SillyDog701 Message Centre

[Fulvio]

The new Thunderbird 1.0+ nighlies, TB alpha2 looks good. It has one feature which I thought was impressive, i.e. to scan for e-mail scans, in the Privacy section.
I am curious if anyone had any experience. My experience has been totally negative. I got three detected scans, all legitimate newsletters, which may otherwise end up in the Junk folder. One was from apple.com, another the NY times newsletter. However a scam to Wells Fargo Bank, let go as legit.
Any experience?

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050724 SeaMonkey/1.0a

---

"I've got a very poor sense of direction. I keep forgetting which way is forwards."
WinXP, SP3, 512 MB, FF3.6, 3.6 portable, TB 3.0.3, TB2.0.25, FF3.5.9, FF3.7, SM2.0.4 nightlies, Google Chrome, IE8.0, Zone Alarm Firewall; AVG9.0, JRE1.6_18

[akbash]

Scam email detection in Thunderbird flags messages containing a suspicious-looking hyperlink, where suspicious means the HTTP address it wants to take you to appears to be fairly simplistically obscured. Scam detection also flags messages containing any HTML form. I'm not sure what the logic is for that last point, and I think that's where the false positives are coming from.

If you're inclined, bug 279191 records the development of the detection algorithm.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050729 Firefox/1.0+

[Fulvio]

I will take a look at the bug #. The false positives do not bother me so much, but the fact that the feature is useless with real phishing attempt, does.
I got two negatibves on phishing attempts to change my settings on bank accounts. The ridiculous thing is that neither account was anywhere in my area, and never heard of the banks. But, I reported the attempts to the banks, and received confirmation that they were p[hishing attempts.
Also, all I need to do is take a look at the message source to tell that it is fake.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.10) Gecko/20050716

---

"I've got a very poor sense of direction. I keep forgetting which way is forwards."
WinXP, SP3, 512 MB, FF3.6, 3.6 portable, TB 3.0.3, TB2.0.25, FF3.5.9, FF3.7, SM2.0.4 nightlies, Google Chrome, IE8.0, Zone Alarm Firewall; AVG9.0, JRE1.6_18

[akbash]

I agree, phishing detection still needs work. Seems to me the most common type of scam is email with a return address from, say wellsfargo.com, and containing a link to, say www.wellsfargo.giveusyouraccountinfo.com. That's problematic to detect ever since URL construction became a little more free-form, and I believe Thunderbird can't detect that kind of thing (yet?).

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b4) Gecko/20050729 Firefox/1.0+

[Fulvio]

I agree that TB needs more more on anti-phishing. It is ok the way it is, because it makes you think. Yes, I received one of those Well Fargo scams, which I reported, and was confirmed a scam. At least there is a Wells Fargo bank, locally. But, I got some really weird ones from obscure banks.
If it was not for the fact that I don't believe in replying to any spam attempt, I am so tempted to enter some fictitious information.

UserAgent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.11) Gecko/20050728

---

"I've got a very poor sense of direction. I keep forgetting which way is forwards."
WinXP, SP3, 512 MB, FF3.6, 3.6 portable, TB 3.0.3, TB2.0.25, FF3.5.9, FF3.7, SM2.0.4 nightlies, Google Chrome, IE8.0, Zone Alarm Firewall; AVG9.0, JRE1.6_18