Browing to Mailspring - The best free email app using Microsoft Edge 109 with smart screen protection gives the following warning:

image702×563 29.7 KB

It’s been “reported” to MSFT. Probably some dirty tricks by who knows! For what it’s worth, Chrome with the ‘extreme safe’ setting, doesn’t flag that page, so I’m confident that ominous warning can be safely ignored.

Mailspring was abandoned ages ago, there’s literally no-one working on it and no-one cares I doubt.

It is probably strongly advised to switch to an alternative email client because this one is only going to get more and more insecure, vulnerable and out of date.

I’m a bit confused, aren’t they selling the Mailspring Pro - Read Receipts, analytics, and more for any email account. at the moment and it is the software we see on GitHub? The latest release was a month ago GitHub - Foundry376/Mailspring: A beautiful, fast and fully open source mail client for Mac, Windows and Linux.

What do you mean exactly by abandoned in this case? I’m not following

Fair enough if the core developers are still contributing to the codebase on Github - maybe they just don’t bother with this community forum any longer. The app is riddled with loads of bugs and issues and many have been reporting these here and all gone without fixes or responses.

I am pretty sure it went quite some time without any activity. I must admit, I have not actually checked the Github history on exactly what has been worked on in the past 12 months. So feel free to ignore me and investigate this yourself.

A lot of us left it for this very reason some time ago now. See here for example.

Ok, interesting to see where things are going, so I guess back to Thunderbird, where I was. Thanks for linking to the other topic with your experience, it has saved me a lot of time

No problem, of course, you don’t have to take my word for it - it had a lot of potential and was popular at one point - if there is someone behind the scenes working on it still then it may well be worth pursuing with

There is some movement on github but my gut feeling was to not use it as something smells wrong. I just confirmed my gut feeling by reading your post and many others, I will not take the risk. No dev seems to care about github or the forum

There is an open URL redirector on link.getmailspring.com - it’s being abused in a phishing campaign. It’s likely this which caused the domain to be flagged by Smartscreen.

The open redirect link looks like /link/.local-<guid-syle chars?>-v1.4.2-<guid chars?>@getmailspring.com/0?redirect=https://phishing-url-here

If the site admins have lengthy access logs for the link .getmailspring.com web server, I’m curious about the earliest log entries which abused the open redirect - for example, you might perhaps be able to see which source IPs initially checked for the open redirect, whether they used a particular user-agent, the timeline between them finding it & then first being abused, which phishing URLs have been used with the redirector, how many clicks there were etc. All interesting stuff to me.