On Dec 10, 2012, at 12:24 PM, Paul Smith <paul(_at_)pscs(_dot_)co(_dot_)uk>
wrote:
On 10/12/2012 18:23, Martijn Grooten wrote:
I'd say yes because it would probably
catch 99% of the bad links that I see in phishing/spam
No it would not, not even close to that. A lot of spam links to legitimate
but compromised domains.
Maybe - but most of those compromised domains are not domains which the user
would normally go to.
So, even if the link is to a 'legitimate' domain, the vast majority would be
to domains which the user does not recognise. So, it would catch those.
Remember, the idea wasn't to have a 'global' list of 'good domains', but ones
which the *user* has whitelisted, so the user recognises them.
If it's user managed - rather than managed by a third party that actually keeps
track of who is a bank and who isn't - I'd guess it'd just lead to
meta-phishing, where the goal is to get the user to add a link to their
whitelist, rather than having them click on a link.
Cheers,
Steve
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg