Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XARF URL defanging #32

Closed
rommelfs opened this issue Apr 28, 2022 · 1 comment
Closed

XARF URL defanging #32

rommelfs opened this issue Apr 28, 2022 · 1 comment

Comments

@rommelfs
Copy link

I apologise if I didn't spot it, but is XARF supporting defanged URLs in one of other way?
I just want to be sure that an XARF attachment is not being blocked by some smart mail filter rule because of malicious indicators.
@Maximilian-Staab
Copy link
Contributor

The schema currently doesn't allow for defanged URLs in any way, and I don't think it's something we will support in the future.

Here's the reasoning behind that:

  1. Defanged urls often used to prevent accidental clicks from abuse-desk workers. This should be a non issue for XARF, because the schema is intended to be processed automatically.
  2. Spam filters on abuse addresses are never a good Idea1 and should't be a reason for adding defanged urls. We even made a video about this issue a while ago: https://www.youtube.com/watch?v=1xeLcHIkTMo
  3. Someone who runs a spam filter on their abuse address probably won't be diligent about the incoming messages anyway.

I know this won't help you, but I hope this clarifies a few things.

Footnotes

  1. A spam filter could dislike many things about XARF reports and trying to circumvent them won't increase the quality of such reports.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@rommelfs @Maximilian-Staab