change the filter execution to after classification from the default before classification. That way the body text will have completed it's arrival before you try and test it.

BTW if you are trying to manage spam with filters, good luck. It will consume more time that the process of doing it manually and will never end. Make sure you mark as SPAM in the filter each message you filter as spam. It helps the filter learn. Simply deleting without marking as spam does not.

Matt,

Thank you for the reply. However, the Body Contains filter still will not filter my message.

I attached the images of the filter I am using the the text I wanted to filter from a phishing email.

Can someone test the "Body Contains" filter and correct it?

There is nothing to say the text shown in the footer there actually exists in the body of the email. Press Ctrl+U and examine the body text. With phishing emails there is often a serious desire to mask the URL, Thunderbird decodes it and puts it in the status bar, but it may appear in the message body as a string of unicode, a string of hexadecimat or a collection of those and plain text. It might also be a href on an image, therefore not a part of the message body at all. (HTML source is not supposed to be available to filters, only the rendered HTML text.)

This offers some limited information on those formats https://support.mozilla.org/en-US/kb/thunderbirds-scam-detection Or you could check out the source code in phishingDetector.js which is technical, but readable.

I verified the text inside the email source. The filter just doe NOT work. Please test it yourself, you will see it does not work.

I would not expect it to work. The URL is a href within the HTML source. As I said HTML source is not available to filters.

You are limited to text you see in the message when you read it.

"if versification is not gotten from you in the next 48hr" as the filter text and see how you go. Nothing but that email will ever have that sort of bad wording. It looks like something I had my fingers slapped for in the third grade.

Can the developer modify the Body filter to scan the text in html emails, specifically URLS? ie scan the source? The phishing is done inside the URL and that what I want to block.

DrakeBliss said

Can the developer modify the Body filter to scan the text in html emails, specifically URLS? ie scan the source? The phishing is done inside the URL and that what I want to block.

They just fixed a bug that allowed that. So I don't think so.

This add-on MIGHT offer access. but my JavaScript is not good enough to find out. https://addons.thunderbird.net/en-US/thunderbird/addon/filtaquilla/

filtaquilla does not have this option. html message are text files, so I do not understand why it will not filter text inside irl text string?

Your understanding is not required for the thing to be as it is. You get to filter the visible text of the email (plain text if you will) you do not get to filter the actual message source.

HTML message are the norm, not plain text, who can I ask that this feature be added to scan html type email body?

DrakeBliss said

HTML message are the norm, not plain text, who can I ask that this feature be added to scan html type email body?

And HTML filter is not offered. But go ahead, file an enhancement request. https://bugzilla.mozilla.org/

Before you do I suggest you read https://bugzilla.mozilla.org/show_bug.cgi?id=1211128 and https://bugzilla.mozilla.org/show_bug.cgi?id=678322 (fixed and should be in 60.3 I think. and https://bugzilla.mozilla.org/show_bug.cgi?id=1230815 And https://bugzilla.mozilla.org/show_bug.cgi?id=1245157

There might be others, I really don't follow filtering bugs much. There were just some that came up in a Google search and ARE relevant.