I just downloaded a trial copy of Norton Antivirus 2007 to install on a test machine. On the same box, I have Mozilla’s new Thunderbird 2.0 e-mail client installed. As part of the trial install, I had to create a Norton Account (not sure, but that might be a (TM)) with Symantec.
Symantec sent me an acknowledgment message via e-mail within minutes after I created the account. Thunderbird’s anti-phishing module wasn’t pleased:
I’ve been reasonably impressed with the performance and design of Thunderbird so far, but this sort of false positive is always troubling, no matter where it comes from.
Update: I’m surprised that this post drew so many comments so quickly. Here’s why I’m pointing this out: Mozilla and Google are tight, very tight. They collaborated extensively on the anti-phishing technology in Firefox. Google Mail (Gmail) even gets its own entry in the New Account Setup dialog box for Thunderbird.
So I would assume that mail coming into Thunderbird from my Gmail.com account should be the best possible candidate for the Mozilla/Google team to get right.
And in fact Google Mail does get it right. When I look at the message source, I see two headers added by Google: One shows the results from a Brightmail scan, which says the message is from a whitelisted domain. The other is an SPF header from Google, which is tagged PASS and says the IP address from which the message originated is a “permitted sender.”
Google has gone to a lot of trouble to screen all mail coming into a Gmail account as junk or suspicious. So why isn’t Mozilla able to piggyback on this analysis?
Update 2: For those who think I’m picking on Mozilla, note that I called Microsoft for an even sillier false positive about 18 months ago. And in both cases this behavior is the correct default. When in doubt, let me make the decision, exactly as Thunderbird has done here. But the algorithm really should be better than this.