On Wed, 12 Oct 2011, Christian Grunfeld wrote:
Certainly SA should detect and score such obfuscation, if the FP rate
can be kept low. But controlling what the end user sees in the body of
the mail is properly the MUA's job.
No, MUAs interprets and shows html like browsers does and does not
modify it. Detect such obfuscation can be as diffucult as to try SA to
decode a capcha ! Humans can do better that task !
My MUA does exactly that. If the link text differs from the link URI it
displays the hostname/IP part of the URI next to the link text. If it
detects what looks like obfuscation (i.e. the link text points at one
domain and the link itself points at a different domain) it displays a
warning that the links in the message are suspicious.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
Vista: because the audio experience is *far* more important than
network throughput.
-----------------------------------------------------------------------
307 days since the first successful private orbital launch (SpaceX)
