ietf-asrg
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Asrg] whitelisting links (was Re: misconception in SPF)

2012-12-10 11:20:36
from [Paul Smith] [Permanent Link] 
On 10/12/2012 16:47, Dave Crocker wrote:


On 12/10/2012 6:56 AM, Rich Kulawiec wrote:

 We see examples all day, every day, of sites
that have been hijacked by attackers and now host malicious content where 
formerly there was something innocuous.

...

To wit: users should never follow "important" links in email.  They
should (for example) bookmark their bank's web site, and *always*
use the bookmark.



There is the kernel of an implementable idea here:
1. Create a whitelist of links the user employes regularly through its browser. For an extra measure of safety, query the user about how much they 'trust' the site associated with each link. (The question needs to be put to them with better language than asking about trust.)
2. Have the email client distinguish between links that are whitelisted and those that aren't.
I don't have any idea how much incremental safety this actually would provide, but I think it's worthy of testing.
Surely this would be a browser feature (or 'Internet Security Software' feature) rather than an email client feature.
The email client will not necessarily have any access to web browser history.
The web browser should know that being called from an email client is 'different' from the user clicking on a bookmark or typing in a URL in the browser. Then, the browser could say to the user 'You've never accessed this site before, are you sure you want to do it?', or whatever
The problem is that to have any idea of reputation you'd have to go on the hostname, not the full URL, as many email URLs will be 'unique' to have some tracking information in them (yes, I know it's bad, but you won't get banks to get rid of that, unfortunately), so each email will have different URLs in, even if the final destination is the same.
So, the question is, is having a hostname reputation for the user better than having no reputation, or not? I'd say yes because it would probably catch 99% of the bad links that I see in phishing/spam, others would say no because it won't catch 100%. 



-

Paul Smith Computer Services
Tel: 01484 855800
Vat No: GB 685 6987 53
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Asrg] misconception in SPF, Christian Grunfeld
Next by Date:  Re: [Asrg] misconception in SPF, Martijn Grooten
Previous by Thread:  [Asrg] whitelisting links (was Re: misconception in SPF), Dave Crocker
Next by Thread:  Re: [Asrg] whitelisting links (was Re: misconception in SPF), Martijn Grooten
Indexes:  [Date] [Thread] [Top] [All Lists]