Open Bug 682715 Opened 13 years ago Updated 7 years ago

Scam Warning needs to be correctable

Categories

(SeaMonkey :: MailNews: General, defect)

Product:
SeaMonkey
Component:
MailNews: General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

People

(Reporter: 3.14, Unassigned)

References

(Depends on 1 open bug)

Details

In bug 318916 it was discussed that the scam warning should be correctable by sender. This would allow to get through the warning by fake sender. Yet if the link URL itself would be in a safe list this risk does not exist.

So the idea would be: You receive a message, say by LinkedIn. It contains links to http://www.linkedin.com/whatehaveyou. Pressing a button I would be able to tell SeaMonkey that those URLs are safe. No further warnings in the future.

pi
(In reply to Boris 'pi' Piwinger from comment #0)
> In bug 318916 it was discussed that the scam warning should be correctable
> by sender. This would allow to get through the warning by fake sender. Yet
> if the link URL itself would be in a safe list this risk does not exist.

I agree with the wontfix from Thunderbird here, *but* I am not even sure if we have separate code to allow us to change this independent of them. Also I'm not the guy who would make the decision.

Karsten, can you peek at Bug 318916 then decide on a status here?
Just to avoid any confusion: I am suggesting a different solution here.
(In reply to Justin Wood (:Callek) from comment #1)
> (In reply to Boris 'pi' Piwinger from comment #0)
> > In bug 318916 it was discussed that the scam warning should be correctable
> > by sender. This would allow to get through the warning by fake sender. Yet
> > if the link URL itself would be in a safe list this risk does not exist.
> 
> I agree with the wontfix from Thunderbird here, *but* I am not even sure if
> we have separate code to allow us to change this independent of them. Also
> I'm not the guy who would make the decision.
> 
> Karsten, can you peek at Bug 318916 then decide on a status here?

I strongly disagree with the wontfix from Thunderbird as this "feature" is worse than useless in its present state. As far as I am concerned, it should be completely removed from the code. I am a professional programmer and if I had delivered sloppy code like this, I would have been fired on the spot. That it hasn't been repaired in over 6 years now is a disgrace beyond imagination.
Bug 318916 comment #26 illustrates the attitude of the WONTFIXers: users, even if sophisticated, are not to be trusted with the ability to turn off scam warnings even for senders that are producing a flood of false positives, because anything less than absolute certainty is too risky (but, apparently, having to disable the entire feature isn't).  That is overprotective mothering at its most idiotic.

If the Powers That Be at Mozilla are determined to keep this problem in place, I would like to join or start an effort to create an add-on or even an alternative product that gives users that ability.
FWIW, seamonkey and thunderbird have their own versions of phishingDetector.js where the detection is done. I have no problem with allowing whitelisting of certain http urls in mails.
Similar to Thunderbird bug 320351. Also see dependencies to meta bug 654502
(I'm not adding this bug for tracking as it is a SM bug rather than for TB).

Whitelisting of links is certainly preferable over whitelisting of senders.
OS: Windows 7 → All
Hardware: x86_64 → All
Depends on: 320351
This would also apply to any triggers coming from the safe-browsing code, now that it is available in SeaMonkey per bug 477718, if and when that's hooked up to Mail & News by bug 837386.
Depends on: 837386
Version: SeaMonkey 2.3 Branch → Trunk
I would like to see whitelisting.  I have certain mailing lists and URLs I trust that still get flagged with scam warnings.  I find the scam feature more of a nuisance than a value, though I'm very good at detecting phishing etc by eyeball.
(In reply to Jerry Quinn from comment #9)
> I would like to see whitelisting.  I have certain mailing lists and URLs I
> trust that still get flagged with scam warnings.  I find the scam feature
> more of a nuisance than a value, though I'm very good at detecting phishing
> etc by eyeball.

Just disable it, that will save you a lot of trouble and effort.
You need to log in before you can comment on or make changes to this bug.