AI-powered email phishing detection using a private, local LLM. No data leaves your device. Supported Local LLM Providers: - Ollama - LM Studio - llama.cpp server - vLLM - etc.
Version Information
Version 1.0.6
49.3 KiB
Works with
Thunderbird 115.0 and later
v1.0.6 - False Positive Reduction Update Changes Made 1. Added "Suspicious" Verdict Category - New verdict: suspicious - for borderline emails that aren't clearly malicious - Three-tier system: legitimate → suspicious → malicious - UI shows orange badge with "⚡ SUSPICIOUS" for this category 2. Enhanced System Prompt with Legitimate Email Patterns Added guidance for the LLM to recognize legitimate emails: - Mailing list headers (newsletters) - No credential requests - Links matching sender domain - Transactional emails (receipts, confirmations) - Personalized greetings 3. Mailing List Recognition - Emphasized is_mailing_list: true as a strong legitimate indicator - Prompt explicitly states "newsletters are typically legitimate" 4. Confidence Threshold Logic - Low-confidence "malicious" verdicts (< 70%) automatically downgraded to "suspicious" - Adds explanatory reason when adjustment occurs 5. Reply-To/Return-Path Context - Clarified these mismatches are common in legitimate newsletters - "Only suspicious when combined with phishing content" 6. Updated UI - New orange "warning" badge style for suspicious emails - Pulsing animation to draw attention without alarming Files Modified | File | Changes | |------|---------| | src/shared/state.js | Added 'suspicious' to VERDICTS array | | src/shared/api.js | New prompt, confidence threshold logic | | src/messageDisplay/inject.js | 3-tier verdict display logic | | src/messageDisplay/inject.css | Orange warning badge styling | | manifest.json | Version 1.0.6 | | package.json | Version 1.0.6 | Expected Impact - Fewer legitimate emails marked as "malicious" - Borderline cases now show "suspicious" instead of binary verdict - Newsletters and mailing lists less likely to trigger false positives - Low-confidence detections handled more gracefully
Some add-ons ask for permission to perform certain functions (example: a tab management add-on will ask permission to access your browser’s tab system).
Since you’re in control of your Thunderbird, the choice to grant or deny these requests is yours. Accepting permissions does not inherently compromise your browser’s performance or security, but in some rare cases risk may be involved.
Add-ons
