Few Ideas To Curb Email Phising

Chris Sells blogs about his experience and this exponentially growing problem of email phishing and asks if there is any way out.

Few things to think about:

1. Enable Explicit Links Only

In email clients, put an option, which is turned on by default for this: While rendering HTML hyperlinks, disable them unless the link text is exactly the same as hyperlink URL it is pointing to. Images in email also can’t have hyperlink any longer.

There are many advantages: This option does not completely block legitimate commercial senders. Also it does not hurt users themselves sending links to each other because when they copy and paste links in their emails, this is how it appears by default.

1. Use TITLE tag for warning

The email client can add/override TITLE tag for all clickable hyperlinks with a text: “Unsafe website”. So these words will appear when user hovers mouse over a link and is about to click on the link.

1. Ugly Message Box

If the idea of disabling links could be an overkill. May be email client can just put a message box when you are opening a browser by clicking a link in email: “Following website may not be safe: blah.blah.gov. This could be with checkbox “Don’t warn again” or may be as an secret advanced option somewhere.

1. Auto-refresh email to browser page

When you click on a link in an email client, the browser first shows a default warning page that URL may not be safe with text of actual URL and then after a while it refreshes itself to that actual URL, puts the focus on address bar and may be change the address bar foreground color as red. Playing the wave file for hazard siren while user browse that page is optional.