False positive Link Fraud with quoted .com url #621
Description
Describe the bug
Quoted links eg. "http://example.com" are falsely identified as fraud url. This seems to only affect specific TLDs (here .com). Other TLDs eg. .de or fictional 3 letter TLDs like .bla seem to not be affected. The message Found phishing fraud from http://www.example.com claiming to be www."http: in <msg-id> is logged.
EDIT: Even when the url does not contain http://www. the log message looks like this Found phishing fraud from http://bla.example.com claiming to be www."http: in <msg-id>
To Reproduce
Send a mail with HTML only or HTML/plain-text mixed content which contains a link with quoted .com url eg.
Expected behavior
- Quoted links with same url in the href and link text should not be treated as dangerous.
- The
.comTLD also shouldn't be handled differently than other TLDs regarding the fraud detection.
Examples
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<a class="moz-txt-link-rfc2396E" href="http://www.example.com">"http://www.example.com"</a><br>
</body>
</html>
Server (please complete the following information):
- OS: Debian
- MailScanner Version: 5.4.4-1
- OS Version: 11
- Installation method: Package + MailWatch
- Installation: Upgraded via multiple steps from <v5.3
- Containerized: No
Additional context
Notice: Thunderbird automatically creates the link in the example when someone uses "http://xyz.tld" in a normal text (without explicitly defining at as a link).