Phishing filter doesn't account for cloaked URLs

nylas / nylas-mail

:love_letter: An extensible desktop mail app built on the modern web. Forks welcome!

https://nylas.com/nylas-mail/

MIT License

24.8k stars 1.37k forks source link

Phishing filter doesn't account for cloaked URLs #2215

Open Paratron opened 8 years ago

Paratron commented 8 years ago

Pretty simple example:

<a href="http://malicious.com">http://paypal.com</a>

I think thats way more important than simply looking if sender != replyTo, because phising mails normally try to lure you to a faked website instead of making you reply to the mail.

bengotow commented 8 years ago

N1 adds a hover title to links so you can see what you're clicking, but we should definitely add this to the phishing plugin. The current version of that plugin is really pretty dumb and was one of our example packages. Needs some love!

Paratron commented 8 years ago

Additionally: the phishing detector is more of a drawback, since it marks nearly all automatically sent mails (for example from github) as potential phishing mails.

I would remove the reply-to detector completely.

runofthemill commented 8 years ago

agree with @Paratron - I had to disable the plugin as it flagged pretty much every newsletter/github/autogenerated email I was receiving. at this point might be useful to remove it as a bundled plugin, and just leave it somewhere accessible as an example package.