It is insane because it brings literally nothing security-wise (an attacker can ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		littlestymaar on Jan 9, 2025 \| parent \| context \| favorite \| on: Magic/tragic email links: don't make them the only... It is insane because it brings literally nothing security-wise (an attacker can easily detect that the link is being opened from something else than an end-user's browser, and not deliver the payload) while actualy compromising the security of their users (by allowing an attacker to know which addresses exist and which do not, which is very useful if you want to attack companies).

ctm92 on Jan 15, 2025 | [–]

It does not only show to attackers that your address exists, it also shows that it is hosted on Microsoft 365 and is ATP is licensed.

saagarjha on Jan 12, 2025 | [–]

The idea is that the pre-fetching is done by an environment that looks similar to the end-user's browser.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact