On Wed, 9 Nov 2022, David Morris wrote:
In your example, the visual text serving as an anchor probably shows:
www.comune.milano.it
but your URL specifies:
urldefense.com
That generates a deceptive URL warning because the actual server is not
the server shown to the user in the visible text. FWIW, the apparent
'real' URL is missing a slash.
I don't know what urldefense.com is. So at the minimum, it is probably a
tracker, may do what the name implies OR it might do a 'hidden' proxy that
can then examine any private information sent in the response to the
resulting web page.
It is an enterprise protection tool from proofpoint.
Every link starting with 'urldefense.proofpoint.com' is part of the TAP
system. This checks that websites are safe to visit, with no malware. If
the site is deemed safe by Proofpoint, your browser will redirect you to
the original URL web destination. If the site is hosting malware, TAP
will block users from accessing the malicious site.
For more details, please visit our website at www.proofpoint.com
I put
display-filters=urldefense.proofpoint script to strip out what profpoint added to
the URL>
into my .pinerc
Probably safe to copy out the embeded URL and paste than into your browser
(and fix HTTP:/ to HTTP://)
On Wed, 9 Nov 2022, Lucio Chiappetti wrote:
I have just received a mail message, which reports at top the indication:
[The following HTML text may contain deceptive links. Carefully ]
[ note the destination URL before visiting any links.]
The message comes from an official site (the municipal authorities of Milan,
it is the yearly notification of the garbage collection tax).
This year (*) it is an HTML-only mail. It appears in alpine all underscored
(this I believe it is because of <em> tags in the source), and contains links
of the form
https://urldefense.com/v3/__https:/www.comune.milano.it/fascicolo-del-
cittadino__;!!LQkDIss!SyDMKrF1ZGZ9NC-QEg5A3e_HMACAZ_wl0T0MsBG1UUGQPmUFWIPKcP
B7l8ZiEIplfPzZj3g2mkkAvrAlR6Sqj39R$
(*) apparently even last year's message contined URLs of the same form, but
was sent as an ascii message with an "identical content" HTML attachment (the
version stored in my Fcc has the HTML stripped off, since I hate these
double-version e-mail).
Anyhow I think there are no "deceptive links". All the rest is sender's fault.
--
Lucio Chiappetti
_______________________________________________
Alpine-info mailing list
[email protected]
http://mailman12.u.washington.edu/mailman/listinfo/alpine-info
----------
This email has been scanned for spam and viruses by Proofpoint Essentials.
Visit the following link to report this email as spam:
https://us3.proofpointessentials.com/index01.php?mod_id=11&mod_option=logitem&mail_id=1668031521-AhN2mMV7bbuk&r_address=dwm%40xpasc.com&report=1
_______________________________________________
Alpine-info mailing list
[email protected]
http://mailman12.u.washington.edu/mailman/listinfo/alpine-info
--
Andrew C. Aitchison Kendal, UK
[email protected]
_______________________________________________
Alpine-info mailing list
[email protected]
http://mailman12.u.washington.edu/mailman/listinfo/alpine-info
