IETF Logo Mail Archive

Re: [Asrg] whitelisting links (was Re: misconception in SPF)

Dave Crocker <dcrocker@bbiw.net> Mon, 10 December 2012 18:05 UTC

Return-Path: <dcrocker@bbiw.net>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5A90E21F8563 for <asrg@ietfa.amsl.com>; Mon, 10 Dec 2012 10:05:12 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.413
X-Spam-Level:
X-Spam-Status: No, score=-6.413 tagged_above=-999 required=5 tests=[AWL=0.186, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yf0gN2cUO0WG for <asrg@ietfa.amsl.com>; Mon, 10 Dec 2012 10:05:11 -0800 (PST)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id BA01C21F855D for <asrg@irtf.org>; Mon, 10 Dec 2012 10:05:11 -0800 (PST)
Received: from [192.168.1.9] (adsl-67-127-190-125.dsl.pltn13.pacbell.net [67.127.190.125]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id qBAI5AtL014015 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 10 Dec 2012 10:05:10 -0800
Message-ID: <50C62451.30608@bbiw.net>
Date: Mon, 10 Dec 2012 10:05:05 -0800
From: Dave Crocker <dcrocker@bbiw.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: Paul Smith <paul@pscs.co.uk>
References: <20121206212116.10328.qmail@joyce.lan> <50C1A95A.5000001@pscs.co.uk> <50C4A7F8.3010201@dcrocker.net> <CAFdugamTbTirVV2zXKOmc9oTaCS+QiTemhT=jvYJnHYscHQK7g@mail.gmail.com> <0D79787962F6AE4B84B2CC41FC957D0B20ACE6D0@ABN-EXCH1A.green.sophos> <20121209213307.D90C12429B@panix5.panix.com> <CAFduganBR_E-ui-3Xbic6F7qSmg1-Q+ideXLvb+1isLz8OF0Nw@mail.gmail.com> <0D79787962F6AE4B84B2CC41FC957D0B20ACFFE1@ABN-EXCH1A.green.sophos> <50C5A9A0.105@pscs.co.uk> <0D79787962F6AE4B84B2CC41FC957D0B20AD01B2@ABN-EXCH1A.green.sophos> <20121210145627.GA21217@gsp.org> <50C6121D.9040607@dcrocker.net> <50C617A2.8090602@pscs.co.uk>
In-Reply-To: <50C617A2.8090602@pscs.co.uk>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.17]); Mon, 10 Dec 2012 10:05:11 -0800 (PST)
Cc: Dave Crocker <dhc@dcrocker.net>, Anti-Spam Research Group - IRTF <asrg@irtf.org>
Subject: Re: [Asrg] whitelisting links (was Re: misconception in SPF)
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Dec 2012 18:05:12 -0000

On 12/10/2012 9:10 AM, Paul Smith wrote:
> Surely this would be a browser feature (or 'Internet Security Software'
> feature) rather than an email client feature.
>
> The email client will not necessarily have any access to web browser
> history.

Sorry. I was too cryptic.  My suggestion was a whitelist that is shared 
with the browser and the MUA, vetted by the user.  It's not about one 
agent calling the other but of a shared whitelist.

(Bitdefender seems to have a feature that is related, which provides 
very distinctive controls over sites that are used for payment, like 
banks, based on a special list of such sites.)



> The web browser should know that being called from an email client is
> 'different' from the user clicking on a bookmark or typing in a URL in
> the browser. Then, the browser could say to the user 'You've never
> accessed this site before, are you sure you want to do it?', or whatever

Development of the list could include various kinds of user 
consultation, yes.


> The problem is that to have any idea of reputation you'd have to go on
> the hostname, not the full URL,

right.


> So, the question is, is having a hostname reputation for the user better
> than having no reputation, or not? I'd say yes because it would probably
> catch 99% of the bad links that I see in phishing/spam, others would say
> no because it won't catch 100%.

+1

d/

-- 
  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net

v2.8.7 | Report a Bug | By Email