On 30 Sep 2009 at 11:17, Stu Sjouwerman wrote: > Understood. But that has one drawback, which is that you do not check emails > for known bad URLs which are usually phishing attempts and use social > engineering. For savvy people like us, no worries, but for consumers and/or > clueless end-users, this is an extra layer or protection that can prevent bad > infections.
Good point. I see so few messages like this due to my spam filters I tend to forget most l-users are phishable. Pegasus Mail (the mail client I use and install at client shops if possible) has a feature I've not seen in other mail clients: in an HTML message if the displayed URL is different from the underlying URL (e.g. the message shows "https://secure.yourbanksname.com/"; but the actual link is something like "http://bogus.server.in.ru/";) the cursor changes from the default finger-hand (indicating a clickable link) to a red circle-with-a-slash indicating that you should not click this link. Nothing very difficult to code, and it's a nice safety feature that goes along with other Pegasus Mail safety features like no- scripting-in-email and don't-download-remote-images. For "Click Here" links, it displays the underlying URL in the status bar and tooltip -- not as bullet- and idiot-proof, but still much better than OL or OE. -- Angus Scott-Fleming GeoApps, Tucson, Arizona 1-520-290-5038 +-----------------------------------+ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
