2. Have the email client distinguish between links that are
whitelisted and those that aren't.
I'm with Paul in that I think the web browser and/or a web proxy is a more
appropriate place to do that.
Other than the fact that they are simply better at anything web-related (they
can, for instance, do some heuristics on the actual content that's being
delivered by the web server), I'm worried that a "this link is fine" message
displayed by a MUA is easily confused with "this email is fine", which I don't
think is desirable.
Also, the overwhelming majority of websites are completely fine and harmless,
yet most are probably too obscure to end up on some kind of whitelist, let
alone a personalised one. So I think you're going to have a lot of collatoral
damage.
Having said all this, maliciious links in email are a serious problem today.
Whenever I need a link to the Blackhole exploit kit for research purposes, I
simply dig into my spam folder and look for a fake
Facebook/LinkedIn/Twitter/YouTube/UPS email. More often than not it contains
such a link.
Martijn.
________________________________
Virus Bulletin Ltd, The Pentagon, Abingdon, OX14 3YP, England.
Company Reg No: 2388295. VAT Reg No: GB 532 5598 33.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg