Closed Bug 849694 Opened 7 years ago Closed 6 years ago

Scam Detect should have parameter changed from Yes/No to Gradient 0-255


(Thunderbird :: Preferences, enhancement)

Not set


(Not tracked)



(Reporter: r4162821-mozbugzilla, Unassigned)


(Depends on 1 open bug, Blocks 1 open bug)


(Keywords: privacy)

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:19.0) Gecko/20100101 Firefox/19.0
Build ID: 20130307023931

Steps to reproduce:

Click on Tool > Options 
Click Security Tab > E-mail Scams

is checkbox for 'Tell me if the message I am reading is a suspected email scam'.

Default with new install is Checked,
optional after uninstall to uncheck

This is a Boolean Yes/No decision, there is no facility for Grey or how hard to check for suspected 'scam' message.

Checked in Options > Open Config editor,
added search word 'scam', no results.

replaced search word 'scam', with 'security', pulled a list of 'security' paramaters, but nothing matched 'scam'.

Actual results:

No Parameter with the word term 'scam'.

Expected results:

Should pull up a parameter (something).scam.boolean(something)., with the default showing as clicked, and Highlighted if user changed from default.

Harm> Users will uncheck by 'de regeur' install process, and see numerous bugs regarding this issue. Users will dump TB and migrate to M$ product or use online web based products instead.

Have an optional 0-255 gradient paramater, with 8 levels of 'scam' detection, to replace boolean yes/no all or nothing flag. This way USERS by DEFAULT are set at 255 for the Highest available detection, (all Ones), -and-

at the user's pain and suffering, can optionally, by democratic consensus define their own level of safety.

IF there are two algorythmic paths split the a camp in 0-127, B camp in 128 to 255.

Similarly if there are 4 paths the user can set any value of paths to add to the stream of testing 0=test ignored, 1=test performed, in a declining priority basis, that test =255 means test everything (And slows down time betweeen messages being read because of all of the tests), or a singular test IE 128 = [Bug scam detect] API fetch on embedded links, 64=numeric html ip addresses, 32=[unknown test], 16=user defined address book parameter, 8=[unknown lesser user parameter] etc.
Severity: normal → minor
Keywords: sec-other
Group: core-security
The preference you are looking for is "mail.phishing.detection.enabled" and is directly connected with the checkbox in the preferences UI. Indeed, there are at least two rules triggering the warning: One for numerical IP addresses, another one for a mismatch between a link stated in the text with the actual link it refers to. Those have their dedicated boolean preferences:

 - mail.phishing.detection.ipaddresses
 - mail.phishing.detection.mismatched_hosts

Thus, what you are asking for exists already to that extent. Making it an 8-bit mask certainly would make sense if there are more rules coming up that want to be distinguished, rather than having individual boolean prefs for all of those.

However, making the scam detector be more sophisticated by hooking it up to a global phishing list (bug 778611) and making it able to learn (bug 320351) should be of higher priority and would be a better motivation to modify the preferences system at that time.
Blocks: mail-scam
Keywords: sec-otherprivacy
Confirming as a valid RFE (no duplicates found) but making it dependent on the other bugs given that the scam detector itself needs to improve first.
Severity: minor → enhancement
Depends on: 320351, 778611
Ever confirmed: true
OS: Windows 7 → All
Hardware: x86_64 → All
Version: 17 → Trunk
There are already the prefs listed in comment 1. I don't think this would add anything useful. 
Closed: 6 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.