 
| Subject: | |
| From: | |
| Reply To: | |
| Date: | Wed, 16 Jan 2019 11:14:28 -0500 |
| Content-Type: | multipart/signed |
| Parts/Attachments: |
|
|
My understanding is that the excessive encrusting excrescence infecting
fnal.gov lists is from ProofPoint, not MicroSoft.
The tip about controlling MS's "Safe Links" is good. I'm curious how
ProofPoint reacts.
This whole message is PGP-signed via the MIME attachment method. If the
following URLs receive excessive encrusting excrescence then that
signature is made broken:
https://www.bnl.gov/
https://www.google.com/
Next, does ProofPoint also break inline signed messages?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
This part is signed.
https://www.bnl.gov/
https://www.google.com/
- -Brett.
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE835fZzlNNZJdN+5mWwBx4JelG0cFAlw/VXUACgkQWwBx4Jel
G0fANQ//Y+SzKf6v/J5hMoveZ23GWM9a6yLICw028J+c9LU8crtzWdxCZQ/Nh7UJ
i73Lk039qIOe/pNKfs47JQR7BBTNbpWI/ap4jtZmUJ+YW2Gr5AgHXqFXle5sQ31r
OSFHeLXS6tHYnA9lyHmsR5zcLsKUWd+jou+UeVjXUvpotDMCkYmHSTDTx+/l/8A3
UvjNG5IswpXBRBhcXM0u4+rW5zs56n39spwKRriP9L+5kJB62q2FApgPad+/1JaH
Ay4J2J3rgbmVJn4gluWyb2dLtYegZcssfiLbj2VivKg3osMb4LHx/ergSzi361T9
VgepBnmFTHhwhlQa2h8NevVObJQez6jhslH0718lXBBMKr8SrzLeyuv48mq7He/7
6kn4P7QWMpGAEJ00T9gCVBioyfyoyZUrpSG4kn6EgqQk8y+Ns9DiPYlfojamCCDw
NpOafrspbHr2ehtdrczFPZUQ63mlyO6SEZ6PFANQa6k1duY7DPt6hmOp/z2Tlfj8
n4Pk9PpRBOK+/lQLKtay2UNvp1vsG1uRPwwfJCHTWhwO9SD+WQuqV43s5W22FKZz
GkaZkAGwFgIVpbvQ4CBIuZ2GO9gYX7BxzYx/zL0L0hU3cYYeDjxn0UyPS5x5SOQs
+Zb7kr2J3QNV7fYDbaS8LY38tS762w3I5oCPS4DehO3MeF3ZXG8=
=ubEv
-----END PGP SIGNATURE-----
-Brett.
Ron Tapia <[log in to unmask]> writes:
> Hi,
>
> One thing that I've found to prevent the mangling of links in my
> outgoing mail is to include a line like:
>
> <begin pgp signed message to disable safelinks/>
>
> You can see that I add it in my signature.
>
> Basically, even Microsoft realizes that they can't mess with PGP
> signed messages without making a lot of customers unhappy. They have a
> sloppy
> method of detecting PGP signed messages. So, including anything that
> is detected as a PGP signed message will prevent safelinks from
> munging a message.
>
> This points out one of the biggest security concerns about
> safelinks. Namely, that users are being trained to blindly click on
> large, unintelligible "safe" links. Eventually spearfishers are going
> to realize that they can get around the URL munging and present users
> with a link that looks a lot like a munged link. This URL munging is
> very bad for e-mail security.
>
> Cheers,
>
> Ron
|
|
|
