446419 – Scam detection triggers on links which read 'http://' but point to 'https://'

Bug 446419 - Scam detection triggers on links which read 'http://' but point to 'https://'

Summary: Scam detection triggers on links which read 'http://' but point to 'https://'

Status:	REPORTED

Alias:	None

Product:	kontact
Classification:	Applications
Component:	mail (show other bugs)
Version:	5.18.2
Platform:	Gentoo Packages Linux

Importance:	NOR minor
Target Milestone:	---
Assignee:	kdepim bugs

URL:
Keywords:

Depends on:
Blocks:

Reported:	2021-12-03 13:59 UTC by Keith
Modified:	2021-12-03 13:59 UTC (History)
CC List:	0 users

See Also:
Latest Commit:
Version Fixed In:

Attachments
Add an attachment

Note You need to log in before you can comment on or make changes to this bug.

Description Keith 2021-12-03 13:59:43 UTC

SUMMARY
In the HTML view of an e-mail message, benign links will trigger scam detection if the displayed URL starts with "http://" but the target URL starts with "https://" (or vice versa).

STEPS TO REPRODUCE
1. Send an e-mail to yourself, in rich text mode, containing a link with the text "http://example.com" which leads to "https://example.com".
2. Open the e-mail in HTML view.

OBSERVED RESULT
A "This message may be a scam" warning appears.

EXPECTED RESULT
Scam detection should not be triggered on URLs with an HTTP/HTTPS protocol mismatch, as long as the domain and path are the same. It's not a meaningful difference, and displaying the warning in this case may condition users to ignore it when there *is* a misleading link.

SOFTWARE/OS VERSIONS
Linux: Gentoo
KDE Plasma Version: 5.23.0
KDE Frameworks Version: 5.87.0
Qt Version: 5.15.2

ADDITIONAL INFORMATION