Educause Security Discussion mailing list archives
Re: URL switching in e-mails
From: Alan Amesbury <amesbury () OITSEC UMN EDU>
Date: Tue, 3 Jan 2006 16:14:38 -0600
Valdis Kletnieks wrote:
If the intent was to send HTML, then MailScanner's "solution" *will* result in unreadable text. I don't blame the users for complaining. Perhaps you need to do what SlashDot does - provide an option for a *small* tag identifying the real target: < a href="http://www.real-url.com">Your Bank Here</a> <b>[real-url.com]</b> if the text and the href don't match. Of course, for properly designed HTML, the two *shouldn't* match, because even the < a href="http://www.google.com>Click here for more info</a> abusage doesn't match. If they *do* match, the visible text is an ugly URL rather than nice readable text... ;)
One problem with doing that automagically is when the phishing URL points to a host like www.paypal.com cgi-bin webscr cmd--secure-amp-sh-u https.hurricane.xycum.com ("from the wild" example taken from phishing e-mail received last month). I suspect at least some users will see the "www.paypal.com" part at the beginning of the host name, fail to read the rest of the name, and simply act as if it's legit. Rewriting those parts of the message would seem to be the safest, at least in terms of protecting the users. That said, I *really* dislike the idea of tampering with message content, too. I'll be interested in hearing if anyone's found an ideal solution to this problem. -- Alan Amesbury University of Minnesota
Current thread:
- URL switching in e-mails Justin Sipher (Jan 03)
- <Possible follow-ups>
- Re: URL switching in e-mails Ken Connelly (Jan 03)
- Re: URL switching in e-mails Valdis Kletnieks (Jan 03)
- Re: URL switching in e-mails Joel Rosenblatt (Jan 03)
- Re: URL switching in e-mails David Gillett (Jan 03)
- Re: URL switching in e-mails Justin Sipher (Jan 03)
- Re: URL switching in e-mails Alan Amesbury (Jan 03)
- Re: URL switching in e-mails Valdis Kletnieks (Jan 03)
- Re: URL switching in e-mails Alan Amesbury (Jan 03)
- Re: URL switching in e-mails Valdis Kletnieks (Jan 03)
- Re: URL switching in e-mails Cal Frye (Jan 04)