Educause Security Discussion mailing list archives
Re: URL switching in e-mails
From: Valdis Kletnieks <Valdis.Kletnieks () VT EDU>
Date: Tue, 3 Jan 2006 14:50:28 -0500
On Tue, 03 Jan 2006 14:04:06 EST, Justin Sipher said:
MailScanner has detected a possible fraud attempt from "www.bogus.com" claiming to be http://www.real-url.comWe are now getting some push back from users claiming that this inserted text makes it "beyond difficult" to read the messages clearly. (please don't laugh)
If the intent was to send HTML, then MailScanner's "solution" *will* result in unreadable text. I don't blame the users for complaining. Perhaps you need to do what SlashDot does - provide an option for a *small* tag identifying the real target: < a href="http://www.real-url.com">Your Bank Here</a> <b>[real-url.com]</b> if the text and the href don't match. Of course, for properly designed HTML, the two *shouldn't* match, because even the < a href="http://www.google.com>Click here for more info</a> abusage doesn't match. If they *do* match, the visible text is an ugly URL rather than nice readable text... ;)
Attachment:
_bin
Description:
Current thread:
- URL switching in e-mails Justin Sipher (Jan 03)
- <Possible follow-ups>
- Re: URL switching in e-mails Ken Connelly (Jan 03)
- Re: URL switching in e-mails Valdis Kletnieks (Jan 03)
- Re: URL switching in e-mails Joel Rosenblatt (Jan 03)
- Re: URL switching in e-mails David Gillett (Jan 03)
- Re: URL switching in e-mails Justin Sipher (Jan 03)
- Re: URL switching in e-mails Alan Amesbury (Jan 03)
- Re: URL switching in e-mails Valdis Kletnieks (Jan 03)
- Re: URL switching in e-mails Alan Amesbury (Jan 03)
- Re: URL switching in e-mails Valdis Kletnieks (Jan 03)
- Re: URL switching in e-mails Cal Frye (Jan 04)