We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

Om de ûnderfining foar jo te ferbetterjen is tydlik de funksjonaliteit dan dizze website troch ûnderhâldswurk beheind. Wannear in artikel jo probleem net oplost en jo in fraach stelle wolle, kin ús stipemienskip jo helpe yn @FirefoxSupport op Twitter en /r/firefox op Reddit.

Avatar for Username

Sykje yn Support

Mij stipescams. Wy sille jo nea freegje in telefoannûmer te beljen, der in sms nei ta te stjoeren of persoanlike gegevens te dielen. Meld fertochte aktiviteit mei de opsje ‘Misbrûk melde’.

Mear ynfo

Dizze konversaasje is argivearre. Stel in nije fraach as jo help nedich hawwe.

How to stop Thunderbird from classifying my collegue's Airmail messages as scam

  • 4 antwurd
  • 4 hawwe dit probleem
  • 10 werjeftes
  • Lêste antwurd fan Nils T

Nils T
Nils T
more options

Thunderbird keeps classifying almost all mail from one of my colleagues as scam.

His sending address is in my address book.

I suspect it has to do with how his MUA (Apple Airmail) formats the emails.

I do not want to disable Scam detection in general.

Any ideas?

Using Thunderbird 52.3.0+build1-0ubuntu0.16.04.1 on Ubuntu 16.04.3 LTS

Thunderbird keeps classifying almost all mail from one of my colleagues as scam. His sending address is in my address book. I suspect it has to do with how his MUA (Apple Airmail) formats the emails. I do not want to disable Scam detection in general. Any ideas? Using Thunderbird 52.3.0+build1-0ubuntu0.16.04.1 on Ubuntu 16.04.3 LTS

Keazen oplossing

sure. The detection is very basic so all that triggers it is listed here https://support.mozilla.org/en-US/kb/thunderbirds-scam-detection#w_thunderbirds-automatic-scam-filtering

To summarize

  • Links with numerical server names (http://127.0.0.1/).
  • Links where the text doesn't match the server name (for example, the text of the message might say "https://secure.example.com" but the link actually goes to "http://phishing.example.com" instead). Phishers do this to fool you into going to their site. Unfortunately some legitimate mailing lists also do this with redirectors for tracking purposes.
  • A remote image link that has different image source than the link points to (spoofing a legitimate web site, similar to the link spoofing described above).
Dit antwurd yn kontekst lêze 👍 2

Alle antwurden (4)

Matt
Matt
  • Moderator
  • Top 10 Contributor
more options

You have no choices beyond what you apparently are aware of. Modify the email or disable the scam detection are the choices. There are no hidden tweaks or settings is is really an incomplete feature that has languished for years.

Nils T
Nils T Fraacheigener
more options

Thank you Matt.

Is there any documentation of how my colleague could change the format of his mails that make it less likely to trigger Thunderbird's scam detection?

Matt
Matt
  • Moderator
  • Top 10 Contributor
more options

Keazen oplossing

sure. The detection is very basic so all that triggers it is listed here https://support.mozilla.org/en-US/kb/thunderbirds-scam-detection#w_thunderbirds-automatic-scam-filtering

To summarize

  • Links with numerical server names (http://127.0.0.1/).
  • Links where the text doesn't match the server name (for example, the text of the message might say "https://secure.example.com" but the link actually goes to "http://phishing.example.com" instead). Phishers do this to fool you into going to their site. Unfortunately some legitimate mailing lists also do this with redirectors for tracking purposes.
  • A remote image link that has different image source than the link points to (spoofing a legitimate web site, similar to the link spoofing described above).
Nils T
Nils T Fraacheigener
more options

Thank you Matt. Your hint helped me find the broken link "where the text doesn't match the server name" in the sender's HTML signature. Mystery solved, i notified my colleague!

Bewurke troch Nils T op