Thunderbird scam false detection.
Hello!
Our company, UniSender Inc. (http://unisender.com) is a well-settled email marketing service in Russia, Ukraine and CIS countries. We practice only legal mailings by subscription, following the established practices for email marketing. Each letter surely has the link for instant unsubscribe from the mailing list. We don't hide, we have correct PTR records, sign each mail with DKIM and DomainKeys, promptly rreact on abuse messages, participate in feedback loop pprograms with AOL, Yahoo, MSN/Live/Hotmail, Gmail, Mail.ru, Yandex etc.
We've noticed, that Thuderbird scam detection detects our tracking domains as dangerous links! For example, these are usndr.com, u.crmesp.com (backend domain of our reseller Terrasoft). How we can fix this?
Also we've noticed, that here https://support.mozilla.org/en-US/kb/thunderbirds-scam-detection are used images, where OUR domain usndr.com is shown as scam (please see attached screenshot). We think, it's inappropriate. Could you please blur it?
Isisombululo esikhethiwe
re : images, where OUR domain usndr.com is shown as scam (please see attached screenshot). We think, it's inappropriate. Could you please blur it?
I'll try to get some attention to this for you.
But I would suggest you check your emails as they clearly have on occasion triggered a spam type of filter. As mentioned in the same webpage: It looks for characteristics in messages that are common in scam messages, for example:
- Links with numerical server names (http://127.0.0.1/).
- Links where the text doesn't match the server name (for example, the text of the message might say "https://secure.example.com" but the link actually goes to "http://phishing.example.com" instead). Phishers do this to fool you into going to their site. Unfortunately some legitimate mailing lists also do this with redirectors for tracking purposes.
- A remote image link that has different image source than the link points to (spoofing a legitimate web site, similar to the link spoofing described above).
Check your emails for these kind of content so the trigger is not set.
I notice that the webpage also mentions this immediately below the image.
Why does Thunderbird tell me that a legitimate message is a scam?
So clearly, implying that the image information could be for a legitimate website. This means it could actually be working in your favour if your email content is causing these types of triggers.
All Replies (5)
Isisombululo Esikhethiwe
re : images, where OUR domain usndr.com is shown as scam (please see attached screenshot). We think, it's inappropriate. Could you please blur it?
I'll try to get some attention to this for you.
But I would suggest you check your emails as they clearly have on occasion triggered a spam type of filter. As mentioned in the same webpage: It looks for characteristics in messages that are common in scam messages, for example:
- Links with numerical server names (http://127.0.0.1/).
- Links where the text doesn't match the server name (for example, the text of the message might say "https://secure.example.com" but the link actually goes to "http://phishing.example.com" instead). Phishers do this to fool you into going to their site. Unfortunately some legitimate mailing lists also do this with redirectors for tracking purposes.
- A remote image link that has different image source than the link points to (spoofing a legitimate web site, similar to the link spoofing described above).
Check your emails for these kind of content so the trigger is not set.
I notice that the webpage also mentions this immediately below the image.
Why does Thunderbird tell me that a legitimate message is a scam?
So clearly, implying that the image information could be for a legitimate website. This means it could actually be working in your favour if your email content is causing these types of triggers.
Thanks. So, did i understand correctly? If our ESP service uses it's links for tracking, it is automatically treated as scam for thunderbird?
I've personally edited the area that displays the name so it has a black line covering the text rendering it unreadible. I've submitted the edited page, so it is now awaiting the ok before uploading - sorry but that part is out of my hands.
Update: The revision has been approved.
re :links for tracking, it is automatically treated as scam
This is not just a Thunderbird filter issue. This could be a server spam filtering issue. Whilst some filtering in Thunderbird may not be perfect, it does use typical methods used by other spam filtering programs.
Mailchimp discusses the same issue: https://mailchimp.com/help/my-campaign-links-trigger-possible-fraud-alerts/ Helpful advise at this link: https://help.campaignmonitor.com/avoid-looking-like-a-phisher