Closed Kabouik closed 6 years ago
What makes you think the next phishing message will come from the same sender? Also, what makes you think the spam filter ignores senders? :-) Neither are true, in my experience.
There is an old issue #639 open for this, but it's actually a very hard problem. What I want to do but haven't had time to implement properly (I have some experiments in my local tree) is to auto-generate a white-list of non-spammers and non-phishers by looking at the history of who you communicate and what you read (without marking as spam). Senders NOT on the white-list, or senders behaving "strangely" compared to their historic profile, would enable defensive measures in the UI - warnings when links are clicked or attachments downloaded.
Oops, the real issue is #1726. I'm closing this as a duplicate of that one.
Thanks for the answer.
Just to reply to the points you've raised, there is indeed no reason to think that future phishing messages would come from the same sender, but adding protection against all future phishing is not the same as preventing this particular sender from doing so again, if he ever tries. Phishing addresses might not be used twice, but in some cases they might, for instance when they are close enough to those they are trying to mimic. Better safe than sorry if we can just blacklist them after the first attempt.
As for the spam filter, I don't know, I just believe that I already observed e-mails not being flagged as spam in my inbox even when I manually tagged messages from the same senders previously. I should double check that.
Bjarni Rúnar Einarsson notifications@github.com wrote:
What makes you think the next phishing message will come from the same sender? Also, what makes you think the spam filter ignores senders? :-) Neither are true, in my experience.
There is an old issue #639 open for this, but it's actually a very hard problem. What want to do but haven't had time to implement properly (I have sum experiments in my local tree) is to auto-generate a white-list of non-spammers and non-phishers by looking at the history of who you communicate and what you read (without marking as spam). Senders NOT on the white-list, or senders behaving "strangely" compared to their historic profile, would enable defensive measures in the UI
- warnings when links are clicked or attachments downloaded.
I received some phishing e-mails, and immediately tagged them as spam. However, I am feeling something a tad more drastic would be useful to filter those e-mails once the address has unambiguously been identified as a phishing address by the user, like a blacklist.
Tagging messages as spam does not mean that the next messages from the same sender will also be tagged as spam automatically (at least in my case it does not seem to be the case, maybe the smart tagging needs a lot of cases before it can kick in automatically on "known" addresses). This can be an issue when the phishing is well hidden, the user could be vigilent enough a few times and still be fooled once if the future messages keep being shown in the inbox.