0

Today I noticed something strange.

I got an email containing a link that links to another site than the text says. In (Simple) HTML, the review is visible when hovering over the link. However, in plaintext, in 3 out of 4 mails only the a.com was shown

a.com
<b.com>

This makes me a bit worried however, since I only noticed the difference of displayed text and link location once another client answered, that probably had HTML view turned on.

If I switch the view of the message body to Simple HTML, I need to check if the link matches the location visually, which I want to avoid, because that might be error-prone. I do know that I could configure my Thunderbird to simply show me puny-code, but then one unaware click in the wrong moment could be fatal.

What are security-wise recent best practices to both protect yourself from clicking malicious links as well as detecting that someone has sent such a malicious link?

Specifically, is there a way to always get shown

a.com
<b.com>

in plaintext, but with the displayed part only marked as the link's location, whenever the link's text part displays an URL?

kaiya
  • 422
  • 1
  • 3
  • 11

1 Answers1

1

There is not going to be a way to force the link text to be the same as the target URL of the link. Else we couldn't have links.

Since the very beginning, the advice has been to hover over the link to check where it goes. That advice has not gone away, as error-prone as that might be.

To make things easier, you can always turn off HTML-view in your email clients. But that will make HTML-based email very ugly.

Each email client might have tools to make this easier, but that will be up to each email client.

schroeder
  • 123,438
  • 55
  • 284
  • 319
  • Thanks for your reply. I already view my mails in plaintext, so I would always have a.com as the link location (the assumably non-malicious link). However, I also want to detect when the location and url text differ. If mail clients do not solve the issue, maybe a mail proxy would that adds a warning to the mail in such cases? – kaiya May 07 '21 at 17:16
  • How would it know to flag this specific case? That's the point of my first line. How does it tell the difference between [a.com](http://b.com) and [Click here!](http://b.com)? – schroeder May 07 '21 at 17:49
  • I'd say that is what regex is for. I don't see the difficulty, am I missing something? – kaiya May 10 '21 at 15:46
  • A regex to account for all possible ***legitimate*** strings is impossible. – schroeder May 10 '21 at 15:53
  • but a regex to check for URL matching is not impossible. It might, of course, have its limitations due to URL encoding etc, but most times, a simple check for 'is http.?://.* present in the text?', and if yes: 'do url text and link match?', should be sufficient, I guess. – kaiya May 11 '21 at 09:48
  • 1
    Sure, but only if the link text includes the protocol. But that's a corner case. – schroeder May 11 '21 at 10:12
  • i see, you've got a point there. – kaiya May 11 '21 at 10:31