|
Title: the exact reason why Flexcoin has a no links in e-mail policy Post by: the founder on September 02, 2011, 04:45:00 PM From: info@mtgox.com
Reply-to: info@mtgox.com To: XXXX@XXXX.XXX Subject: [Mt.Gox] Your account blocked Date: 09/02/2011 12:24:36 PM Dear Mt.Gox user, Your account will be blocked for violating the rules of exchange. Details:https://www.mgtox.com/users/blocked (edit -- the link goes to a scam site) Thanks, The Mt.Gox team Title: Re: the exact reason why Flexcoin has a no links in e-mail policy Post by: tysat on September 02, 2011, 05:18:15 PM Because a no links in e-mail policy will stop spammers from putting in links?
It's unlikely that everyone (or even most) will remember the policy, so it's not a giant selling point. Title: Re: the exact reason why Flexcoin has a no links in e-mail policy Post by: the founder on September 02, 2011, 06:14:52 PM Because a no links in e-mail policy will stop spammers from putting in links? It's unlikely that everyone (or even most) will remember the policy, so it's not a giant selling point. oh I don't care about "selling" I care about not getting my clients scammed. Title: Re: the exact reason why Flexcoin has a no links in e-mail policy Post by: lathomas64 on September 02, 2011, 06:21:22 PM I think the point is that if there is a link in an e-mail, it is clearly a scam.
Title: Re: the exact reason why Flexcoin has a no links in e-mail policy Post by: wolftaur on September 02, 2011, 08:07:07 PM Because a no links in e-mail policy will stop spammers from putting in links? oh I don't care about "selling" I care about not getting my clients scammed. It's unlikely that everyone (or even most) will remember the policy, so it's not a giant selling point. You'll want to make sure that it is made extremely clear to every user of your site that no REAL e-mail that comes from you will ever contain a link. For example, you might put it on the news page. Or have it so that when someone signs in they get a clear message about it at least once. You will want to make sure that all of your customers, not just the customers on the forum, know that you have a very strict policy of not putting a link in an email. Your policy only has a chance of thwarting a scammer if the person who reads a scam mail knows "Oh, OK, I see a link, I know it can't possibly be from them even though it looks genuine otherwise." The more educated your users are the more successful you have been in helping them thwart phishing. Title: Re: the exact reason why Flexcoin has a no links in e-mail policy Post by: kjj on September 02, 2011, 08:22:09 PM Hmm. A policy. That is a damn good idea.
A TXT record in DNS for the domain. Code: flexcoin.com. IN TXT "x=PHISHING v=1 U=none" Then your mail client (or any server along the way) can say "this email claims to be from flexcoin.com. flexcoin.com has a published policy that says they will never include links in their emails. This email has a link in it. Delete. Notify spamcop, spamhaus and spamfrauline. Block the source IP". U could even be server and path, so that mails from your domain can only contain links that go back to places that you want them to go to. Maybe have another field to act as a filter for attachments. I wonder if we could get it implemented. Title: Re: the exact reason why Flexcoin has a no links in e-mail policy Post by: phillipsjk on September 02, 2011, 08:55:56 PM I am not sure what the link looked like before editing, but I fail to see how a "no links in e-mail" policy helps anything. If your users don't remember the exact characters making up your website's URL, they may stumble accross a scam site using a similar name. The naive user method of typing the website name in a search engine can actually help in that case.
What you need is a "Plain-text e-mail only" policy: no URLs with one label, with the link going someplace completely different. You should also consider signing all e-mail with the OpenPGP standard; though you would have to educate your users not to trust a PGP signature until they actually verify it. |