the exact reason why Flexcoin has a no links in e-mail policy

[the founder]

From:    info@mtgox.com
Reply-to:    info@mtgox.com
To:    XXXX@XXXX.XXX
Subject:    [Mt.Gox] Your account blocked
Date:    09/02/2011 12:24:36 PM


Dear Mt.Gox user,

Your account will be blocked for violating the rules of exchange.
Details:https://www.mgtox.com/users/blocked  (edit -- the link goes to a scam site)

Thanks,
The Mt.Gox team

[tysat]

Because a no links in e-mail policy will stop spammers from putting in links?

It's unlikely that everyone (or even most) will remember the policy, so it's not a giant selling point.

[the founder]

Because a no links in e-mail policy will stop spammers from putting in links?

It's unlikely that everyone (or even most) will remember the policy, so it's not a giant selling point.

oh I don't care about "selling"  I care about not getting my clients scammed.   

[lathomas64]

I think the point is that if there is a link in an e-mail, it is clearly a scam.

[wolftaur]

Because a no links in e-mail policy will stop spammers from putting in links?

It's unlikely that everyone (or even most) will remember the policy, so it's not a giant selling point.

oh I don't care about "selling"  I care about not getting my clients scammed.   

You'll want to make sure that it is made extremely clear to every user of your site that no REAL e-mail that comes from you will ever contain a link. For example, you might put it on the news page. Or have it so that when someone signs in they get a clear message about it at least once.

You will want to make sure that all of your customers, not just the customers on the forum, know that you have a very strict policy of not putting a link in an email. Your policy only has a chance of thwarting a scammer if the person who reads a scam mail knows "Oh, OK, I see a link, I know it can't possibly be from them even though it looks genuine otherwise."

The more educated your users are the more successful you have been in helping them thwart phishing.

[kjj]

Hmm.  A policy.  That is a damn good idea.

A TXT record in DNS for the domain.

Code:

flexcoin.com. IN TXT "x=PHISHING v=1 U=none"

Then your mail client (or any server along the way) can say "this email claims to be from flexcoin.com.  flexcoin.com has a published policy that says they will never include links in their emails.  This email has a link in it.  Delete.  Notify spamcop, spamhaus and spamfrauline.  Block the source IP".

U could even be server and path, so that mails from your domain can only contain links that go back to places that you want them to go to.  Maybe have another field to act as a filter for attachments.

I wonder if we could get it implemented.

[phillipsjk]

I am not sure what the link looked like before editing, but I fail to see how a "no links in e-mail" policy helps anything. If your users don't remember the exact characters making up your website's URL, they may stumble accross a scam site using a similar name. The naive user method of typing the website name in a search engine can actually help in that case.

What you need is a "Plain-text e-mail only" policy: no URLs with one label, with the link going someplace completely different. You should also consider signing all e-mail with the OpenPGP standard; though you would have to educate your users not to trust a PGP signature until they actually verify it.