Hi,
PSU uses Microsoft "safelinks" as of a few months ago which is similar.
It was pointed out that this "feature" actually makes users less secure
and more likely to fall for phishing attacks. The complaints fell on deaf
ears.
You can't rewrite message bodies without breaking PGP signatures. Also,
you can't verify that a message is really PGP signed without every
sender's public key.
Microsoft just looks for "pgp signed" somewhere in the message body.
I'm sure that proofpoint has to do something similar. If you can figure
out what it does, you can at least cause your messages not to be
rewritten.
I'll include a couple of links here to see if my signature has any effect:
https://urldefense.proofpoint.com/v2/url?u=https-3A__arstechnica.com_&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=T1iZwapzXbIi4JLbBCnP38Ro1p2oI3cIySeI0ZN-XJQ&s=_7L9QKlMXgH13BlmXTxbcGdOMxEWc3zglupXG8wMXXI&e=
http://www.fnal.gov/
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.lanl.gov_&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=T1iZwapzXbIi4JLbBCnP38Ro1p2oI3cIySeI0ZN-XJQ&s=mJql-MMfFHbr-rrtZcnnPCwDo_iVDv9yq1NcLMbcGQU&e=
https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=T1iZwapzXbIi4JLbBCnP38Ro1p2oI3cIySeI0ZN-XJQ&s=VMVCwSbpwpwIOJbXZRrcvGRmQxxShFWSta3rdH1ehts&e=
Cheers,
Ron
--
Blindly following a list of best practices is not a best practice.
<begin pgp signed message to disable safelinks/>
On Tue, 24 Jul 2018, P. Larry Nelson wrote:
Date: Tue, 24 Jul 2018 13:40:44 -0500
From: P. Larry Nelson <[email protected]>
To: Jon Pruente <[email protected]>, Glenn Cooper <[email protected]>,
[email protected]
Subject: Re: SP: proofpoint.com URLs in sl-users messages
I concur with the previous posts about ProofPoint.
The U of I campus implemented this several years ago.
I complained. Fell on deaf ears.
Implemented by our security folks. Rationale being that 99% of the campus
email users (i.e., using the campus Exchange server) are either too lazy
and/or too unaware of the dangers of blindly clicking on a URL in their
emails.
However, U of I email with a URL in the message body shows the real URL (in
blue and underlined - unless the URL is hidden via the html "<a href="
construct), but when you move the mouse pointer over the URL, (at least in
Thunderbird) the bottom horizontal box of T-bird (I'm sure it has a more
official name) then shows the long obfuscated urldefense URL.
So, in our case, one can just copy/paste the URL in the message body to a
browser and NOT go thru ProofPoint.
The other aspect of the U of I's ProofPoint config is that it only affects
email composed in HTML format, and since I generally loathe doing that unless
absolutely necessary, I almost always compose in ASCII mode.
So, I suppose this might be a test of how Fermilab has implemented ProofPoint
as I will now include a rather well known URL here
(https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=Ma0w4F56naDITDGkKlQvVJtetzaOiMo7eexfGKNZgfo&s=j_HbB2h_p9zjRUhPqMrTbEdV3hg8KvFr66CCOEJkwDA&e=)
and see how it arrives in your inbox.
: -)
Jon Pruente wrote on 7/24/18 12:33 PM:
On Tue, Jul 24, 2018 at 12:20 PM, Konstantin Olchanski
<[email protected]> wrote:
On Tue, Jul 24, 2018 at 09:39:37AM -0500, Glenn Cooper wrote:
Some people dislike these email manglers because they replace obviously
safe URLs (zzzz://triumf.ca,
https://urldefense.proofpoint.com/v2/url?u=http-3A__bnl.gov&d=DwIBAg&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=9MsrWO_OsZsUg1N098OjP5FVq11d4xFs7FQSsO0fvOg&s=hNpBcmIgNIJC38WgFxk6q0e-BDk3eAeFQnaJXmIOK3Y&e=,
zzzz://gnal.gov, etc)
with magical "eat me" cookies.
Maybe these manglers cut down on nigerian fishing, but I think there
is a net decrease in security because everybody is forced
to click links without knowing exactly where they go.
Another failure of using such a service is that the URLs are now
mangled inside the ProofPoint URL. When at some point in the future
the ProofPoint service is discontinued or is no longer used by
Fermilab (it will happen, some day, one way or another) the URLs that
were originally submitted are lost. A "safe" link and a
non-HTML-sanitized copy of the original URL would be a welcome
safeguard from being hostage to the service for a clean copy of the
URL for several reasons, even to just know what the URL is targeting
along with having the option to not follow the link through the URL
filtering service for tracking and privacy concerns. expressed by
Konsantin.
--
P. Larry Nelson (217-693-7418) | IT Administrator Emeritus
810 Ventura Rd. | High Energy Physics Group
Champaign, IL 61820 | Physics Dept., Univ. of Ill.
MailTo: [email protected] |
https://urldefense.proofpoint.com/v2/url?u=http-3A__hep.physics.illinois.edu_home_lnelson_&d=DwICaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=Ma0w4F56naDITDGkKlQvVJtetzaOiMo7eexfGKNZgfo&s=zuwvjMwO6N3LEFjVQk1g1psUnqgccVLNrF7TNvgHQRY&e=
------------------------------------------------------------------------------
"Information without accountability is just noise." - P.L. Nelson
