“Foghorn” takes users out of phish-fighting with DNS “greylisting”

Clickers gonna click. Despite mandatory corporate training, general security awareness, and constant harping about the risks of clicking on unverified links in e-mails and other documents, people have been, are now, and forever will click links where exploit kits and malware lurk. It's simply too easy with the slightest amount of targeted work to convince users to click.

Eric Rand and Nik Labelle believe they have an answer to this problem—an answer that could potentially derail not just phishing attacks but other manner of malware as well. Instead of relying on the intelligence of users, Rand and Labele have been working on software that takes humans completely out of the loop in phishing defense by giving clicks on previously unseen domains a time out, "greylisting" them for 24 hours by default. The software, a project called Foghorn, does this by intercepting requests made to the Domain Name Service (DNS).

Greylisting has been used in spam filtering for e-mails, where it deliberately delays e-mails delivered from previously unseen sources and sends temporary errors back to the sender for a few minutes or hours. Spam greylisting operates under the assumption that a real mail server will re-attempt delivery, while spambots likely will not.