Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

No need, my IT already do this by running the MimeCast email filter [1]. Links to non-whitelist sites are expressed in the format:

    https://url.uk.m.mimecastprotect.com/s/<random_string>?domain=<domain_name>
Maybe I can tell the link is from Google, but not what is likely to be in the URL. It's a complete surprise as to whether I will be looking at a web page or downloading something.

[1] https://www.mimecast.com/



My favorite part of mimecast is that their servers apparently can't handle normal volume and regularly time out before redirecting to the destination URL.


That's a feature, not a bug. If the user can't load the redirection, they can't get phished! Problem solved.

If anyone complains, refer them to the security department to be audited. It's really rather suspicious when someone values doing their job above security.


Now you just need a browser plugin to extract the domain name and fix it, problem solved.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: