[kmail2] [Bug 407086] New: Scam detection is too sensitive for URLs that trivially differ and are not a scam

[Jonathan Marten]

https://bugs.kde.org/show_bug.cgi?id=407086

            Bug ID: 407086
           Summary: Scam detection is too sensitive for URLs that
                    trivially differ and are not a scam
           Product: kmail2
           Version: Git (master)
          Platform: Other
                OS: Linux
            Status: REPORTED
          Severity: normal
          Priority: NOR
         Component: general
          Assignee: kdepim-bugs at kde.org
          Reporter: jjm at keelhaul.me.uk
  Target Milestone: ---

Created attachment 119742
  --> https://bugs.kde.org/attachment.cgi?id=119742&action=edit
Scam detection message

(This bug really belongs to messagelib, but there doesn't seem to be a Bugzilla
category for that. Please reassign if necessary.)

SUMMARY

The scan detection checks for URLs that display different text to their actual
destination.  This is good, but the check seems to be very sensitive and
detects URLs that differ trivially (with redundant percent encoding or a
trailing slash).  For example, see the attached message triggered by an Amazon
confirmation email - I have partly redacted the URLs to remove personal
information but they were identical before doing so.  The only difference is
the %5C <-> / encoding near the end.

Possibly the display and destination URLs need to be decoded and canonicalised
(with QUrl::StripTrailingSlash and QUrl::NormalizePathSegments) before
comparison.

-- 
You are receiving this mail because:
You are the assignee for the bug.