Suggested phishing net tuning

[Dean Liversidge]

On Sat, 20 Nov 2004 12:23:39 +0000, you wrote:

>>
>>Why might it be dangerous to strip the prefixing "mailto:" in the first
>>example
>>
>Sounds fair enough.
>
>> and the appended script & arguments in the second before doing the
>>comparison?
>>
>>
>I am wary of doing that as (a) there should be a / before the ? and (b)
>could the ? be part of a username or password passed to the http server
>which could therefore be used to evade the phishing net?

I dont know if the trailing / is a requirement or not, but it would
seem nearly everyone doenst use it. I know incorrect usage doesnt make
it right

Im not an expert, but my thoughts would be to drop any mailto: prefix,
as most display text wouldnt include that, and drop anything after the
first non acceptable domain name character set, so anything / or ? and
after would go, since it looks ugly to have a display part showing
parameters - most dont show it

Creaters should know better than to mismatch the www. part of a url,
and these could be completly different websites and my thoughts would
be to make the creaters do the work properly, and fix their url's.

That said, different hosts within a domain come from the original
'trusted' parent domain, i think it would be acceptable to trust a
hostname within the domain, but i see a problem there with how many
levels of name to match, you cant just accept one extra level of child
domain, or you may get something like
display=http://org    link=http://dodgysite.org

and at the top level domain who knows who to trust...

-- 
Dean Liversidge

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the MAQ (http://www.mailscanner.biz/maq/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!