Skip to content

Security hints: OpenPhish reputation provider #291

Description

@mortenn

Part of #285, #249, and meta #245.

Provider

OpenPhish.

Fit

Phishing-specific provider. The free community feed is limited and non-commercial, while richer database/feed options require licensing. This should be considered only as a bring-your-own licensed provider or clearly non-commercial local feed option.

Data Sent

Depending on implementation, Browser Picker may either compare locally against a downloaded feed or query a licensed OpenPhish database/API. Any provider API lookup may send the full URL or URL-derived data and must be disclosed.

API / Terms Notes

The Community Feed is free but restricted to non-commercial use and updates less frequently. OpenPhish database/premium feed options provide richer and fresher data through licensed access.

Acceptance Notes

  • Disabled by default.
  • User-triggered only unless a future automatic-check setting explicitly enables phishing checks.
  • Do not silently use the non-commercial Community Feed in product defaults.
  • Prefer local matching for downloaded feeds if terms allow it.
  • For API/database integrations, require bring-your-own license/key and disclose what is sent.
  • Do not log submitted URLs or credentials.
  • Make clear that OpenPhish checks phishing data, not general URL safety.
  • Do not automatically call this provider when a URL matches Defaults.

Out of Scope

  • Malware-focused reputation checks.
  • Bundling licensed OpenPhish data.
  • RDAP or public CT history lookups.

Metadata

Metadata

Assignees

No one assigned

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions