Bug 296758 added fishing detection to mailnews, but it wasn't documented in Help...

I can update the shortcuts. I have a question about "Show Remote Content" in Message --> Mark, though. Does it do anything more than just show remote content in a message? Do you mark the message as "allowed" to show remote content or something? So the next time you open the message it will display remote content, ignoring your global pref (assuming you've turned off displaying remote content)?

Here's an update of the shortcuts. I added "Mark As Not Scam". Will wait with "Show Remote Content" until it works. Found a bunch of undocumented shortcuts that I added + one nit: "Mark Message As Read by Date" should really be "Mark Messages As Read by Date".

Comment on attachment 201536 [details] [diff] [review] Add/update shortcuts in Help [checked in on trunk & branch] Asking approval. Low-risk, SeaMonkey Help only.

Leaving bug open as we surely need some more general documentation of this.

Hmm, Giacomo - is this something you would like to fix?

This is what I've been working on so far. If you have some time to finish this off soon, go ahead. If nobody else is willing to take over this, please help by providing some scams so I can actually see SM behaviour and write it down: lately, all of the scams I receive are just considered as junk mail and removed... Or even better attach screenshots here. Probably this will need to go together with Junk mail in the help files.

I don't think I can go much further than this. I'd like to receive some feedback on this, tho. My idea is to add this text to mail_help just around the Junk Mail description, and add entries to index1 and toc .rdf files.

Giacomo, I think it looks very promising :) Perhaps Ian can shed some light on how phishing detection works? More precisely, how do we detect scam mails? From what I understand we do check if there's remotely hosted content in the image. But do we also check links etc?

Comment on attachment 215233 [details] A little more helpful help. ><h2>What is Phishing?</h2> > ><p>Phishing is a particularly popular fraudulent business scheme in which I think "popular" is wrong word perhaps "common" or "frequent" > a party creates counterfeit websites designed to trick recipients into > divulging financial data such as credit card numbers, account usernames, Perhaps "personal" instead of "financial" as not all data will be financial. > passwords and social security numbers. Hijacking brand names of banks, > e-retailers and credit card companies, phishers often convince > recipients to respond.</p> > ><p>In many cases, you&apos;ll receive a link to this phishing page via an email > which claims to come from an official-looking (but probably reproduced > fraudulently or <q>forged</q>) address. You can also end up at these pages by > following links that you find on the Web or in IM messages.</p> > ><p><strong>Tip</strong>: Since a forged URL can look very similar to a genuine > one, it&apos;s safer to use a bookmark you&apos;ve created or to type the URL > into the location bar by hand instead of following links from your email. This > is important for any page where you&apos;re asked to log in or provider > private information.</p> > ><h2>&brandShortName; and Phishing detection</h2> > ><p>&brandShortName; Mail phishing detector is always active. When it encounters > a mail which seems to be scam, it will show a warning bar in the message > window.</p> > ><p>If you think that the email is a valid one, you can click on the <q>Not > Scam</q> button, and the warning bar will disappear.</p> > ><p>When a user clicks on a link in an email that appears to be a phishing URL, > &brandShortName; will prompt the user with a dialog box before the Web site is > opened.</p> > ><p>This prompt will appear if either of the following is true: the host name of > the actual URL is an IP address, and the link text is a URL whose host name > does not match the host name of the actual URL.</p> > ><p><strong>Note</strong>: Phishing detection has a higher precedence over Junk > Mail detection.</p> Perhaps we could link to website with more information on?

(In reply to comment #10) > I think "popular" is wrong word perhaps "common" or "frequent" common, OK. > Perhaps "personal" instead of "financial" as not all data will be financial. personal, OK. > Perhaps we could link to website with more information on? What about http://www.honeynet.org/papers/phishing/ ? Too technical?

--> Giacomo

Includes: 1) Add phishing detection to mail_help, help-index1, suite-toc and glossary + help-glossary 2) consistent use of : for UI elements 3) fix 292601 (rewrap from options to edit)

Oh, and forgot: 4) Fixes to some errors in glossary reported from Rafal Likus

Comment on attachment 242388 [details] [diff] [review] Correct patch this time, sorry for bug spam >Index: suite/locales/en-US/chrome/common/help/glossary.xhtml >=================================================================== >@@ -2722,7 +2724,49 @@ to filter unwanted mail.</p> >+ >+<p>&brandShortName; Mail phishing detector is always active. When it encounters >+ a mail which seems to be scam, it will show a warning bar in the message >+ window.</p> This isn't 100% true, it can be disabled using about:config so maybe better to say it is enabled as default or active as default. >+ >+<p>This prompt will appear if either of the following is true: the host name of >+ the actual URL is an IP address, and the link text is a URL whose host name >+ does not match the host name of the actual URL.</p> You said "either" but there is no "or"

Comment on attachment 242451 [details] [diff] [review] Fixing Ian comments >Index: suite/locales/en-US/chrome/common/help/help-glossary.rdf >=================================================================== >@@ -4790,14 +4834,14 @@ to filter unwanted mail.</p> > </ol> > > <ul> >- <li><strong>Customize Tags</strong>: Specifies the tag text and the color >- for each tag. You can edit or replace the default tag text with your >- own text (up to 32 characters). To change the tag color, click the color >- chip next to that tag and select a new color. Use the Move Up and Move Down >- buttons to order your tags by descending importance. Messages with >- multiple tags will be colored according to their most important tag.</li> >+ <li><strong>Customize Tags</strong>: Specifies name, color and importance of >+ each tag. You can change a tag's name, but all tag names must be different. >+ To change the tag color, click the colorpicker chip next to the tag name >+ and select a new color. Use the Raise Importance and Lower Importance >+ buttons to order your tags by descending importance. Messages with multiple >+ tags will be colored according to their most important tag.</li> > <li><strong>Restore Defaults</strong>: Removes all customized tags and >- restores just the default tags' text and colors.</li> >+ restores just the default tag names and colors.</li> Is the above an intended change or is it bit-rot?

*shrug* corre3ct patch coming in later... :(

Comment on attachment 242604 [details] [diff] [review] Unbitrotted (hopefully): converted a ' in &apos; <ol> - <li>Open the View menu, choose Messages, and then choose Customize...</li> + <li>Open the View menu, choose Messages, and then choose Customize</li> Is this really correct? (no need to post a new diff right now).

(In reply to comment #20) > Is this really correct? (no need to post a new diff right now). Definetely yes: these are the last two places where the UI element is being shown with "..." attached to it. Every other place is sane, so it's about time to make it consistent everywhere.

(In reply to comment #21) > (In reply to comment #20) > > Is this really correct? (no need to post a new diff right now). > > Definetely yes: these are the last two places where the UI element is being > shown with "..." attached to it. Every other place is sane, so it's about time > to make it consistent everywhere. > The menuitem label is "Customize...". Do you mean that we should use "Customize" instead of "Customize..." when there's "Customize..." in the UI? Hmm, when did the removal of "..." started?

> > Definetely yes: these are the last two places where the UI element is being > > shown with "..." attached to it. You're correct. But is it sane to not have the "..."(I'm not going to start a war, but I'm curious what the arguments are for not displaying the "..." since they're in the UI and mean something)?

(In reply to comment #23) > > > Definetely yes: these are the last two places where the UI element is being > > > shown with "..." attached to it. > > You're correct. But is it sane to not have the "..."(I'm not going to start a > war, but I'm curious what the arguments are for not displaying the "..." since > they're in the UI and mean something)? Well, you better ask NS doc writers, since this started from day one: have you ever seen a single Browse with following dots in the docs? ;) While having dots is a convention to say that a dialog is coming next, in our docs after the step: "click on Browse" there is always a "pick a file and click ok", I mean, the important thing is giving a description of the full process, not explaining what the dots mean in a UI: the relevant part is the action, not the details of a button.

Comment on attachment 242604 [details] [diff] [review] Unbitrotted (hopefully): converted a ' in &apos; > Well, you better ask NS doc writers, since this started from day one: have you > ever seen a single Browse with following dots in the docs? ;) > While having dots is a convention to say that a dialog is coming next, in our > docs after the step: "click on Browse" there is always a "pick a file and click > ok", I mean, the important thing is giving a description of the full process, > not explaining what the dots mean in a UI: the relevant part is the action, not > the details of a button. Uh, OK. I actually start to think that I'm the one who added the dots... That might explain my reaction ;-) The patch: Nice work (and unbitrottened) - my only concern here is a few grammatic/spelling nits: <ol> - <li>Open the View menu, choose Messages, and then choose Customize...</li> + <li>Open the View menu, choose Messages, and then choose Customize</li> A period after "Customize" ;-) +<p>In many cases, you&apos;ll receive a link to this phishing page via an email I belive "to a phishing page" will sound better - when you're using "this" it makes it sounds as you refer to the previously mentioned "counterfeit websites" here, but they're plural. + which claims to come from an official-looking (but probably reproduced + fraudulently or <q>forged</q>) address. You don't need the content in the paranthesis here, it's clear enough (by context and that you say "claims" - so you can remove the paranthesis and just say "which claims to come from an official-looking address." +<p><strong>Tip</strong>: Since a forged URL can look very similar to a genuine + one, it&apos;s safer to use a bookmark you&apos;ve created or to type the URL + into the location bar by hand instead of following links from your email. "... instead of following a link in an e-mail message." + This is important for any page where you&apos;re asked to log in or provider + private information.</p> Grammatically, this sounds a bit strange, I think. If you want to say something extra here (but you can also remove the whole sentence), I suggest: "Always consider the risk of a forged URL if you're asked to log in or provide private information on a website." +<p><strong>Note</strong>: Phishing detection has a higher precedence over Junk + Mail detection.</p> "... higher precedence than Junk .." r=me with those changes

Stefan, please note that I didn't carry over the review flag since I made more changes after Ian asked to take on also bug 202684 for the time being. So, if this gets r+, the patch will fix 313383, 202684 and 292601.

Comment on attachment 243768 [details] [diff] [review] New patch with suggested changes. <ol> - <li>Open the View menu and choose Show/Hide, and then uncheck Message Pane. + <li>Open the View menu and choose Layout, and then uncheck Message Pane. <p>Alternatively, click the Message Pane handle (the ridged area centered at the bottom of the message list) to close the message pane.</p> @@ -1463,7 +1468,7 @@ <p>Address books store email addresses and contact information for people you typically send mail to, such as colleagues, friends, and family. &brandShortName; Mail &amp; Newsgroups provides you with two address books: - the Personal Address Book and the Collected Addresses Book&mdash;and you can + the Personal Address Book and the Collected Addresses&mdash;and you can create additional address books as well. You can also import address books from other mail programs and previous versions of &brandShortName;. The contents of these address books are stored locally on your hard disk.</p> @@ -1484,8 +1489,7 @@ <p>By default, the Collected Address Book automatically collects the email addresses contained in outgoing mail messages. Addresses from outgoing - messages are stored in the Collected Address Book as soon as you click - Send.</p> + messages are stored in the Collected Address as soon as you click Send.</p> <h4>LDAP Directory (if available)</h4> @@ -1567,8 +1571,8 @@ from the drop-down list.</li> <li>In the Address Book window, click New Card to create a new address book card.</li> - <li>Open a message, which automatically adds the sender&apos;s address to - your Collected Addresses Book (if enabled).</li> + <li>Send a message, which automatically adds the recipient&apos;s address + to your address book (if enabled).</li> <li>In the Address Book window, copy entries to another address book by selecting the entries and dragging them over the name of the address book you want to copy them to.</li> @@ -2071,7 +2075,7 @@ destination folder.</li> <li>Drag and drop messages into the desired folder. Is this the only thing that is new?

Comment on attachment 243768 [details] [diff] [review] New patch with suggested changes. This is nowhere in the patch - is there a reason why you removed it? > +<p><strong>Tip</strong>: Since a forged URL can look very similar to a genuine > + one, it&apos;s safer to use a bookmark you&apos;ve created or to type the > URL > + into the location bar by hand instead of following links from your email. > > "... instead of following a link in an e-mail message." > +<p>In many cases, you&apos;ll receive a link to a phishing page via an email + which claims to come from an official-looking address. You can also end up + at these pages by following links that you find on the Web or in IM + messages.</p> Also, note that you still use "Collected Address Book" in one place :P

> +<p>In many cases, you&apos;ll receive a link to a phishing page via an email > + which claims to come from an official-looking address. You can also end up > + at these pages by following links that you find on the Web or in IM > + messages.</p> > > Also, note that you still use "Collected Address Book" in one place :P > Collected Addresses Book, I mean. Forget the hunk above (copy-paste error)

Comment on attachment 243768 [details] [diff] [review] New patch with suggested changes. I ment this one: <p>By default, the Collected Address Book automatically collects the email addresses contained in outgoing mail messages. Addresses from outgoing - messages are stored in the Collected Address Book as soon as you click - Send.</p> + messages are stored in the Collected Address as soon as you click Send.</p> This one should be: "messages are stored in Collected Adresses as soon as you click send" Can you please attach a new diff with the missing stuff and these change?

Comment on attachment 243795 [details] [diff] [review] Here it is, hopefully the last one... Unfortunately we need a new diff, since I found some more nits/enhancements: +<p>In many cases, you&apos;ll receive a link to a phishing page via an email + which claims to come from an official-looking address. You can also end up + at these pages by following links that you find on the Web or in IM + messages.</p> "IM messages" could be a problem, but I think it's out of scope for this bug to provide an explanation in the glossary. We can leave it as it is and let someone file a bug about it ;-) +<p><strong>Tip</strong>: Since a forged URL can look very similar to a genuine I just realize that we simply takes for granted that the ordinary user knows what an "URL" is. Please make the above "URL" point to the explanation in glossary. + one, it&apos;s safer to use a bookmark you&apos;ve created or to type the URL + into the location bar by hand instead of following a link in an e-mail Oops, my fault. "e-mail" should be email. We actually have 120 "email" and 2 "e-mail" in our xhtml help docs. Can you please fix the last 2 (line 483 and 603 in glossary.xhtml). +<p>This prompt will appear if either of the following is true: the host name of + the actual URL is an IP address, or the link text is a URL whose host name + does not match the host name of the actual URL.</p> A link to "IP address" explanation in the glossary, please. r=me with those changes.

Great improvements, I'd say.

(In reply to comment #33) > Created an attachment (id=243856) [edit] > What stefanh suggested. Carrying over r+. > > Great improvements, I'd say. > Indeed, nice job! It might be a good idea to attach a branch patch - that would probably speed up the check-in (once/if it gets approved).

Comment on attachment 243856 [details] [diff] [review] What stefanh suggested. Carrying over r+. a=me for 1.1b

Checked into trunk: Checking in suite/locales/en-US/chrome/common/help/glossary.xhtml; /cvsroot/mozilla/suite/locales/en-US/chrome/common/help/glossary.xhtml,v <-- glossary.xhtml new revision: 1.45; previous revision: 1.44 done Checking in suite/locales/en-US/chrome/common/help/help-glossary.rdf; /cvsroot/mozilla/suite/locales/en-US/chrome/common/help/help-glossary.rdf,v <-- help-glossary.rdf new revision: 1.24; previous revision: 1.23 done Checking in suite/locales/en-US/chrome/common/help/mail_help.xhtml; /cvsroot/mozilla/suite/locales/en-US/chrome/common/help/mail_help.xhtml,v <-- mail_help.xhtml new revision: 1.77; previous revision: 1.76 done Checking in suite/locales/en-US/chrome/common/help/suite-toc.rdf; /cvsroot/mozilla/suite/locales/en-US/chrome/common/help/suite-toc.rdf,v <-- suite-toc.rdf new revision: 1.91; previous revision: 1.90 done Checking in suite/locales/en-US/chrome/common/help/help-index1.rdf; /cvsroot/mozilla/suite/locales/en-US/chrome/common/help/help-index1.rdf,v <-- help-index1.rdf new revision: 1.56; previous revision: 1.55 Are we missing a patch about tags on 1.8 branch? mail_help.xhtml bitrots - the rest of them seem to apply fine. Giacomo could you attach a 1.8 branch patch please? (or point us in the direction of the missing patches?)

(In reply to comment #36) > Are we missing a patch about tags on 1.8 branch? mail_help.xhtml bitrots - the > rest of them seem to apply fine. > > Giacomo could you attach a 1.8 branch patch please? (or point us in the > direction of the missing patches?) > Bug 342560 has the patches, and they seem to have been correctly checked-in. Not sure what is going on here. See my pvt email, please.

Another candidate for missing patches is bug 347110, but IanN should have checked in on branch as well.

I've checked mail_help.xhtml cvs logs, and the only difference there should be bug 346605 which is just irrelevant. All other patches after the forked 1.62 version have been checked in both branch and trunk, with just one patch "swapped" (1-2 on trunk became 2-1 on branch).

For some reasons, mail_help.xhtml hunk #31 (@@ -4797,7 +4842,7 @@) failed because the branch file had "default tag names and colors" instead "default tags' text and colors". I synched this with the trunk version now (though the branch version might actually have been better - I just cared it applies and the files are in sync). Checked into branch: Checking in glossary.xhtml; /cvsroot/mozilla/extensions/help/resources/locale/en-US/Attic/glossary.xhtml,v <-- glossary.xhtml new revision: 1.41.8.3; previous revision: 1.41.8.2 done Checking in help-glossary.rdf; /cvsroot/mozilla/extensions/help/resources/locale/en-US/Attic/help-glossary.rdf,v <-- help-glossary.rdf new revision: 1.21.8.2; previous revision: 1.21.8.1 done Checking in mail_help.xhtml; /cvsroot/mozilla/extensions/help/resources/locale/en-US/Attic/mail_help.xhtml,v <-- mail_help.xhtml new revision: 1.62.2.14; previous revision: 1.62.2.13 done Checking in help-toc.rdf; /cvsroot/mozilla/extensions/help/resources/locale/en-US/Attic/help-toc.rdf,v <-- help-toc.rdf new revision: 1.78.4.11; previous revision: 1.78.4.10 done Checking in help-index1.rdf; /cvsroot/mozilla/extensions/help/resources/locale/en-US/Attic/help-index1.rdf,v <-- help-index1.rdf new revision: 1.44.8.10; previous revision: 1.44.8.9 done