HTML email, was Re: Phishing and BGP Blackholing
Joseph Jackson
JJackson at aninetworks.com
Thu Jan 18 02:05:22 UTC 2007
(Snip)
but they could be
corrected with proper education (how about keeping every URL under one
second-level domain related to your company, perhaps companyname.com)
(Snip)
Proper education for whom, the people setting up the site probably know
this already. It's the bosses and marketing that don't care about DNS
structure. Damn it they want mazdausa.com and not usa.mazda.com and
they will have it their way!
At least that's how it is most places I've seen.
Joseph
-----Original Message-----
From: owner-nanog at merit.edu [mailto:owner-nanog at merit.edu] On Behalf Of
Travis H.
Sent: Wednesday, January 17, 2007 5:38 PM
To: nanog at nanog.org
Cc: Mark Foster; Rich Kulawiec
Subject: HTML email, was Re: Phishing and BGP Blackholing
> If you don't have personal control over the mail system you are using,
> it's possible that you don't have control over whether or not you use
> HTML.
As an armchair security pundit, I think phishing has adequately
highlighted
the ability of HTML to mislead, in the sense that its intended recipient
is
not a human, and that it has evolved into an unfortunately flexible
language
(and extensions) and the browsers are overly forgiving (because
syntactically
correct HTML is not really human-writable, either, for the average human
who
is tasked with doing so).
So far I haven't seen a persuasive phishing email that wasn't HTML.
The domain name system has enough problems (is mazdausa.com really
related
to mazda.com?) without involving javascript and ActiveX, but they could
be
corrected with proper education (how about keeping every URL under one
second-level domain related to your company, perhaps companyname.com)
--
``Unthinking respect for authority is the greatest enemy of truth.''
-- Albert Einstein -><- <URL:http://www.subspacefield.org/~travis/>
More information about the NANOG
mailing list