MozillaZine

Anti-Phishing add-on?

Discussion of features in Mozilla Thunderbird
fredwehr
 
Posts: 16
Joined: February 14th, 2011, 8:54 am

Post Posted January 10th, 2017, 9:42 am

Hello, I've looked for such an add-on but surprisingly, there doesn't seem to be one.

Can anyone please comment on the availability of an add-on that, ideally, would (a) convert links to plain text, (b) delete or disable buttons (see screenshot at https://drive.google.com/open?id=0B0GXcHVdvx6tenlWd3NkUHVSWTQ for example), and (c) provide a "whitelist" feature to allow trusted senders' messages to bypass the add-on?

We try to be cautious, but all it takes is one impatient click to wreak havoc on your computer.

Thanks.

DanRaisch
Moderator

User avatar
 
Posts: 116622
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Post Posted January 10th, 2017, 4:07 pm

That can be done without an extension, just view messages in plain text format which will disable all links, etc in incoming messages. View->Message body as->Plain text.

fredwehr
 
Posts: 16
Joined: February 14th, 2011, 8:54 am

Post Posted January 11th, 2017, 7:43 am

Thank you for mentioning the Plain Text option, which I was dimly aware of. In the absence of any anti-phishing add-on, for many users the stripping of all active html would be the safest option, with the small downside of obscuring desirable content from trusted senders. But then of course, the bad guys can spoof email addresses. So we're still in the Wild West and carrying a butter knife to a gunfight.

tanstaafl
Moderator

User avatar
 
Posts: 42867
Joined: July 30th, 2003, 5:06 pm

Post Posted January 11th, 2017, 8:30 am

Thunderbird has a built-in anti-phishing feature managed by tools -> options -> security ->email scams -> "tell me if the message I'm reading is a suspected email scam" but its poorly designed, so most people disable it. It checks for a mismatch between the displayed URL and the actual link, whether there is a embedded form, or the address is a IP address. Unfortunately you can't white list a sender using the address book , way too many legitimate emails are flagged as phishing attempts, and it doesn't seem able to learn from flagging messages as non spam.

https://www.hyperborea.org/journal/2005 ... detection/
https://www.dslreports.com/forum/r15435 ... on-USELESS
http://kb.mozillazine.org/Thunderbird_5 ... am_warning

If this is a frequent problem I suggest you consider installing something like SpamPal (which checks for spam using blacklists of what smtp servers were used to send the message, managed by organizations such as Spamhaus) and configure the junk mail controls to trust it per http://kb.mozillazine.org/Junk_Mail_Controls . i.e. use anti-spam tools against phishing attempts since there is a lot of overlap.

There is a ancient, no longer maintained Sender Verification Anti-Phishing add-on . I don't know if it still works. If you want to try it install the disable add-on compatibility check add-on beforehand and ignore the warning about incompatibility when you install the add-on. "The extension uses Sender Policy Framework (SPF) (albeit in a nonstandard way) to verify the sending domain and SURBL, Spamhaus, DNSWL, and SenderScoreCertified for reputation information on the domain."

fredwehr
 
Posts: 16
Joined: February 14th, 2011, 8:54 am

Post Posted January 11th, 2017, 11:30 am

Thanks tanstaafl for your comments and advice. Will check out SpamPal. A shame that Internet and email infrastructure is so UN-trustworthy...

Return to Thunderbird Features


Who is online

Users browsing this forum: No registered users and 1 guest