RSS LJ

October 21, 2008

Thunderbird's "email scam" detector sucks ()

by fluffy at 10:48 AM
Here is what Thunderbird thinks of my inbox:
  • Registration confirmation from MWSF: a scam
  • Weekly newsletter from SFBC: a scam
  • "You have an eCard" linking directly to a .exe file: not a scam
  • "Account verification" email purportedly from a bank I'd never heard of: not a scam
  • Nigerian fund account transfer manager "job" offer: not a scam

Comments

#11412 10/21/2008 11:39 am
Email from Japanese coworker who is in my address book and from who I've received hundreds of emails from in the last year: probably a scam.
#11414 10/21/2008 03:02 pm
It is open source, why shouldn't the spammers go in and fiddle with the rules a little?
#11416 10/22/2008 04:48 pm
And everything from Barack Obama's campaign: a scam.
#11558 12/13/2008 09:07 pm
I believe Thunderbird's scam detector is only checking to see if links in the email lead to the same domain that the email came from. There's no logic other than that - it's a really really simple phishing detection, that's it. The implementation makes it appear as though it's doing some real work on figuring out scams, but its not. I think.
#11559 12/13/2008 09:11 pm
I think it's more like it looks at the link text and link attribute of every link, and if there's any links which look like a URL but link anywhere else (like with a clickthrough tracking wrapper, which is extremely common) it marks it a scam.