Obvious security

It occurs to me, after a ton of fake YouTube links that appear to be the spam du jour, that quite a lot of phishing would be stopped completely by the simple expedient of all HTML-enabled mail clients looking at <a> tags. If the text of the anchor looks like a URL and that URL doesn't match the actual target URL, throw all sorts of bright red warnings all over the page, remove the link, and so forth.

I can't think of any drawbacks to this and a good 80% of phishing messages I see would be caught by that. And yet, I don't remember hearing about clients doing this. Why not?

Posted: 2007-08-25 12:29 — Why no comments?

This heuristic is implemented by recent versions of clamav. Sadly some stupid but legit marketers obfuscate link targets in this way, e.g. to hide outsourced infrastructure or click tracking.

Posted by Tony Finch at 2007-08-26 04:23

That would be "du jour". "de jure" means something else entirely.

Posted by rone at 2007-08-27 00:50

You know, when I was writing that, something told me I got it wrong, and like an idiot, I didn't go check. Thank you!

Posted by eagle at 2007-08-27 11:25

Last spun 2013-07-01 from thread modified 2013-01-04