Open Bug 654502 (mail-scam) Opened 8 years ago Updated 5 months ago

Tracking bug for improvements of Thunderbird's scam / phishing detection and user interaction

Categories

(Thunderbird :: General, defect)

defect
Not set

Tracking

(Not tracked)

People

(Reporter: rsx11m.pub, Unassigned)

References

(Depends on 18 open bugs, )

Details

(Keywords: meta, privacy)

Given that a lot of bugs are currently pending to somehow increase the functionality of the scam/phishing feature in Thunderbird I'm opening this tracking bug (see bug 653798 comment #6). Some of these bugs relate to a
specific issue, some of them propose short-term workarounds until the feature
is completed, and others suggest more long-term improvements to the detection algorithm and the inclusion of a phishing list similar to what Firefox does.

I've added dependencies to bugs which are currently open and confirmed and contain specific or general suggestions how to improve the scam detection.
Some of those may be obsolete by now or duplicates of others, thus may need further verification. Please feel free to add or remove bugs as appropriate.
Can someone in copy of this bug give an advice about what should be done with bug 764112 ?
Is there a (meta) bug that could be used to list all the type of message that shouldn't be recognize as scam?

Thanks in advance!
The /scam/ filter (not the /junk/ handling, that's frequently mixed up) is mostly triggered by inconsistencies in where a link suggests to go vs. where it actually points to. The ability to learn is bug 320351 with some more analysis on the current algorithm, where I don't see how attachment 632365 [details] triggers it, but that may be hidden in a part that was removed for size or privacy reasons.

Bug 320351 comment #34 suggests to solve the issue by keeping a whitelist of target web domains considered trustworthy, not source e-mail domains which can be easily forged. Thus, that's a good dupe for bug 764112, and there is also bug 368924 asking for a global phishing list (like Google's used by Firefox) which may be complementary to the local user-specific whitelist.
So what should we do with this kind of reports:
Bug 764112 - Thunderbird shouldn't recognize message from pcimpact.com as scams
Bug 781884 - Thunderbird scam detection generates false positives on all mail from well-known websites (just created yesterday!)

I think we cannot use them until we have clearly understand what trigger the scam warning. As you said, the txt file attached in bug 764112 is not sufficient, so I suppose that we need an eml file? Any other ideas?

Last but not least, what is the "component" for this kind of issues? They actually fall into "General", which is maybe not the best...
Depends on: 691901
(In reply to Vincent (caméléon) from comment #3)
> I think we cannot use them until we have clearly understand what trigger the
> scam warning. As you said, the txt file attached in bug 764112 is not
> sufficient, so I suppose that we need an eml file? Any other ideas?

Agreed, as a minimum, both the triggering link along with the text above it needs to be given (as commented in bug 691901 comment #8) needs to be given to see what triggers the warning. An EML file certainly helps, where posting just the link sections should be sufficient if the reporter considers the full header or the message content personal and doesn't want to disclose it public.

> Last but not least, what is the "component" for this kind of issues? They
> actually fall into "General", which is maybe not the best...

I've seen some bugs in the "Security" component which isn't a perfect match either, but setting the "privacy" keyword should be appropriate.
Depends on: 778611
Depends on: 849694
Depends on: 926473
Depends on: 938902
Depends on: 937265
Depends on: 973736
Depends on: 989606
Great tracker, thanks rsx11m :)
Depends on: 1001790
Depends on: 1005687
Depends on: 1198446
Depends on: 1341253
No longer depends on: 1341253
Depends on: 1537677
Depends on: 1261769
You need to log in before you can comment on or make changes to this bug.