----- Original Message ----- > From: "William Herrin" <b...@herrin.us>
> Big problem with clickable objects which lead to PII (personally > identifiable information) or passwords. That's how phishing works -- a > disguised url that you either see at all or whose incorrect nature > slips right past your brain. The only known working solution is to > train folks to *never* click security-related URLs in email. Copy and > paste only, and only if they're readable and read right. And right there, Bill, is the part we so rarely understand, and it kills us: Even lots of *technical* people just don't understand what "a security- related URL" *is*, and there's almost always no way to teach them. So it's necessary to throw the baby out with the bathwater, and tell them never to click on a link... MUA's that support HTML at all, much less they fail to tell the user when a text URL doesn't match the actual link, are the underlying culprits here... Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
