nanog mailing list archives
RE: HTML email, was Re: Phishing and BGP Blackholing
From: "Joseph Jackson" <JJackson () aninetworks com>
Date: Wed, 17 Jan 2007 18:05:22 -0800
(Snip) but they could be corrected with proper education (how about keeping every URL under one second-level domain related to your company, perhaps companyname.com) (Snip) Proper education for whom, the people setting up the site probably know this already. It's the bosses and marketing that don't care about DNS structure. Damn it they want mazdausa.com and not usa.mazda.com and they will have it their way! At least that's how it is most places I've seen. Joseph -----Original Message----- From: owner-nanog () merit edu [mailto:owner-nanog () merit edu] On Behalf Of Travis H. Sent: Wednesday, January 17, 2007 5:38 PM To: nanog () nanog org Cc: Mark Foster; Rich Kulawiec Subject: HTML email, was Re: Phishing and BGP Blackholing
If you don't have personal control over the mail system you are using, it's possible that you don't have control over whether or not you use HTML.
As an armchair security pundit, I think phishing has adequately highlighted the ability of HTML to mislead, in the sense that its intended recipient is not a human, and that it has evolved into an unfortunately flexible language (and extensions) and the browsers are overly forgiving (because syntactically correct HTML is not really human-writable, either, for the average human who is tasked with doing so). So far I haven't seen a persuasive phishing email that wasn't HTML. The domain name system has enough problems (is mazdausa.com really related to mazda.com?) without involving javascript and ActiveX, but they could be corrected with proper education (how about keeping every URL under one second-level domain related to your company, perhaps companyname.com) -- ``Unthinking respect for authority is the greatest enemy of truth.'' -- Albert Einstein -><- <URL:http://www.subspacefield.org/~travis/>
Current thread:
- Re: Phishing and BGP Blackholing, (continued)
- Re: Phishing and BGP Blackholing Mark Foster (Jan 03)
- Re: Phishing and BGP Blackholing Alexander Harrowell (Jan 04)
- Re: Phishing and BGP Blackholing Michael . Dillon (Jan 04)
- Re: Phishing and BGP Blackholing Alexander Harrowell (Jan 04)
- Re: Phishing and BGP Blackholing Pete Templin (Jan 04)
- Re: Phishing and BGP Blackholing Bill Nash (Jan 04)
- Re: Phishing and BGP Blackholing Michael . Dillon (Jan 04)
- Re: Phishing and BGP Blackholing Joseph S D Yao (Jan 04)
- Re: Phishing and BGP Blackholing Joseph S D Yao (Jan 04)
- HTML email, was Re: Phishing and BGP Blackholing Travis H. (Jan 17)
- RE: HTML email, was Re: Phishing and BGP Blackholing Joseph Jackson (Jan 17)
- Re: HTML email, was Re: Phishing and BGP Blackholing Joe Abley (Jan 18)
- Re: HTML email, was Re: Phishing and BGP Blackholing Jaap Akkerhuis (Jan 18)
- Re: HTML email, was Re: Phishing and BGP Blackholing Stephane Bortzmeyer (Jan 18)
- RE: HTML email, was Re: Phishing and BGP Blackholing Joseph Jackson (Jan 18)
- Re: HTML email, was Re: Phishing and BGP Blackholing Randy Bush (Jan 18)
- Re: HTML email, was Re: Phishing and BGP Blackholing Matthew Black (Jan 18)
- Re: HTML email, was Re: Phishing and BGP Blackholing Travis H. (Jan 18)
- Re: HTML email, was Re: Phishing and BGP Blackholing Joe Provo (Jan 19)
- Re: Phishing and BGP Blackholing Vassili Tchersky (Jan 02)