Computer: Web: Linking
@-sign URL warning   (+2)  [vote for, against]
Warn of certain suspicious URLs containing "@" sign

One scam which is starting to appear in emails and other places is the jinxed link like <a href="http:// www.ebay.com/ whatever /anyone/wants/to/ put/ here/ ABC123456789?q=45984124@ehay.com/ login">https:// www.ebay.com</a>. A user clicking on the link would expect to go to ebay.com, but would instead be sent to ehay.com.

Since I'm not aware of any legitimate reason for a URL to contain an "@" sign [with URL-ish looking text to the left of it], it would a browser could pop up a warning to indicate that a link contains an "@" sign [and suspicious text to the left] and thus is likely not as it appears. [Comments in brackets added]
-- supercat, Aug 20 2003

The @ sign is used to separate username/password from URL in links that require a password like:

ftp://user:pass@my.ftpsite.com

-- DeathNinja, Aug 20 2003


DeathNinja: Thanks for that information. It would seem that the warning could still be applied if the stuff to the left of the @ sign starts with what appears to be a hostname and path.
-- supercat, Aug 21 2003


The @ sign is used (generally lots of times) in the URLs of Lotus Domino servers. Plus when the anchor points to an email address "<a href="mailto://...".
-- st3f, Aug 21 2003


Sites that don't use password authetication ignore everything in front of the @ symbol.

Placing a URL in a spam message like: http://www.happycuddleclub.com/ index.html@pornosite.com/custardsluts/index.html would give the people the idea that the Happy Cuddle Club was where they were going.

Giving an option (defeatable) to tell the person there's an @ symbol (other than a mailto: link) in the link is a definate +.

That being said, all bets are off if you are clicking on links in spam. Just don't do it, OK?
-- Cedar Park, Aug 21 2003


Baked. Opera already does this. Trying to go to http://news.bbc.co.uk@fuckwittage.org/ pops up an OK/Cancel box saying:

Security warning:

You are about to go to an address containing a username.

Username: news.bbc.co.uk Server: fuckwittage.org

Are you sure you want to go to this address?
-- ashok, Aug 21 2003


// it would a browser could pop up a warning to indicate that a link contains an "@" sign and thus is likely not as it appears. [supercat, 8/20/03]//

Might have been read as "...it would [be nice if...], or [satisfy my expectations if...], or [be the least I'd accept for the big bucks I shell out each month for this ISP if...] a browser could pop up..."

Heh...Good idea, supercat. I'm convinced you posted correctly but those jerks @ ehay.com sabotaged your message.
-- jurist, Aug 21 2003


I agree on the popups. My boss has a collection on his office door of an astonishing variety of annoying popups produced by various applications. Perhaps a "balloon help" could appear near the URL bar explaining it. The nice thing about those is they catch your attention, but go away on their own.
-- krelnik, Aug 21 2003


As has been noted, there are legitimate reasons to have a URL of the form http://user:pass@wherever.com. On the other hand, it would seem unlikely that usernames and/or passwords would take the form of valid-looking URL's. A username of domain.com would be plausible, but domain.com/otherstuff would seem rather dodgy.

Besides, even if there were an erroneous pop-up, if it were possible to tell the computer "this particular hostname legitimately expects user/pass; don't bother me about it again" I don't think the occasional popups thus generated would be a problem.
-- supercat, Aug 21 2003


sorry, [Ravenswood], my browser (IE 6.0) just scrolls the text off, unreadable or scrollable to the right. This didn't used to happen. Maybe someone changed the CSS code to not mess up the format, but needs a certain browser to work...
-- Cedar Park, Aug 21 2003


This feature (HTTP logins) was removed from Internet Explorer for this reason.

Strange that Firefox exhibits this flaw while IE doesn't.
-- Improfane, Dec 30 2008


// This feature (HTTP logins) was removed from Internet Explorer for this reason.

That's news to me. (For one, it would significantly disrupt operations of many sites that use it to log in their users.) Which specific version are you talking about? Can you point to more documentation about the feature you're referring to?
-- jutta, Dec 30 2008


I haven't used IE for years, but i have seen a warning to this effect from Opera and assumed it was a standard feature. I presume that it was implemented after this idea was posted.
-- nineteenthly, Dec 30 2008



random, halfbakery