« Schneier to ISPs: Clean Up Your Act | Main | Why Challenge/Response Is a Bad Idea »

April 30, 2005

Levine at CircleID on Phish-Proofing URLs in Email

John Levine explores in this piece at CircleID whether it makes sense to implement a "path authentication" scheme for URLs, similar to SPF, in which a bank (or any other entity, for that matter) can declare the servers that URLs in email messages are allowed to refer to. Seems pretty hopeless to me, it would be far better to simply implement a warning popup when the URL shown inside a link's text doesn't match the URL in the actual href, or to just stop pretending that HTML email can be made secure, but that's the radical in me talking now...

Posted by schampeo at April 30, 2005 3:19 PM

Search Blog

Browse

• Archives
• Categories
  • antispam in practice
  • consortiae
  • gripes
  • history
  • legal
  • news
  • privacy
  • project
  • security
  • spammers
  • studies and statistics
  • tactics
  • tools
  • viruses and worms

Feeds

• RSS
• ATOM

• Classifications
• News
• Request Eval