Phishing is often done by cloaking a URL. The following URL for instance, might seem to lead to PayPal, while it actually leads to my GitHub account. Sephia Five though, will intelligently parse all URLs in your emails, and explicitly make sure that any URLs shows the domain they’re leading to. The previous PayPal example for instance, would end up looking like the following in Sephia Five; PayPal (github.com). This makes it more difficult for an adversary, looking to trick you into doing something stupid, to actually become able of doing the previously said stupid thing. Maybe I am naive, but I think that by displaying the actual root domain like Sephia Five does, might prevent a lot of potential fishing attacks, leading to malicious websites, looking to hack into your computer one way or another.
There are millions of similar tiny details in Sephia Five, which keeps you safe, as you read your emails. For instance, when you click a link, no referrer HTTP header will be transmitted to the server the link leads to. This is such a simple and tiny little detail, yet still crucial for preventing an adversary to gain knowledge about your system, that it actually eludes me that not all webmail vendors have done this a long time ago. Every single day, thousands of naive and innocent people are being tricket into clicking a link, they shouldn’t have clicked. However …
If the fish can see the hook, he probably won’t bite.
It’s really that freakin’ simple!