The arrangement Mozilla has with Google is per-product, and Firefox
only, but we can ask Google to expand it to Thunderbird if we want.
So, my question is: Do we want to use Google's phishing lists in
Thunderbird to detect phishing attempts?
(The main concern I have is finding someone to do the integration work.)
Thanks,
Blake.
--
Blake Winton Thunderbird Front End
bwi...@mozilla.com
_______________________________________________
tb-planning mailing list
tb-pl...@mozilla.org
https://mail.mozilla.org/listinfo/tb-planning
Actually, there's a separate concern which is that we can only use
their APIs with the appropriate contractual relationshp, but I'm
working on that. Knowing that we actually have someone willing to do
the work would be very useful =)
--da
The long and short of it is that detecting phishing attacks is hard to
do right, impossible do with static heuristics.
I have contacts to GMX/Web.de (same company), which is the biggest mail
provider for our users, after GMail. Given that, they have an in-house
abuse team which is very agile. They have a Firefox toolbar which
includes a Phishing filter, list maintained by that abuse team.
The list is at <http://dl.web.de/backend/phish.txt>. P stands for "URL
prefix". The toolbar fetches it every 15 minutes. An XMPP realtime
broadcast is in the works; XMPP would make it faster than Google. Both
are simpler to implement than Google's protocol, which is very complex,
and our Firefox implementation is outright horrible for other reasons, too.
I don't know how the GMX abuse team compares to Google's phishing list,
but using that list could be an option.
Ben
E.g.,
- how it compares w/ Google's.
- is it free to use?
- what are the processes used to add something to the list? to remove
stuff?
etc.
--david