Closed Bug 320352 Opened 19 years ago Closed 19 years ago

newsletters always detected as scams

Categories

(Thunderbird :: General, defect)

Product:
Thunderbird
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
minor

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 320351

People

(Reporter: mikel, Assigned: mscott)

Details

Attachments

(1 file)

latest ping newsletter
40.45 KB, text/plain
Details 
Can anybody tell me why Australian IT "Ping" newsletters are always flagged as a possible scam?

I will attach one in a moment since I can't do so when first reporting the bug.
Attached file latest ping newsletter 

    
    

    
  
Michael, this is pretty much the same as your previous bug. 


*** This bug has been marked as a duplicate of 320351 ***
Status: NEW → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE

    
    

    
  
No, this is more like a support request for the specifics of this message.

Can somebody who understands the phishing/scam algorithm tell me what token or attribute of the message caused it to be flagged as a scam?

I can't find anything wrong with the message; it looks legitimate to me.

If there is something that makes it look like a scam, I'd like to know what it is so that I can notify the newsletter provider, hoping that they can modify their newsletter so it is not constantly flagged.

Also, as I understand it, one of the main things the scam detection does is look for URLs containing IP addresses.  I couldn't find any in this message.  I wonder if the message encoding causes the scam detection to flag URLs that span multiple lines or contain line continuation characters.

Status: RESOLVED → REOPENED
Resolution: DUPLICATE → ---

    
    

    
  
> No, this is more like a support request for the specifics of this message.

Bugzilla is *NOT* the place for support requests, use the Mozilla newsgroups or Mozillazine fora for this.

That said,

> Can somebody who understands the phishing/scam algorithm tell me what token or
> attribute of the message caused it to be flagged as a scam?

The scam detection algorithm lives here: <http://lxr.mozilla.org/seamonkey/source/mail/base/content/phishingDetector.js> and includes quite some comments what it actually does, eg. this:

 72   // if an e-mail contains a form element, then assume the message is a 
         phishing attack.
 73   // Legitimate sites should not be using forms inside of e-mail.
 74   if (!isEmailScam && msgDocument.getElementsByTagName("form").length > 0)
 75     isEmailScam = true;


*** This bug has been marked as a duplicate of 320351 ***
Status: REOPENED → RESOLVED
Closed: 19 years ago19 years ago
Resolution: --- → DUPLICATE

          You need to log in
          before you can comment on or make changes to this bug.
        






  

    
  







  

    

      
Attachment

      

      
      
      
      
    

    

      

        

          

            
General

            

              Creator: 



            

            
Created: 

            
Updated: 

            
Size: