News
Commentary
1/24/2005
06:18 AM
50%
50%

Mozilla Gets A Phishing Fix

Thunderbird, Mozilla's open-source messaging client, hasn't yet won the same giant-killing reputation as its older sibling, Firefox. Recently, a group of developers checked a new feature into the Thunderbird code tree that demonstrates how it could, like Firefox, hit the big time by attracting users who are tired of having their pockets picked every time they go online.

Thunderbird, Mozilla's open-source messaging client, hasn't yet won the same giant-killing reputation as its older sibling, Firefox. Recently, a group of developers checked a new feature into the Thunderbird code tree that demonstrates how it could, like Firefox, hit the big time by attracting users who are tired of having their pockets picked every time they go online.

The feature is a simple but promising phishing detector. Some of the most common phishing scams involve HTML email that displays one URL in the message body but actually takes the user to a different site--one where the scam artist quickly relieves victims of their privacy, their money, or both. The current version of the feature, which is available in some Thunderbird development builds, works when the email body text displays one URL, but the actual URL uses an IP address or a different domain name. If the user clicks on a suspicious link, Thunderbird displays a warning and asks the user for a confirmation before allowing a Web browser to open the link.

This is the developers' first stab at implementing the feature, and as they admit, there's plenty of room for improvement before it appears in a production release. But it's a wonderful idea, and it would be great to see this or something like it implemented in Thunderbird 1.1.

As for the other email clients on the market today, especially Microsoft Outlook, the Thunderbird contributors' work begs the question: Why hasn't anyone else thought of this? Outlook already makes Internet Explorer look like Fort Knox; if the Thunderbird development community keeps thinking like this, it might give more Outlook users--or at least the ones not at the mercy of a corporate IT department--a good reason to switch.

Update (Jan.24, 22:26): One of my colleagues, Don St. John, alerted me to an email client with a working anti-phishing feature. Eudora 6.2 opens a pop-up warning when a user mouses over a suspicious link, and the software requires a confirmation before opening a phishy link. If anyone else knows of products with similar features, let me know, and I'll add them to the list.

Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 16, 2014.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.