On 12/10/2012 9:10 AM, Paul Smith wrote:
Surely this would be a browser feature (or 'Internet Security Software'
feature) rather than an email client feature.
The email client will not necessarily have any access to web browser
history.
Sorry. I was too cryptic. My suggestion was a whitelist that is shared
with the browser and the MUA, vetted by the user. It's not about one
agent calling the other but of a shared whitelist.
(Bitdefender seems to have a feature that is related, which provides
very distinctive controls over sites that are used for payment, like
banks, based on a special list of such sites.)
The web browser should know that being called from an email client is
'different' from the user clicking on a bookmark or typing in a URL in
the browser. Then, the browser could say to the user 'You've never
accessed this site before, are you sure you want to do it?', or whatever
Development of the list could include various kinds of user
consultation, yes.
The problem is that to have any idea of reputation you'd have to go on
the hostname, not the full URL,
right.
So, the question is, is having a hostname reputation for the user better
than having no reputation, or not? I'd say yes because it would probably
catch 99% of the bad links that I see in phishing/spam, others would say
no because it won't catch 100%.
+1
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg