The Department of Defense is breaking HTML links in mail to .mil domains. This is part of the DoD’s attempt to curtail phishing.
a great majority of intrusions into Pentagon networks are the result of the kind of human error that is exploited in phishing attacks, in which seemingly trustworthy e-mail links are used as attack vectors to hijack user computers, install malware or steal credentials.
Instead of being able to click on links, .mil recipients will have to cut and paste links into a browser in order to visit the website. This will also affect open tracking and break images in emails.
If you’re sending to .mil domains, plain text is going to be best. The DoD has had a policy of not rendering HTML, but some mail clients still did. Now the DoD is taking extra steps to break links.
My suggestions for senders who need to send mail to .mil domains:
- Use plain text.
- Make links as short as possible so that they’re easier to cut and paste.
- Call to actions are even more important as you’re asking for an extra step.
- For those of you who can, try and get an address that’s not .mil
For mailers who might sometimes get .mil addresses on your lists, think about whether or not you really want to allow them. Try to get a different address for them. Deliverability will be easier and your pretty HTML can be displayed.
RSS - Posts
One government agency is conducting weekly anti-phishing training over the course of the last several months. It is becoming more and more sophisticated, to the point where I had to look up the IP address that the target URL resolved to and then look at the reverse DNS of that IP address before it was obvious that the message wasn’t legitimate.
The fed is getting serious about making this stop.
Nice post. Specially last phrase.
Great Post. Good Luck
Seems like it will be pretty effective