User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:220.127.116.11) Gecko/20080201 Firefox/18.104.22.168 Build Identifier: version 22.214.171.124 (20080213) If the sender of the email in question is listed in Address Book, then THAT SENDER is "Trusted", and consequently, all scam detection/criteria should be turned off. The presence of the "Not A Scam" button creates an extra click in the process. But, let's face it: if the sender is in the Address Book, then the scam criteria is irrelevant. What you are REALLY saying is that even though you(Thunderbird User) trust this sender by placing him in your Address Book, we(Thunderbird Programmers, et. al.) nevertheless still do not trust YOUR judgment, Mr. User, and feel that you still need warning. This is BIG BROTHER SYNDROME pushed to an illogical extreme. Reproducible: Always Steps to Reproduce: 1.Sender must be in Address Book 2.Sender must be violating Thunderbird's scam criteria 3.Cannot document item #2 because I do not know what Thunderbird's scam criteria is. Actual Results: If Thunderbird detects a scam violation within the pending email, then the scam warning comes on and the "Not A Scam" button comes on, requiring the Thunderbird User to click in order to complete the process of loading the email into the view window. Expected Results: There should be no scam detection criteria employed here, since the sender is already in the Address Book, and therefore trusted by the Thunderbird User. Allow the email to load into view window without scam warning. The remedy to this problem is SIMPLE: turn the scam detection OFF whenever the sender is listed in Address Book. End of Story. Piece of cake!
You might just as well just turn off scam detection: until one of the various competing ideas for how to reliably and securely identify who actually sent email takes hold, most scam email will continue to appear (as far as anything Thunderbird can see) to come from an address that would be trusted - PayPal phishes don't claim that they are from firstname.lastname@example.org, they claim to be from email@example.com (or whatever the actual address is). Trusting anything "from" a sender in the addressbook would just mean that we would detect the scams you would detect anyway ("firstname.lastname@example.org? but I don't bank with Wachovia!"), while failing to detect ones from businesses you actually *do* deal with.