Whitelist clickable URLs to mitigate (spear)phishing attacks

[Szpak]

Hi. In the majority of cases, I click in my Thunderbird links from the notifications from the known services (GitHub/Jira, Google/Twitter, Slack/Teams/Mastodon, ...). To make it easier to detect an (spear) fishing attack, I would like to whitelist the common URLs in Thunderbird and be notified (the click is blocked and I see a warning) if I click an unknown URL (e.g. pretending to be Google, but with slightly changed domain). In that case I would need to rethink the case, take a closer look at the link and - possibly - copy/paste it to the browser.

I know clicking the links can be completely disabled in Thunderbird [1], but it would be unhandy and make me indifferent to the URLs in general (known URLs should be still "clickable"). I have seen the Silent Block [2] extension, but it hasn't been maintained for a while. So, 3 questions:

1. Is it possible to achieve in Thunderbird out-of-the-box?
2. Is there any maintained extension?
3. Would an extension using the webNavigation API (namely onBeforeNavigate) be able to achieve that?
4. Do you think it would be useful and should be reported as a feature request to Thunderbird?

[1] - https://www.stevenmaude.co.uk/posts/blo ... hunderbird
[2] - https://addons.thunderbird.net/en-us/th ... lentblock/

Marcin

[morat]

Maybe ask the developers in the topicbox forum if that's possible using the WebExtention APIs.

Thunderbird Addon Devs topicbox forum
http://thunderbird.topicbox.com/groups/addons

Firefox WebExtension APIs supported by Thunderbird
http://webextension-api.thunderbird.net ... hunderbird

WebExtension API webNavigation
http://developer.mozilla.org/docs/Mozil ... Navigation

[Szpak]

Thanks morat. I did as you suggested and it in general should be possible with an add-on. However, due to the API limitations currently it is broken:
https://thunderbird.topicbox.com/groups ... red-at-all