Educause Security Discussion mailing list archives
Re: URL re-writing in emails
From: "Bole, Jim A" <jbole () ALBANY EDU>
Date: Wed, 20 Jan 2021 19:27:49 +0000
I’ve started shifting the education/training focus away from looking at the links themselves. Even legitimate links for GoogleDrive, OneDirive, etc. are difficult to determine if they are legit or not. I’ve tried focusing mostly on context, which requires more common sense than technical expertise. Are you expecting an email from Wells Fargo? Do you have an account with Amazon? On the “technical” side, I ask people to look at the sender, especially how to differentiate between the display name and the actual smtp address. Jim Bole Chief Information Security Officer University at Albany From: The EDUCAUSE Security Community Group Listserv <SECURITY () LISTSERV EDUCAUSE EDU> on behalf of Walter Roshon <walt.e.roshon () WILMU EDU> Date: Wednesday, January 20, 2021 at 2:19 PM To: SECURITY () LISTSERV EDUCAUSE EDU <SECURITY () LISTSERV EDUCAUSE EDU> Subject: Re: [SECURITY] URL re-writing in emails We've found URL Rewrite causes problems of its own. As you mentioned, it breaks one of the best ways of checking on the validity of a URL in an email. "We had been teaching folks to hover over URLs to determine the destination before clicking links. With re-writing, all links are changed for external sites so that advice is no longer reliable." and it makes us totally reliant on Proofpoint catching the bad URL, which I've observed to be unreliable. Sounds good in the Demo, but not so good in practice. I'd rather go without it so users can check and let Bitdefender catch the Phishing URLs on the client workstation. It excels at stopping users from following malicious URLs, but that's not my call. Walt R Wilmington University ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community ********** Replies to EDUCAUSE Community Group emails are sent to the entire community list. If you want to reply only to the person who sent the message, copy and paste their email address and forward the email reply. Additional participation and subscription information can be found at https://www.educause.edu/community
Current thread:
- URL re-writing in emails Ravi Kotecha (Jan 19)
- Re: [EXTERNAL] [SECURITY] URL re-writing in emails Jason Edelstein (Jan 19)
- Re: URL re-writing in emails Brian Epstein (Jan 21)
- DNS checking Nathan Phillips (Jan 21)
- Re: DNS checking Menne, Michael S (Jan 21)
- DNS checking Nathan Phillips (Jan 21)
- <Possible follow-ups>
- Re: URL re-writing in emails Walter Roshon (Jan 20)
- Re: URL re-writing in emails Bole, Jim A (Jan 20)
- Re: URL re-writing in emails Beth Albertson (Jan 20)
- Re: URL re-writing in emails Bole, Jim A (Jan 20)