I wonder if there are any SaaS providers out their implementing DNS filtering for their users as part of their product. Say if you're running a high-traffic platform for content sharing, it would probably be trivial to alert users that they're about to clicking on a potentially risky link forcing a user to copy/edit haxxs://evil.com instead of sending them there and pushing the responsibility for protection to the user.
It would mean a massive overhead in DNS queries (as opposed to passing the link on to the frontend) for a large site, but wouldn't this be something a DNS caching could easily handle?
While this wouldn't do anything to reduce actual spear phishing by email, it would reduce the possibility of spreading links widely on big social media sites.
I'm probably missing something though because sure others would have thought about such an obvious thing and turn it into a feature.
Edit: I forgot that you'd also have the overhead parsing the link so it's not just extra DNS. still ...
Google and twitter does that by default. If you try to click on any link from their search / tweet feed, it will be blocked if they flag it as phishing.
There are multiple phishing blacklists that any provider can leverage.
It would mean a massive overhead in DNS queries (as opposed to passing the link on to the frontend) for a large site, but wouldn't this be something a DNS caching could easily handle?
While this wouldn't do anything to reduce actual spear phishing by email, it would reduce the possibility of spreading links widely on big social media sites.
I'm probably missing something though because sure others would have thought about such an obvious thing and turn it into a feature.
Edit: I forgot that you'd also have the overhead parsing the link so it's not just extra DNS. still ...