HTML email, was Re: Phishing and BGP Blackholing

From: Travis H. (travis+)
Date: Wed Jan 17 2007 - 20:38:14 EST

Next message: Joseph Jackson: "RE: HTML email, was Re: Phishing and BGP Blackholing"

Previous message: Travis H.: "Re: Phishing and BGP Blackholing"
In reply to: Joseph S D Yao: "Re: Phishing and BGP Blackholing"
Next in thread: Joseph Jackson: "RE: HTML email, was Re: Phishing and BGP Blackholing"
Reply: Joseph Jackson: "RE: HTML email, was Re: Phishing and BGP Blackholing"
Maybe reply: Jaap Akkerhuis: "Re: HTML email, was Re: Phishing and BGP Blackholing"
Maybe reply: Stephane Bortzmeyer: "Re: HTML email, was Re: Phishing and BGP Blackholing"
Maybe reply: Matthew Black: "Re: HTML email, was Re: Phishing and BGP Blackholing"
Maybe reply: Randy Bush: "Re: HTML email, was Re: Phishing and BGP Blackholing"
Maybe reply: Fergie: "Re: HTML email, was Re: Phishing and BGP Blackholing"
Maybe reply: Stephane Bortzmeyer: "Re: HTML email, was Re: Phishing and BGP Blackholing"
Maybe reply: Joe Provo: "Re: HTML email, was Re: Phishing and BGP Blackholing"
Maybe reply: Fergie: "Re: HTML email, was Re: Phishing and BGP Blackholing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> If you don't have personal control over the mail system you are using,
> it's possible that you don't have control over whether or not you use
> HTML.

As an armchair security pundit, I think phishing has adequately highlighted
the ability of HTML to mislead, in the sense that its intended recipient is
not a human, and that it has evolved into an unfortunately flexible language
(and extensions) and the browsers are overly forgiving (because syntactically
correct HTML is not really human-writable, either, for the average human who
is tasked with doing so).

So far I haven't seen a persuasive phishing email that wasn't HTML.

The domain name system has enough problems (is mazdausa.com really related
to mazda.com?) without involving javascript and ActiveX, but they could be
corrected with proper education (how about keeping every URL under one
second-level domain related to your company, perhaps companyname.com)

-- 
``Unthinking respect for authority is the greatest enemy of truth.''
-- Albert Einstein -><- <URL:http://www.subspacefield.org/~travis/>

application/pgp-signature attachment: stored

Next message: Joseph Jackson: "RE: HTML email, was Re: Phishing and BGP Blackholing"

Previous message: Travis H.: "Re: Phishing and BGP Blackholing"
In reply to: Joseph S D Yao: "Re: Phishing and BGP Blackholing"
Next in thread: Joseph Jackson: "RE: HTML email, was Re: Phishing and BGP Blackholing"
Reply: Joseph Jackson: "RE: HTML email, was Re: Phishing and BGP Blackholing"
Maybe reply: Jaap Akkerhuis: "Re: HTML email, was Re: Phishing and BGP Blackholing"
Maybe reply: Stephane Bortzmeyer: "Re: HTML email, was Re: Phishing and BGP Blackholing"
Maybe reply: Matthew Black: "Re: HTML email, was Re: Phishing and BGP Blackholing"
Maybe reply: Randy Bush: "Re: HTML email, was Re: Phishing and BGP Blackholing"
Maybe reply: Fergie: "Re: HTML email, was Re: Phishing and BGP Blackholing"
Maybe reply: Stephane Bortzmeyer: "Re: HTML email, was Re: Phishing and BGP Blackholing"
Maybe reply: Joe Provo: "Re: HTML email, was Re: Phishing and BGP Blackholing"
Maybe reply: Fergie: "Re: HTML email, was Re: Phishing and BGP Blackholing"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Invaluement Anti-Spam DNSBLs