Mutt uses the rather nice urlview program to extract URLs out of email messages for easy selection. urlview's handler script can also be hijacked to do whatever you want. I've set mine up to generate an HTML file in the server's webspace. This HTML file has a meta refresh tag to immediately redirect the browser to the URL of interest.

Now when I get a URL in an email I hit ^b to invoke urlview, select the URL I want, load a web browser on the target machine and choose my bookmark for my own URL redirector.

To set this up yourself:

1. Install the urlview package

   aptitude install urlview

2. Modify /etc/urlview/url_handler.sh to call your own script. I put the following line under the user-configurable settings but before their own handler:

   /usr/local/bin/sharelink.sh $1
   

3. (Optional) Disable the http handler so that you don't end up loading elinks or something else on the computer running mutt:

   http_prgs=""

4. Create a world-writable file in the machine's webspace: (but not world-deletable! The parent directory should only be writable by www-data or root.)

   touch /var/www/link.htm
   chmod 0666 link.htm

5. Create a script to generate that link.htm. In my case I used this following in /usr/local/bin/sharelink.sh:

   #!/bin/bash
   
   LINKFILE=/var/www/link.htm
   url=$1
   
   cat > $LINKFILE <<EOF
   <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
   "http://www.w3.org/TR/html4/strict.dtd">
   <html>
   <head><title>Email Link Redirector</title>
   <meta http-equiv="refresh" content="0; URL=$url"></head>
   <body><h1>Redirecting</h1><p><a href="$url">$url</a></body>
   </html>
   EOF

Coming up with a cool way of retrieving attached files is left as an exercise to the reader.

Why do I bother and why should you care?

Anyone can send email claiming to be anyone. It's fairly straightforward to write an email assuming somebody else's address and identity. If the recipient knows to only trust a message which has a cryptographic signature certifying that it is valid, fraudulent messages can be ignored or at least confirmed. This problem is reasonably widespread, more for sending spam from reputable-sounding email addresses in the cases that I've seen so far.

In addition, almost all email is sent in plain text. Anybody who runs any computers between you and the recipient of the email can read its entire contents if they want. If you're using a cryptographic system you can also encrypt your message so that only the exact people you want can read it.

It's reasonably obvious that this crytography business is quite a good idea, so why isn't it widely used by everyday internet users? Probably because it isn't yet widely used by everyday internet users. To get in on this, you need to generate a key of your own and run some extra software to do the cryptography for you.

1. Generate a key. This will have two halves -- a public key and a private key. It will also have a password. You keep the private part and the password completely secret, but you need both of them to make it work.
2. Publish the public key to the world. Give it to your friends. Upload it to a public keyserver. They can use this to send you encrypted mail or to verify your email signatures.
3. Sign your friends' keys to indicate that you, the holder of your key, have decided that the person who owns the other key is who they say they are. Hopefully they'll do the same for you, and this builds the "web of trust" -- if you trust your friend's key, and they trust someone else's, you can probably trust it too. If ten of your friends trust another key you can be even more certain that it's trustworthy. (It's worth knowing that there are formal requirements set down for trusting someone's key -- don't sign a stranger's key!)

What you need is GnuPG, a free and open source PGP implementation. You can download it for Windows or for Mac. Installation on Linux is as normal with your package manager. Then you need some integration for your mail client. If you're using Thunderbird try Enigmail.

It's not that hard and it's probably the most trustworthy way of verifying communications on the 'net that we have. Let's solve this chicken-and-egg problem early so we have something to fall back on if and when identity theft, fraud and spam make the current situation untenable.

My key id: 0x6F3A5B84 <http://arctanx.id.au/tk-pub-key.txt> Please feel free to use it.