Bug 446419

Summary: Scam detection triggers on links which read 'http://' but point to 'https://'
Product: [Applications] kontact Reporter: Keith <keithhacks-kdebug>
Component: mailAssignee: kdepim bugs <kdepim-bugs>
Status: REPORTED ---    
Severity: minor    
Priority: NOR    
Version First Reported In: 5.18.2   
Target Milestone: ---   
Platform: Gentoo Packages   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:

Description Keith 2021-12-03 13:59:43 UTC 
SUMMARY
In the HTML view of an e-mail message, benign links will trigger scam detection if the displayed URL starts with "http://" but the target URL starts with "https://" (or vice versa).

STEPS TO REPRODUCE
1. Send an e-mail to yourself, in rich text mode, containing a link with the text "http://example.com" which leads to "https://example.com".
2. Open the e-mail in HTML view.

OBSERVED RESULT
A "This message may be a scam" warning appears.

EXPECTED RESULT
Scam detection should not be triggered on URLs with an HTTP/HTTPS protocol mismatch, as long as the domain and path are the same. It's not a meaningful difference, and displaying the warning in this case may condition users to ignore it when there *is* a misleading link.

SOFTWARE/OS VERSIONS
Linux: Gentoo
KDE Plasma Version: 5.23.0
KDE Frameworks Version: 5.87.0
Qt Version: 5.15.2

ADDITIONAL INFORMATION