[Macworld.com]

Learn how to examine suspicious links in Mail, before you open them in a browser. [more]

[rameeti]

Eudora is a bit smarter about displaying this helpful information. Eudora only displays the yellow tips box when the real url behind the scenes is different than the displayed url. This allows for the user to deal with exceptions rather than getting the box at every link which will only cause the user to typically overlook the bad guys.

[JMStafford]

In reply to:

---

Eudora is a bit smarter about displaying this helpful information. Eudora only displays the yellow tips box when the real url behind the scenes is different than the displayed url. This allows for the user to deal with exceptions rather than getting the box at every link which will only cause the user to typically overlook the bad guys.

---

Mail doesn't display URLs for EVERY link, just the ones that you hover over.
I really wish that M$ would add this to Entourage.

[griffman]

Though it wasn't clear in my tip, that's how Mail acts, too. It only shows links that have been hidden with URL references. For example:
Please visit <a href="http://www.somesite.com">my great page</a> for some info on this...
That would have a pop-up when you hover over it, but this would not:
Please visit http://www.somesite.com for some info on this...
-rob.

[airbusdriver]

In reply to:

---

Mail doesn't display URLs for EVERY link, just the ones that you hover over.

---

And that is the distinction the other newby poster was trying to show. Eudora only displays the real url IF it is not the same as the displayed url and you mouse over it. Thus, the act of just starting to click the link will indicate that there may be a problem, only if there is a 'spoofed' link. With fewer 'warnings' the user will, hopefully be more aware of the ones she gets.
The only real advice I saw in the 'article' that is valid for any email reader is to NEVER, Ever click on a link in any email! If you really think there has been a problem at your bank/eBay/PayPal/etc. site, ALWAYS use a browser and a bookmarked link to that site. Period.
Secondly, you can safely trash 99.9% of any email that does not use you name. Valid businesses just don't address emails to 'Valued Customer'! If they do, I'd send them [u]one_ a "been nice doing business with you, so long' message! /forums/ubbthreads/images/graemlins/wink.gif

[jdb8167]

In reply to:

---

The only real advice I saw in the 'article' that is valid for any email reader is to NEVER, Ever click on a link in any email! If you really think there has been a problem at your bank/eBay/PayPal/etc. site, ALWAYS use a browser and a bookmarked link to that site. Period.

---

This is the only advice to follow. There is a spoofing/phishing exploit in the latest version of Safari and Mail.app that is still unpatched. You can mask a button to look like it is going to go to one site and then it actually goes to another. There is no way in the Safari or in Mail.app to see the actual destination without looking at the HTML source.
Go here for more information: SecureOSX--Image Control Status Bar Spoofing Weakness . This has been reported to the WebKit team on the Open Darwin Bug Site.

[schoonerman]

Many people miss the fact that
http://www.macworld....xample.com?blah
and
http://www.macworld....lah@example.com
and things like that go nowhere near macworld.com. So just presenting the URL probably isn't enough.
Thunderbird does better (but may eventually get Mozilla.org sued for defamation, I suppose), it puts a banner at the top of the message with the yellow-triangle-! warning icon, the words "Thunderbird thinks this might may be a scam." and a "Not a Scam" button (whose presence seems marginal).
Something like "SpoofStick"
http://www.spoofstick.com/
seemingly will appear as standard in most browsers soon. (Last I knew, Apple had not publicly climbed aboard, but that's somewhat old information.)
--John

[rjenkins1]

I still think Outlook is the best /forums/ubbthreads/images/graemlins/grin.gif I need a flame-suit, quick.
rufus
linux cds

[schoonerman]

Don't use your well-known email address to register with anyone. Give eBay, PayPal, your bank, etc some other address you can get mail in some other email account (or your main account if you like, but then learn how to tell what address the message was sent to). When the phishers hit your well-known address, you can toss the messages without bothering with them.
For product registrations, perhaps use a Yahoo account. (I go farther: every vendor gets a unique email address for me, so I can tell who sells or leaks: I "fired" one vendor last year thanks to that--and I actually find less selling and leaking than I expected.)