Phishing detection.

12 views
Skip to first unread message

Blake Winton

unread,
May 3, 2011, 12:31:37 PM5/3/11
to tb-pl...@mozilla.org
There have been some people working on Thunderbird's phishing detector
recently, and one of the things they brought up was Google's phishing lists.

The arrangement Mozilla has with Google is per-product, and Firefox
only, but we can ask Google to expand it to Thunderbird if we want.

So, my question is: Do we want to use Google's phishing lists in
Thunderbird to detect phishing attempts?

(The main concern I have is finding someone to do the integration work.)

Thanks,
Blake.
--
Blake Winton Thunderbird Front End
bwi...@mozilla.com
_______________________________________________
tb-planning mailing list
tb-pl...@mozilla.org
https://mail.mozilla.org/listinfo/tb-planning

David Ascher

unread,
May 3, 2011, 12:39:15 PM5/3/11
to Blake Winton, tb-pl...@mozilla.org

> So, my question is: Do we want to use Google's phishing lists in
> Thunderbird to detect phishing attempts?
>
> (The main concern I have is finding someone to do the integration work.)

Actually, there's a separate concern which is that we can only use
their APIs with the appropriate contractual relationshp, but I'm
working on that. Knowing that we actually have someone willing to do
the work would be very useful =)

--da

Jonathan Protzenko

unread,
May 3, 2011, 12:54:43 PM5/3/11
to David Ascher, tb-pl...@mozilla.org
I think I wrote a thing or two I recalled from former discussions with
David there <https://bugzilla.mozilla.org/show_bug.cgi?id=623198>.
David, you might want to check I haven't said any stupid things :-).

David Ascher

unread,
May 3, 2011, 12:58:20 PM5/3/11
to Jonathan Protzenko, tb-pl...@mozilla.org
"deal not going through" isn't really correct, but it doesn't matter.

The long and short of it is that detecting phishing attacks is hard to
do right, impossible do with static heuristics.

Ben Bucksch

unread,
May 4, 2011, 6:56:12 AM5/4/11
to tb-pl...@mozilla.org
On 03.05.2011 18:31, Blake Winton wrote:
> There have been some people working on Thunderbird's phishing detector
> recently, and one of the things they brought up was Google's phishing
> lists.

I have contacts to GMX/Web.de (same company), which is the biggest mail
provider for our users, after GMail. Given that, they have an in-house
abuse team which is very agile. They have a Firefox toolbar which
includes a Phishing filter, list maintained by that abuse team.

The list is at <http://dl.web.de/backend/phish.txt>. P stands for "URL
prefix". The toolbar fetches it every 15 minutes. An XMPP realtime
broadcast is in the works; XMPP would make it faster than Google. Both
are simpler to implement than Google's protocol, which is very complex,
and our Firefox implementation is outright horrible for other reasons, too.

I don't know how the GMX abuse team compares to Google's phishing list,
but using that list could be an option.

Ben

David Ascher

unread,
May 4, 2011, 12:20:08 PM5/4/11
to Ben Bucksch, tb-pl...@mozilla.org
It'd be interesting to know more about GMX's service.

E.g.,
- how it compares w/ Google's.
- is it free to use?
- what are the processes used to add something to the list? to remove
stuff?

etc.

--david

Reply all
Reply to author
Forward
0 new messages