https://bugs.kde.org/show_bug.cgi?id=407086
Bug ID: 407086 Summary: Scam detection is too sensitive for URLs that trivially differ and are not a scam Product: kmail2 Version: Git (master) Platform: Other OS: Linux Status: REPORTED Severity: normal Priority: NOR Component: general Assignee: kdepim-bugs@kde.org Reporter: j...@keelhaul.me.uk Target Milestone: --- Created attachment 119742 --> https://bugs.kde.org/attachment.cgi?id=119742&action=edit Scam detection message (This bug really belongs to messagelib, but there doesn't seem to be a Bugzilla category for that. Please reassign if necessary.) SUMMARY The scan detection checks for URLs that display different text to their actual destination. This is good, but the check seems to be very sensitive and detects URLs that differ trivially (with redundant percent encoding or a trailing slash). For example, see the attached message triggered by an Amazon confirmation email - I have partly redacted the URLs to remove personal information but they were identical before doing so. The only difference is the %5C <-> / encoding near the end. Possibly the display and destination URLs need to be decoded and canonicalised (with QUrl::StripTrailingSlash and QUrl::NormalizePathSegments) before comparison. -- You are receiving this mail because: You are the assignee for the bug.