Total: 9
Promotes: 9
Demotes: 0
  Would it be an idea to warn user about redirect-URLs?

IdeaSpace: Notes Client / Mail
Tags: spam url protection
Author: Robert Ibsen Voith on 09 Feb 2016
Status: Open
Linkage: Permalink / Email

I have written a lengthy explanation here http://www.proudprogrammer.no/web/ppblog.nsf/d6plinks/GANI-A6YFK5. 
 
Very shortly; Prompt the user when he or she attempt to click on a mail link containing a redirect-URL. These URLs uses the at-sign to redirect to other sites. The format is like this:
 
http:// <user info> @ < the real url>
 
Traditionally this format has been used to transport username and password to the site, and thus logging into a basic authentication site. However, it is fully up to < the real url> what to do with the <user info>. 
 
In the blog post I reference in the beginning, I show how the URL http://portal.ibmeventconnect.com can  be transformed to this: http://portal.ibmeventconnect.com@3277338128
 
Looks much the same, right? However, it uses the redirect at-sign, and redirects the call to a Norwegian newspaper (www.vg.no) were I have converted www.vg.no's IP address to an integer. All valid URL-stuff, but easy to overlook. 

I therefore hope IBM will allow a configurable dialog box to pop up when such links are clicked, to both warn - and possible show where the link would end up.

 
iPhone View | Classic View