I think we're getting into a number of overlapping problems here, most
of which are caused by the use of worst practices (e.g., HTML in email,
outsourced email, use of URL shorteners, web sites that load Javascript
from a dozen different sources[1], financial institutions that are
training their customers to be phish victims, etc.)
I don't think we can solve or even capably attack any of these issues
at the MTA or MUA, so I'll suggest they may be out-of-scope here.
My suggestion that users bookmark their most-used/most-critical web
sites (in their web browser) is actually unrelated to email: that is,
I don't think anyone should ever read their email with a web browser or
with a mail client that has web browser features. I regard doing so as
a catastrophic security failure, one that can't be mitigated no matter
how many layers of code are placed around or on top of it.
So to clarify: this is an entirely manual process, but since it need
only be done once per site and since it need only be done for "important"
sites (in the view of the user) I regard the effort as minimal.
Unfortunately, few users have the self-discipline required to always
use those bookmarks, doubly so given that they're going to receive
email containing links from the very institutions that they would be
most likely to bookmark. (See "training customers to be phish victims".)
---rsk
[1] Using NoScript makes this problem highly visible.
_______________________________________________
Asrg mailing list
Asrg(_at_)irtf(_dot_)org
http://www.irtf.org/mailman/listinfo/asrg