Tjyylli

Will I be more secure with my own router behind my ISP's router?

Why did Bronn offer to be Tyrion Lannister's champion in trial by combat?

Who's this lady in the war room?

How to produce a PS1 prompt in bash or ksh93 similar to tcsh

Putting Ant-Man on house arrest

Compiling and throwing simple dynamic exceptions at runtime for JVM

Are Flameskulls resistant to magical piercing damage?

Is there a verb for listening stealthily?

Does using the Inspiration rules for character defects encourage My Guy Syndrome?

Assertions In A Mock Callout Test

A journey... into the MIND

When does Bran Stark remember Jamie pushing him?

Why does my GNOME settings mention "Moto C Plus"?

Can I ask an author to send me his ebook?

“Since the train was delayed for more than an hour, passengers were given a full refund.” – Why is there no article before “passengers”?

Protagonist's race is hidden - should I reveal it?

What is the difference between 准时 and 按时?

Why do C and C++ allow the expression (int) + 4*5?

Why isn't everyone flabbergasted about Bran's "gift"?

false 'Security alert' from Google - every login generates mails from 'no-reply@accounts.google.com'

lm and glm function in R

Is Bran literally the world's memory?

What's the connection between Mr. Nancy and fried chicken?

Trying to enter the Fox's den

Anti-phishing method for Thunderbird using filters?

.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}

0

I would like to create a Thunderbird filter that moves all messages into a directory phishing if the Subject matches Foobar and if and only if they're not from Foobar.net (as determined by the end of the From: address)

How can I do this?

thunderbird phishing

share|improve this question

edited 6 hours ago

Evan Carroll

asked 6 hours ago

Evan CarrollEvan Carroll

4,418855105

add a comment | 

0

I would like to create a Thunderbird filter that moves all messages into a directory phishing if the Subject matches Foobar and if and only if they're not from Foobar.net (as determined by the end of the From: address)

How can I do this?

thunderbird phishing

share|improve this question

edited 6 hours ago

Evan Carroll

asked 6 hours ago

Evan CarrollEvan Carroll

4,418855105

add a comment | 

I would like to create a Thunderbird filter that moves all messages into a directory phishing if the Subject matches Foobar and if and only if they're not from Foobar.net (as determined by the end of the From: address)

How can I do this?

thunderbird phishing

share|improve this question

edited 6 hours ago

Evan Carroll

asked 6 hours ago

Evan CarrollEvan Carroll

4,418855105

share|improve this question

edited 6 hours ago

Evan Carroll

asked 6 hours ago

Evan CarrollEvan Carroll

4,418855105

share|improve this question

edited 6 hours ago

Evan Carroll

asked 6 hours ago

Evan CarrollEvan Carroll

4,418855105

asked 6 hours ago

Evan CarrollEvan Carroll

4,418855105

asked 6 hours ago

Evan CarrollEvan Carroll

4,418855105

1 Answer
1

active

oldest

votes

1

Since there is currently no option for does not end with, the closest might be the filter shown below. The @ symbol should be sufficient to ensure that addresses such as @NotReally.Foobar.net are caught, but would miss @Foobar.net.com.

That said, the From line is often misleading, since so many phishing emails use spoofing: that address is untrustworthy. A filter might be of some use, but expect 'leakage' no matter what you do.

share|improve this answer

answered 5 hours ago

DrMoishe PippikDrMoishe Pippik

10.6k21432

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  damn, I really wanted regex capability in there, guess it's not possible.
  
  – Evan Carroll
  5 hours ago
  

  
  
  
  

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1428386%2fanti-phishing-method-for-thunderbird-using-filters%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

1

Since there is currently no option for does not end with, the closest might be the filter shown below. The @ symbol should be sufficient to ensure that addresses such as @NotReally.Foobar.net are caught, but would miss @Foobar.net.com.

That said, the From line is often misleading, since so many phishing emails use spoofing: that address is untrustworthy. A filter might be of some use, but expect 'leakage' no matter what you do.

share|improve this answer

answered 5 hours ago

DrMoishe PippikDrMoishe Pippik

10.6k21432

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  damn, I really wanted regex capability in there, guess it's not possible.
  
  – Evan Carroll
  5 hours ago
  

  
  
  
  

add a comment | 

1

Since there is currently no option for does not end with, the closest might be the filter shown below. The @ symbol should be sufficient to ensure that addresses such as @NotReally.Foobar.net are caught, but would miss @Foobar.net.com.

That said, the From line is often misleading, since so many phishing emails use spoofing: that address is untrustworthy. A filter might be of some use, but expect 'leakage' no matter what you do.

share|improve this answer

answered 5 hours ago

DrMoishe PippikDrMoishe Pippik

10.6k21432

• 
  
  
  

  
  

  
  
  
  
  
  

  
  
  damn, I really wanted regex capability in there, guess it's not possible.
  
  – Evan Carroll
  5 hours ago
  

  
  
  
  

add a comment | 

Since there is currently no option for does not end with, the closest might be the filter shown below. The @ symbol should be sufficient to ensure that addresses such as @NotReally.Foobar.net are caught, but would miss @Foobar.net.com.

That said, the From line is often misleading, since so many phishing emails use spoofing: that address is untrustworthy. A filter might be of some use, but expect 'leakage' no matter what you do.

share|improve this answer

answered 5 hours ago

DrMoishe PippikDrMoishe Pippik

10.6k21432

share|improve this answer

answered 5 hours ago

DrMoishe PippikDrMoishe Pippik

10.6k21432

answered 5 hours ago

DrMoishe PippikDrMoishe Pippik

10.6k21432

answered 5 hours ago

DrMoishe PippikDrMoishe Pippik

10.6k21432