SUMMARY KMail reports me various links as being “scam”, because they contain some odd detail, like ending with &. But a link like https://kde.оrg is not reported, although it is obviously a phishing link. (It contains a cyrillic o and points to https://kde.xn--rg-emc/) STEPS TO REPRODUCE 1. Send https://kde.оrg as email to yourself OBSERVED RESULT Nothing special EXPECTED RESULT Shows me some warning about a non-ascii domain name SOFTWARE/OS VERSIONS KDE Frameworks Version: 5.71.0 Qt Version: 5.14.2 ADDITIONAL INFORMATION I don’t know what scam means, the usual meaning is very vague on URLs. But based on the previous warnings, I expected KMail to recognize phishing links.
by default domain can support non ascii char. It will create a lot of false result non ?
Some browsers update the address bar to https://kde.xn--rg-emc/. Everything else proceeds as usual. What do you mean with false results?
"What do you mean with false results?" if we check each char to compare to no ascii it will signal all utf8 url even if it's not a phishing link.
I was thinking that usually URLs are written in their ascii form. If you send a link which is intended to have a non-ascii domain, it will be marked as phishing. Every domain that is actually like höhö.com will be a false positive, but I think these are rare. Of course my idea is to check only the domain name, not the whole URL.