[unisog] Phishing targeting University Admissions

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Wed Jun 16 15:02:12 GMT 2004


On Wed, 16 Jun 2004 00:30:39 CDT, Keith Schoenefeld <schoenk at utulsa.edu>  said:

> All that said, there are all sorts of arguments as to whether one should 
> really support attachments at all.  I personally would rather have some 
> sort of automated repository where all outgoing and incoming attachments 
> are stored on a server and unique http:// links are sent in place of the 
> attachments.  Maybe using something like hardlink periodically to save 
> space.  I believe such a product is a pipe dream at the moment... maybe 
> someone can correct me?

It's a pipe dream mostly because this basically means that your mail ends
up as:
----
Dear Fred:

The info you wanted is at http://www.your.site/outbound-attachments/long-random-string
----

which is going to trigger so many spam and malware filters it isn't funny.

Also, you get into all the mess of actually putting the file on a web server -
until such time as "copy the file to the server, set an expiration date, get
the URL, put that URL into the mail" is as easy as "CLick to attach a file",
users will NOT use it.

It's also sub-optimal for power users and road warriors - currently, I run some
900 pieces of mail a day, and they all basically get POP'ed off our mail
server.  If I had to go contact the *original* servers for everything, I'd be
waiting a LOT longer for it all to come down (think timeouts here).  Also, it
*really* sucks when you download your mail just before you get on the plane -
and discover 15 mins into the flight that you got a URL not an attachment...

Other than all THOSE, there's nothing wrong with it. :)

(Let me put in a plug for something Vernon Schryver wrote a while ago:

"You might be an anti-spam kook if..."
http://www.rhyolite.com/anti-spam/you-might-be.html

It's a good write-up of what we in the IETF have *already* thought of and
found unworkable..  If you need a hint why any given item is on the list,
feel free to ask... ;)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20040616/5341669d/attachment-0004.bin


More information about the unisog mailing list