Re: SP: proofpoint.com URLs in sl-users messages
It appears it mangles URLs that begin with http and www at the moment. -s On Tue, Jul 24, 2018 at 3:05 PM, P. Larry Nelson wrote: > Weird... > None of yours got mangled (at least in my copy of your email) but scrolling > down I see the URL in my sig is now ProofPointed as well as my google.com > URLs in the quoted part of your response. > The Fermilab ProofPoint settings seem to be a bit mysterious. > > > Serguei Mokhov wrote on 7/24/18 1:54 PM: >> >> Certainly a counterproductive decision for Fermilab and the mailing >> list users. Not to mention privacy-violation redirecting to 3rd party >> trackers... I'd admit with this URL mangling, I'd be more reluctant to >> click URLs in the emails :) >> >> Let's see if these gets mangled: >> >> >> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.google.com=DwICaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=ZGI1z1l3vfqoHxT9bkh2uTtKg-5zoSMkjMa7dJwVne0=nqcqCYyYafmVYrQM4k8j6RTbffl_OK4TwW88Tp8BUsY= >> >> "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.google.com=DwICaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=ZGI1z1l3vfqoHxT9bkh2uTtKg-5zoSMkjMa7dJwVne0=nqcqCYyYafmVYrQM4k8j6RTbffl_OK4TwW88Tp8BUsY=; >> google.com >> cnn.com >> cbc.ca >> "github.com" >> >> https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost=DwICaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=ZGI1z1l3vfqoHxT9bkh2uTtKg-5zoSMkjMa7dJwVne0=INI4G8jasFk0qatIiVrK7ndowa48nV-He-K2gNoIkII= >> >> >> and URLs in sig... >> >> -s >> >> >> On Tue, Jul 24, 2018 at 2:45 PM, P. Larry Nelson >> wrote: >>> >>> Hmmm, my copy sure doesn't look like HTML format. >>> I surrender >>> >>> P. Larry Nelson wrote on 7/24/18 1:44 PM: Same test only now I've composed in HTML format. Same URL: (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=EYDBVOo8z2PATbw_pAw6GKNYkFSqZ79zzdFhPDE8sko=36AasAKnjw3JX0UK8z2_eOOgWRhxPGfavvUN_pCuhXY=) P. Larry Nelson wrote on 7/24/18 1:40 PM: > > I concur with the previous posts about ProofPoint. > The U of I campus implemented this several years ago. > I complained. Fell on deaf ears. > > Implemented by our security folks. Rationale being that 99% of the > campus email users (i.e., using the campus Exchange server) are either > too > lazy and/or too unaware of the dangers of blindly clicking on a URL in > their > emails. > > However, U of I email with a URL in the message body shows the real URL > (in blue and underlined - unless the URL is hidden via the html " href=" > construct), but when you move the mouse pointer over the URL, (at least > in > Thunderbird) the bottom horizontal box of T-bird (I'm sure it has a > more > official name) then shows the long obfuscated urldefense URL. > > So, in our case, one can just copy/paste the URL in the message body to > a > browser and NOT go thru ProofPoint. > > The other aspect of the U of I's ProofPoint config is that it only > affects email composed in HTML format, and since I generally loathe > doing > that unless absolutely necessary, I almost always compose in ASCII > mode. > > So, I suppose this might be a test of how Fermilab has implemented > ProofPoint as I will now include a rather well known URL here > > (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=EYDBVOo8z2PATbw_pAw6GKNYkFSqZ79zzdFhPDE8sko=36AasAKnjw3JX0UK8z2_eOOgWRhxPGfavvUN_pCuhXY=) > and see how it arrives in your inbox. > > :-) > >>> >>> -- >>> P. Larry Nelson (217-693-7418) | IT Administrator Emeritus >>> 810 Ventura Rd.| High Energy Physics Group >>> Champaign, IL 61820 | Physics Dept., Univ. of Ill. >>> MailTo: lnel...@illinois.edu | >>> >>> https://urldefense.proofpoint.com/v2/url?u=http-3A__hep.physics.illinois.edu_home_lnelson_=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=EYDBVOo8z2PATbw_pAw6GKNYkFSqZ79zzdFhPDE8sko=8P7D0JjiUCaWC6pRi-O7YHxf0ZnDitNCQLFRp9iRMbU= >>> >>> >>> -- >>> "Information without accountability is just noise." - P.L. Nelson >>> >> >> > > > -- > P. Larry Nelson (217-693-7418) | IT Administrator Emeritus > 810 Ventura Rd.| High Energy Physics Group > Champaign, IL 61820 | Physics Dept., Univ. of Ill. > MailTo: lnel...@illinois.edu | >
Re: SP: proofpoint.com URLs in sl-users messages
Weird... None of yours got mangled (at least in my copy of your email) but scrolling down I see the URL in my sig is now ProofPointed as well as my google.com URLs in the quoted part of your response. The Fermilab ProofPoint settings seem to be a bit mysterious. Serguei Mokhov wrote on 7/24/18 1:54 PM: Certainly a counterproductive decision for Fermilab and the mailing list users. Not to mention privacy-violation redirecting to 3rd party trackers... I'd admit with this URL mangling, I'd be more reluctant to click URLs in the emails :) Let's see if these gets mangled: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.google.com=DwICaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=ZGI1z1l3vfqoHxT9bkh2uTtKg-5zoSMkjMa7dJwVne0=nqcqCYyYafmVYrQM4k8j6RTbffl_OK4TwW88Tp8BUsY= "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.google.com=DwICaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=ZGI1z1l3vfqoHxT9bkh2uTtKg-5zoSMkjMa7dJwVne0=nqcqCYyYafmVYrQM4k8j6RTbffl_OK4TwW88Tp8BUsY=; google.com cnn.com cbc.ca "github.com" https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost=DwICaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=ZGI1z1l3vfqoHxT9bkh2uTtKg-5zoSMkjMa7dJwVne0=INI4G8jasFk0qatIiVrK7ndowa48nV-He-K2gNoIkII= and URLs in sig... -s On Tue, Jul 24, 2018 at 2:45 PM, P. Larry Nelson wrote: Hmmm, my copy sure doesn't look like HTML format. I surrender P. Larry Nelson wrote on 7/24/18 1:44 PM: Same test only now I've composed in HTML format. Same URL: (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=EYDBVOo8z2PATbw_pAw6GKNYkFSqZ79zzdFhPDE8sko=36AasAKnjw3JX0UK8z2_eOOgWRhxPGfavvUN_pCuhXY=) P. Larry Nelson wrote on 7/24/18 1:40 PM: I concur with the previous posts about ProofPoint. The U of I campus implemented this several years ago. I complained. Fell on deaf ears. Implemented by our security folks. Rationale being that 99% of the campus email users (i.e., using the campus Exchange server) are either too lazy and/or too unaware of the dangers of blindly clicking on a URL in their emails. However, U of I email with a URL in the message body shows the real URL (in blue and underlined - unless the URL is hidden via the html "https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=EYDBVOo8z2PATbw_pAw6GKNYkFSqZ79zzdFhPDE8sko=36AasAKnjw3JX0UK8z2_eOOgWRhxPGfavvUN_pCuhXY=) and see how it arrives in your inbox. :-) -- P. Larry Nelson (217-693-7418) | IT Administrator Emeritus 810 Ventura Rd.| High Energy Physics Group Champaign, IL 61820 | Physics Dept., Univ. of Ill. MailTo: lnel...@illinois.edu | https://urldefense.proofpoint.com/v2/url?u=http-3A__hep.physics.illinois.edu_home_lnelson_=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=EYDBVOo8z2PATbw_pAw6GKNYkFSqZ79zzdFhPDE8sko=8P7D0JjiUCaWC6pRi-O7YHxf0ZnDitNCQLFRp9iRMbU= -- "Information without accountability is just noise." - P.L. Nelson -- P. Larry Nelson (217-693-7418) | IT Administrator Emeritus 810 Ventura Rd.| High Energy Physics Group Champaign, IL 61820 | Physics Dept., Univ. of Ill. MailTo: lnel...@illinois.edu | https://urldefense.proofpoint.com/v2/url?u=http-3A__hep.physics.illinois.edu_home_lnelson_=DwICaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=ZGI1z1l3vfqoHxT9bkh2uTtKg-5zoSMkjMa7dJwVne0=l7l1lrZgSpAr0K8iyL7LTCTt6o9OZXT_q7VJXbA1C7w= -- "Information without accountability is just noise." - P.L. Nelson
Re: SP: proofpoint.com URLs in sl-users messages
Certainly a counterproductive decision for Fermilab and the mailing list users. Not to mention privacy-violation redirecting to 3rd party trackers... I'd admit with this URL mangling, I'd be more reluctant to click URLs in the emails :) Let's see if these gets mangled: https://urldefense.proofpoint.com/v2/url?u=http-3A__www.google.com=DwIFaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=UpAH2qwjSm-yxXqncllWyqMys2EQksAO_aru1jg0wRg=N3bPkxmj6XWXuPdnXdgs7j52SQqTSen79RfajLTfVFY= "https://urldefense.proofpoint.com/v2/url?u=http-3A__www.google.com=DwIFaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=UpAH2qwjSm-yxXqncllWyqMys2EQksAO_aru1jg0wRg=N3bPkxmj6XWXuPdnXdgs7j52SQqTSen79RfajLTfVFY=; google.com cnn.com cbc.ca "github.com" https://urldefense.proofpoint.com/v2/url?u=http-3A__localhost=DwIFaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=UpAH2qwjSm-yxXqncllWyqMys2EQksAO_aru1jg0wRg=uU1UAXuZX-nKjbS9OG0vbhA8YAwkSQL4wGTyJqFOXaw= and URLs in sig... -s On Tue, Jul 24, 2018 at 2:45 PM, P. Larry Nelson wrote: > Hmmm, my copy sure doesn't look like HTML format. > I surrender > > P. Larry Nelson wrote on 7/24/18 1:44 PM: >> >> Same test only now I've composed in HTML format. >> Same URL: >> (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=EYDBVOo8z2PATbw_pAw6GKNYkFSqZ79zzdFhPDE8sko=36AasAKnjw3JX0UK8z2_eOOgWRhxPGfavvUN_pCuhXY=) >> >> P. Larry Nelson wrote on 7/24/18 1:40 PM: >>> >>> I concur with the previous posts about ProofPoint. >>> The U of I campus implemented this several years ago. >>> I complained. Fell on deaf ears. >>> >>> Implemented by our security folks. Rationale being that 99% of the >>> campus email users (i.e., using the campus Exchange server) are either too >>> lazy and/or too unaware of the dangers of blindly clicking on a URL in their >>> emails. >>> >>> However, U of I email with a URL in the message body shows the real URL >>> (in blue and underlined - unless the URL is hidden via the html "https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=EYDBVOo8z2PATbw_pAw6GKNYkFSqZ79zzdFhPDE8sko=36AasAKnjw3JX0UK8z2_eOOgWRhxPGfavvUN_pCuhXY=) >>> and see how it arrives in your inbox. >>> >>> :-) >>> >> > > > -- > P. Larry Nelson (217-693-7418) | IT Administrator Emeritus > 810 Ventura Rd.| High Energy Physics Group > Champaign, IL 61820 | Physics Dept., Univ. of Ill. > MailTo: lnel...@illinois.edu | > https://urldefense.proofpoint.com/v2/url?u=http-3A__hep.physics.illinois.edu_home_lnelson_=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=EYDBVOo8z2PATbw_pAw6GKNYkFSqZ79zzdFhPDE8sko=8P7D0JjiUCaWC6pRi-O7YHxf0ZnDitNCQLFRp9iRMbU= > > -- > "Information without accountability is just noise." - P.L. Nelson > -- Serguei Mokhov https://urldefense.proofpoint.com/v2/url?u=http-3A__www.cs.concordia.ca_-7Emokhov=DwIFaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=UpAH2qwjSm-yxXqncllWyqMys2EQksAO_aru1jg0wRg=dOjjGinCrUtv5r0Bsn7KrONlWvlxe-GL000kqcVjWxI= cciff.ca | mdreams-stage.com marf.sf.net | sf.net/projects/marf
Re: SP: proofpoint.com URLs in sl-users messages
Hmmm, my copy sure doesn't look like HTML format. I surrender P. Larry Nelson wrote on 7/24/18 1:44 PM: Same test only now I've composed in HTML format. Same URL: (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=EYDBVOo8z2PATbw_pAw6GKNYkFSqZ79zzdFhPDE8sko=36AasAKnjw3JX0UK8z2_eOOgWRhxPGfavvUN_pCuhXY=) P. Larry Nelson wrote on 7/24/18 1:40 PM: I concur with the previous posts about ProofPoint. The U of I campus implemented this several years ago. I complained. Fell on deaf ears. Implemented by our security folks. Rationale being that 99% of the campus email users (i.e., using the campus Exchange server) are either too lazy and/or too unaware of the dangers of blindly clicking on a URL in their emails. However, U of I email with a URL in the message body shows the real URL (in blue and underlined - unless the URL is hidden via the html " So, in our case, one can just copy/paste the URL in the message body to a browser and NOT go thru ProofPoint. The other aspect of the U of I's ProofPoint config is that it only affects email composed in HTML format, and since I generally loathe doing that unless absolutely necessary, I almost always compose in ASCII mode. So, I suppose this might be a test of how Fermilab has implemented ProofPoint as I will now include a rather well known URL here (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=EYDBVOo8z2PATbw_pAw6GKNYkFSqZ79zzdFhPDE8sko=36AasAKnjw3JX0UK8z2_eOOgWRhxPGfavvUN_pCuhXY=) and see how it arrives in your inbox. :-) -- P. Larry Nelson (217-693-7418) | IT Administrator Emeritus 810 Ventura Rd.| High Energy Physics Group Champaign, IL 61820 | Physics Dept., Univ. of Ill. MailTo: lnel...@illinois.edu | https://urldefense.proofpoint.com/v2/url?u=http-3A__hep.physics.illinois.edu_home_lnelson_=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=EYDBVOo8z2PATbw_pAw6GKNYkFSqZ79zzdFhPDE8sko=8P7D0JjiUCaWC6pRi-O7YHxf0ZnDitNCQLFRp9iRMbU= -- "Information without accountability is just noise." - P.L. Nelson
Re: SP: proofpoint.com URLs in sl-users messages
Same test only now I've composed in HTML format. Same URL: (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=sVkiPzVJL_iMgLLvSTjn_PVonwnx8h1jT871yRet-T4=TZGZbRrxKyrMRUQCxm4kUvNcS7tHO8hynCK27Kro7ig=) P. Larry Nelson wrote on 7/24/18 1:40 PM: I concur with the previous posts about ProofPoint. The U of I campus implemented this several years ago. I complained. Fell on deaf ears. Implemented by our security folks. Rationale being that 99% of the campus email users (i.e., using the campus Exchange server) are either too lazy and/or too unaware of the dangers of blindly clicking on a URL in their emails. However, U of I email with a URL in the message body shows the real URL (in blue and underlined - unless the URL is hidden via the html " So, in our case, one can just copy/paste the URL in the message body to a browser and NOT go thru ProofPoint. The other aspect of the U of I's ProofPoint config is that it only affects email composed in HTML format, and since I generally loathe doing that unless absolutely necessary, I almost always compose in ASCII mode. So, I suppose this might be a test of how Fermilab has implemented ProofPoint as I will now include a rather well known URL here (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=sVkiPzVJL_iMgLLvSTjn_PVonwnx8h1jT871yRet-T4=TZGZbRrxKyrMRUQCxm4kUvNcS7tHO8hynCK27Kro7ig=) and see how it arrives in your inbox. :-) -- P. Larry Nelson (217-693-7418) | IT Administrator Emeritus 810 Ventura Rd.| High Energy Physics Group Champaign, IL 61820 | Physics Dept., Univ. of Ill. MailTo: lnel...@illinois.edu | https://urldefense.proofpoint.com/v2/url?u=http-3A__hep.physics.illinois.edu_home_lnelson_=DwIDaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=sVkiPzVJL_iMgLLvSTjn_PVonwnx8h1jT871yRet-T4=rK67tnoRg-LrGgKZGxwX7Y3ysQghBlXmTJkqZTTyxC8= -- "Information without accountability is just noise." - P.L. Nelson
Re: SP: proofpoint.com URLs in sl-users messages
I concur with the previous posts about ProofPoint. The U of I campus implemented this several years ago. I complained. Fell on deaf ears. Implemented by our security folks. Rationale being that 99% of the campus email users (i.e., using the campus Exchange server) are either too lazy and/or too unaware of the dangers of blindly clicking on a URL in their emails. However, U of I email with a URL in the message body shows the real URL (in blue and underlined - unless the URL is hidden via the html " So, in our case, one can just copy/paste the URL in the message body to a browser and NOT go thru ProofPoint. The other aspect of the U of I's ProofPoint config is that it only affects email composed in HTML format, and since I generally loathe doing that unless absolutely necessary, I almost always compose in ASCII mode. So, I suppose this might be a test of how Fermilab has implemented ProofPoint as I will now include a rather well known URL here (https://urldefense.proofpoint.com/v2/url?u=https-3A__www.google.com_=DwICaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=Ma0w4F56naDITDGkKlQvVJtetzaOiMo7eexfGKNZgfo=j_HbB2h_p9zjRUhPqMrTbEdV3hg8KvFr66CCOEJkwDA=) and see how it arrives in your inbox. :-) Jon Pruente wrote on 7/24/18 12:33 PM: On Tue, Jul 24, 2018 at 12:20 PM, Konstantin Olchanski wrote: On Tue, Jul 24, 2018 at 09:39:37AM -0500, Glenn Cooper wrote: Some people dislike these email manglers because they replace obviously safe URLs (://triumf.ca, https://urldefense.proofpoint.com/v2/url?u=http-3A__bnl.gov=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=9MsrWO_OsZsUg1N098OjP5FVq11d4xFs7FQSsO0fvOg=hNpBcmIgNIJC38WgFxk6q0e-BDk3eAeFQnaJXmIOK3Y=, ://gnal.gov, etc) with magical "eat me" cookies. Maybe these manglers cut down on nigerian fishing, but I think there is a net decrease in security because everybody is forced to click links without knowing exactly where they go. Another failure of using such a service is that the URLs are now mangled inside the ProofPoint URL. When at some point in the future the ProofPoint service is discontinued or is no longer used by Fermilab (it will happen, some day, one way or another) the URLs that were originally submitted are lost. A "safe" link and a non-HTML-sanitized copy of the original URL would be a welcome safeguard from being hostage to the service for a clean copy of the URL for several reasons, even to just know what the URL is targeting along with having the option to not follow the link through the URL filtering service for tracking and privacy concerns. expressed by Konsantin. -- P. Larry Nelson (217-693-7418) | IT Administrator Emeritus 810 Ventura Rd.| High Energy Physics Group Champaign, IL 61820 | Physics Dept., Univ. of Ill. MailTo: lnel...@illinois.edu | https://urldefense.proofpoint.com/v2/url?u=http-3A__hep.physics.illinois.edu_home_lnelson_=DwICaQ=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=Ma0w4F56naDITDGkKlQvVJtetzaOiMo7eexfGKNZgfo=zuwvjMwO6N3LEFjVQk1g1psUnqgccVLNrF7TNvgHQRY= -- "Information without accountability is just noise." - P.L. Nelson
Re: SP: proofpoint.com URLs in sl-users messages
On Tue, Jul 24, 2018 at 12:20 PM, Konstantin Olchanski wrote: > On Tue, Jul 24, 2018 at 09:39:37AM -0500, Glenn Cooper wrote: > Some people dislike these email manglers because they replace obviously > safe URLs (://triumf.ca, > https://urldefense.proofpoint.com/v2/url?u=http-3A__bnl.gov=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=9MsrWO_OsZsUg1N098OjP5FVq11d4xFs7FQSsO0fvOg=hNpBcmIgNIJC38WgFxk6q0e-BDk3eAeFQnaJXmIOK3Y=, > ://gnal.gov, etc) > with magical "eat me" cookies. > > Maybe these manglers cut down on nigerian fishing, but I think there > is a net decrease in security because everybody is forced > to click links without knowing exactly where they go. Another failure of using such a service is that the URLs are now mangled inside the ProofPoint URL. When at some point in the future the ProofPoint service is discontinued or is no longer used by Fermilab (it will happen, some day, one way or another) the URLs that were originally submitted are lost. A "safe" link and a non-HTML-sanitized copy of the original URL would be a welcome safeguard from being hostage to the service for a clean copy of the URL for several reasons, even to just know what the URL is targeting along with having the option to not follow the link through the URL filtering service for tracking and privacy concerns. expressed by Konsantin.
Re: SP: proofpoint.com URLs in sl-users messages
On Tue, Jul 24, 2018 at 09:39:37AM -0500, Glenn Cooper wrote: > > You may have noticed recently that URLs in messages to the > scientific-linux-users@fnal.gov mailing list are often converted to a longer > version where the original URL is routed through "urldefense.proofpoint.com", > e.g., > > This is an anti-phishing measure adopted by Fermilab. > Some people dislike these email manglers because they replace obviously safe URLs (://triumf.ca, https://urldefense.proofpoint.com/v2/url?u=http-3A__bnl.gov=DwIBAg=gRgGjJ3BkIsb5y6s49QqsA=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A=9MsrWO_OsZsUg1N098OjP5FVq11d4xFs7FQSsO0fvOg=hNpBcmIgNIJC38WgFxk6q0e-BDk3eAeFQnaJXmIOK3Y=, ://gnal.gov, etc) with magical "eat me" cookies. Maybe these manglers cut down on nigerian fishing, but I think there is a net decrease in security because everybody is forced to click links without knowing exactly where they go. And there is a privacy violation element to this, now a 3rd party has a record of when I visit what web sites. (And after the recent Facebook scandal, only the naive disbelieve that these records are not available for sale, cheap). -- Konstantin Olchanski Data Acquisition Systems: The Bytes Must Flow! Email: olchansk-at-triumf-dot-ca Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada
