[unisog] Phishing targeting University Admissions
Martin.Radford at bristol.ac.uk
Thu Jun 17 16:53:00 GMT 2004
On Wed, 16 Jun 2004 Valdis.Kletnieks at vt.edu wrote:
> On Wed, 16 Jun 2004 00:30:39 CDT, Keith Schoenefeld <schoenk at utulsa.edu>
> > All that said, there are all sorts of arguments as to whether one should
> > really support attachments at all. I personally would rather have some
> > sort of automated repository where all outgoing and incoming attachments
> > are stored on a server and unique http:// links are sent in place of the
> > attachments. Maybe using something like hardlink periodically to save
> > space. I believe such a product is a pipe dream at the moment... maybe
> > someone can correct me?
> It's a pipe dream mostly because this basically means that your mail ends
> up as:
> Dear Fred:
> The info you wanted is at
> which is going to trigger so many spam and malware filters it isn't funny.
We have a service called "fluff" which allows a user to upload a file
via a web form, and receive back a URL from which it can be downloaded.
They can forward that URL to the file's intended recipient(s).
So far I've had no reports of the URL we provide triggering spam/malware
filters. (The service was launched in October 2002.)
> Also, you get into all the mess of actually putting the file on a web server -
> until such time as "copy the file to the server, set an expiration date, get
> the URL, put that URL into the mail" is as easy as "CLick to attach a file",
> users will NOT use it.
Our users cope just fine with this.
If anyone wants to take a look at what we've got, the service
documentation (such as it is) is accessible via
I don't claim that "fluff" is the solution to all the issues; it means
that the data stays at the sender's end rather than being routed closer
to the recipient, for example. But it's a handy solution to other
problems and may help with some email issues.
Martin Radford (Martin.Radford at bristol.ac.uk)
Personal Computer Systems Team
Information Systems & Computing
University of Bristol Information Services
PGP keyID: 5D2D92E9
PGP fingerprint: 137E 0277 9D78 7447 71D0 BB3D C20D BB9A 5D2D 92E9
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 187 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20040617/659a4dda/attachment-0004.bin
More information about the unisog