Thunderbird Anti-Phishing Tools

Blane Warrene

It is probably safer to assume close to everyone reading this has received phishing email at some point, as have the great majority of your customers.

The Mozilla Foundation’s Thunderbird email client will now include scam detection capabilities. (Thanks Thomas Rutter for the tip off on this!) If the app thinks an email message is a possible scam message – it will notify the user with a visual queue. Similar to spam tools, it will also have a “not a scam” button to denote safe messages – for example notifications of online statements from financial institutions you work with.

Among its features, Thunderbird will reconcile the hostname shown in an href’s display link and the underlying destination URL — which is one of the primary methods for ‘phishing’ people into visiting sites that aren’t as they appear.

There is a final warning dialog if a user proceeds and clicks a link, and gives one last chance to cancel.

More information is available on Mozilla Bugzilla (including screenshots).

Not only can this serve as a time-saver for email-savvy folks like web professionals, but it also is another opportunity for friendly non-sales contact with your prospects and existing clients – and further introduction to open source alternatives for all platforms – meaning the Mozilla sphere of applications (Linux, Mac and Windows).

Thomas also noted he thinks this is a very good feature, “as it will educate average users about the potential problems of clicking links in emails.* Even if it does not detect all scams or there are a few false positives, the fact that it exists will inform people that links in emails are not always safe.”

Nightly builds of Thunderbird include the new scam tool and it is expected to be in Thunderbird 1.1.