.  That in itself isn't such a bad thing, but the phishing bar
blocked the image bar ([Patch: make sure the phishing bar always takes
precedence over the remote image bar.]) so there was no obvious way to display
the images for the email, making it unreadable.

Implementing "2) OR should we have a button in this phishing bar that allows you
to override our decision that this is an email scam like we currently do for
over riding the junk status and remote content." and then displaying the
"Display Images" bar would solve this issue.
your right that furthers the argument that we should have a "Not an E-mail Scam"
button in the message bar to clear the alert...
adds a button to the phishing bar that you can click to say this message is not
a scam. That causes us to reload the msg, such that if it has remote images
you'd next see the remote images bar, then you'd reload it again to actually
see no messages....

I'm writing a custom integer property on the msg hdr called "notAPhishMessage"
to remember this value for the msg.
Attachment #174906 - Flags: superreview?(bienvenu)
I wonder if a user says the msg is not a scam if we should also set the "allow
remote content" field as well so he/she doesn't have to then turn around and
click the allow remote content button....
(In reply to comment #10)
> I wonder if a user says the msg is not a scam if we should also set the "allow
> remote content" field as well so he/she doesn't have to then turn around and
> click the allow remote content button....

No. The two are separate things entirely. I block remote content to stop Web
bugs - including those from people who email me regularly. I think it's better
to leave separate features separate and not try to guess what the user is trying
to do.

Also, see bug 282985
Status: ASSIGNED → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Comment on attachment 174906 [details] [diff] [review]
add a button to say this msg is not a scam and then remember that setting

obsolete request
Attachment #174906 - Flags: superreview?(bienvenu)
You need to log in before you can comment on or make changes to this bug.