Thunderbird2:Phishing

From MozillaWiki
Revision as of 22:05, 9 March 2006 by Mscott (talk | contribs)
Jump to navigation Jump to search
Please do not edit these pages unless you are a member of Team Thunderbird. Your feedback and comments are welcomed on the discussion page.

Tracked by: bug 328749

Goals & Objectives

The primary objectives of this project are to:

  • Make it easy for web services to support online phishing detectors into Thunderbird.
  • Ship a default phishing service implementation that uses a local and online URL blacklist.

Background

Thunderbird 1.5 contains a basic phishing detector to help protect users against revealing personal information to e-mail scams.

The current implementation uses a set of simple static rules to determine if a URL in a message looks suspicious or not.

These rules look for things like: IP addresses in the host name field, URLs which have different host names than the urls the message shows the user (i.e. the url is http://myevilsite.com but the url text shown to the user is http://ebay.com).

We would like to make it possible for web service extension authors to replace our existing phishing detector with...

User Interface

We already have a user interface in Thunderbird 1.5 for presenting messages which could be potential e-mail scams. We plan on leaving this UI intact, focusing our work on re-designing the actual phishing detector engine.

The current UI looks like this:



Functional Requirements

TBD, but reasonable compatibility with Firefox 1.x

Code Location

mozilla/browser/components/places/

for the most part. Build with --enable-places in your .mozconfig file. This development is happening simultaneously on the trunk and MOZILLA_1_8_BRANCH. To avoid conflicting with the browser and causing bustage, there are some shims in place that overlay the browser to insert the Places UI access points.

Team

API Changes Required

The APIs for accessing Bookmarks and History will be replaced. APIs abstracting the layout of the metadata tables used in the profile storage file will be provided. See above for details.


Extensions

The APIs for accessing and manipulating Bookmarks and History are being replaced with new ones, and almost all Bookmarks and History user interface will be replaced or updated significantly. Any extension that does anything with History or Bookmarks will almost certainly have to be rewritten, at the very least to use the new APIs.

Retrieved from "https://wiki.mozilla.org/index.php?title=Thunderbird2:Phishing&oldid=18503"