Anti-Phishing add-on?

Discussion of features in Mozilla Thunderbird
Post Reply
fredwehr
Posts: 18
Joined: February 14th, 2011, 8:54 am

Anti-Phishing add-on?

Post by fredwehr »

Hello, I've looked for such an add-on but surprisingly, there doesn't seem to be one.

Can anyone please comment on the availability of an add-on that, ideally, would (a) convert links to plain text, (b) delete or disable buttons (see screenshot at https://drive.google.com/open?id=0B0GXc ... 3NkUHVSWTQ for example), and (c) provide a "whitelist" feature to allow trusted senders' messages to bypass the add-on?

We try to be cautious, but all it takes is one impatient click to wreak havoc on your computer.

Thanks.
User avatar
DanRaisch
Moderator
Posts: 127188
Joined: September 23rd, 2004, 8:57 pm
Location: Somewhere on the right coast

Re: Anti-Phishing add-on?

Post by DanRaisch »

That can be done without an extension, just view messages in plain text format which will disable all links, etc in incoming messages. View->Message body as->Plain text.
fredwehr
Posts: 18
Joined: February 14th, 2011, 8:54 am

Re: Anti-Phishing add-on?

Post by fredwehr »

Thank you for mentioning the Plain Text option, which I was dimly aware of. In the absence of any anti-phishing add-on, for many users the stripping of all active html would be the safest option, with the small downside of obscuring desirable content from trusted senders. But then of course, the bad guys can spoof email addresses. So we're still in the Wild West and carrying a butter knife to a gunfight.
User avatar
tanstaafl
Moderator
Posts: 49647
Joined: July 30th, 2003, 5:06 pm

Re: Anti-Phishing add-on?

Post by tanstaafl »

Thunderbird has a built-in anti-phishing feature managed by tools -> options -> security ->email scams -> "tell me if the message I'm reading is a suspected email scam" but its poorly designed, so most people disable it. It checks for a mismatch between the displayed URL and the actual link, whether there is a embedded form, or the address is a IP address. Unfortunately you can't white list a sender using the address book , way too many legitimate emails are flagged as phishing attempts, and it doesn't seem able to learn from flagging messages as non spam.

https://www.hyperborea.org/journal/2005 ... detection/
https://www.dslreports.com/forum/r15435 ... on-USELESS
http://kb.mozillazine.org/Thunderbird_5 ... am_warning

If this is a frequent problem I suggest you consider installing something like SpamPal (which checks for spam using blacklists of what smtp servers were used to send the message, managed by organizations such as Spamhaus) and configure the junk mail controls to trust it per http://kb.mozillazine.org/Junk_Mail_Controls . i.e. use anti-spam tools against phishing attempts since there is a lot of overlap.

There is a ancient, no longer maintained Sender Verification Anti-Phishing add-on . I don't know if it still works. If you want to try it install the disable add-on compatibility check add-on beforehand and ignore the warning about incompatibility when you install the add-on. "The extension uses Sender Policy Framework (SPF) (albeit in a nonstandard way) to verify the sending domain and SURBL, Spamhaus, DNSWL, and SenderScoreCertified for reputation information on the domain."
fredwehr
Posts: 18
Joined: February 14th, 2011, 8:54 am

Re: Anti-Phishing add-on?

Post by fredwehr »

Thanks tanstaafl for your comments and advice. Will check out SpamPal. A shame that Internet and email infrastructure is so UN-trustworthy...
Post Reply