[Asrg] whitelisting links (was Re: misconception in SPF)

Dave Crocker <dhc@dcrocker.net> Mon, 10 December 2012 16:47 UTC

Return-Path: <dhc@dcrocker.net>
X-Original-To: asrg@ietfa.amsl.com
Delivered-To: asrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B97521F8514 for <asrg@ietfa.amsl.com>; Mon, 10 Dec 2012 08:47:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.553
X-Spam-Level:
X-Spam-Status: No, score=-6.553 tagged_above=-999 required=5 tests=[AWL=0.046, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h3LnrwZskbAO for <asrg@ietfa.amsl.com>; Mon, 10 Dec 2012 08:47:47 -0800 (PST)
Received: from sbh17.songbird.com (sbh17.songbird.com [72.52.113.17]) by ietfa.amsl.com (Postfix) with ESMTP id CDF4A21F850D for <asrg@irtf.org>; Mon, 10 Dec 2012 08:47:47 -0800 (PST)
Received: from [192.168.1.9] (adsl-67-127-190-125.dsl.pltn13.pacbell.net [67.127.190.125]) (authenticated bits=0) by sbh17.songbird.com (8.13.8/8.13.8) with ESMTP id qBAGlULN012700 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Mon, 10 Dec 2012 08:47:30 -0800
Message-ID: <50C6121D.9040607@dcrocker.net>
Date: Mon, 10 Dec 2012 08:47:25 -0800
From: Dave Crocker <dhc@dcrocker.net>
Organization: Brandenburg InternetWorking
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/17.0 Thunderbird/17.0
MIME-Version: 1.0
To: Anti-Spam Research Group - IRTF <asrg@irtf.org>
References: <20121206212116.10328.qmail@joyce.lan> <50C1A95A.5000001@pscs.co.uk> <50C4A7F8.3010201@dcrocker.net> <CAFdugamTbTirVV2zXKOmc9oTaCS+QiTemhT=jvYJnHYscHQK7g@mail.gmail.com> <0D79787962F6AE4B84B2CC41FC957D0B20ACE6D0@ABN-EXCH1A.green.sophos> <20121209213307.D90C12429B@panix5.panix.com> <CAFduganBR_E-ui-3Xbic6F7qSmg1-Q+ideXLvb+1isLz8OF0Nw@mail.gmail.com> <0D79787962F6AE4B84B2CC41FC957D0B20ACFFE1@ABN-EXCH1A.green.sophos> <50C5A9A0.105@pscs.co.uk> <0D79787962F6AE4B84B2CC41FC957D0B20AD01B2@ABN-EXCH1A.green.sophos> <20121210145627.GA21217@gsp.org>
In-Reply-To: <20121210145627.GA21217@gsp.org>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.0 (sbh17.songbird.com [72.52.113.17]); Mon, 10 Dec 2012 08:47:30 -0800 (PST)
Subject: [Asrg] whitelisting links (was Re: misconception in SPF)
X-BeenThere: asrg@irtf.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: dcrocker@bbiw.net, Anti-Spam Research Group - IRTF <asrg@irtf.org>
List-Id: Anti-Spam Research Group - IRTF <asrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/asrg>, <mailto:asrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/asrg>
List-Post: <mailto:asrg@irtf.org>
List-Help: <mailto:asrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/asrg>, <mailto:asrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Dec 2012 16:47:48 -0000

On 12/10/2012 6:56 AM, Rich Kulawiec wrote:
>  We see examples all day, every day, of sites
> that have been hijacked by attackers and now host malicious content where
> formerly there was something innocuous.
...
> To wit: users should never follow "important" links in email.  They
> should (for example) bookmark their bank's web site, and *always*
> use the bookmark.


There is the kernel of an implementable idea here:

    1.  Create a whitelist of links the user employes regularly through 
its browser.  For an extra measure of safety, query the user about how 
much they 'trust' the site associated with each link.  (The question 
needs to be put to them with better language than asking about trust.)

    2.  Have the email client distinguish between links that are 
whitelisted and those that aren't.

I don't have any idea how much incremental safety this actually would 
provide, but I think it's worthy of testing.

d/

-- 
  Dave Crocker
  Brandenburg InternetWorking
  bbiw.net