Blog

18 Comments

1. Jeff Adams
   October 31, 2005 12:58pm

   Nice tip David, I just started noticing this with thunderbird and wondered why it happend. Thanks for the enlightenment.

2. Adam DuVander
   October 31, 2005 1:45pm

   I have been guilty of using a URL as display text for a link. I did this because I thought text emails would look better that way. How would the text version of your example look?

3. Dave Greiner
   October 31, 2005 1:52pm

   Adam, this problem only applies to HTML emails, because there’s no way of disguising a link in a text email. Also, we don’t convert and track text email links, so you’d be safe anyway.

4. Kris
   October 31, 2005 8:36pm

   Nice article, good to know! Couldn’t there be an option to disable ‘link conversion’ for individual text links? This way, the link itself off course wouldn’t be tracked .. but it would be possible to display http://www.whateveryouwant.tld as a link to the corresponding website without being a potential phishing scammer.

5. Dave Greiner
   October 31, 2005 8:45pm

   Kris, we would consider adding support to disable link tracking for certain links, but we’d need to have quite a few requests before it was considered. Right now, the best approach would be to avoid using a URL as the display text altogether.

   If this feature becomes more widely supported in other email clients - we’d certainly consider implementing it.

6. Carson
   November 1, 2005 2:39am

   Hey David, what if we set the clickable text as something like MySite.com (without the www. stuff)?  Does that have the same reaction?

7. Dave Greiner
   November 1, 2005 4:18pm

   Hey Carson. In my testing that didn’t actually flag the message, but there’s pretty limited documentation available on the Thunderbird site. If I were you I’d take the safe route and also add some other text, like “Visit MySite.com”, just to make sure.

8. Carson McComas
   November 2, 2005 7:40am

   Yeah that’s what I ended up doing, no sense in tempting fate. Thanks!

9. Scotty
   November 3, 2005 6:14am

   According to Trust-e and Ernst & Young (http://www.trustee.org) they have a PDF on “How Not to Look Like a Phish”, they are suggesting the exact opposite: “Donít use ìclick here?? hyperlinks.”.

   Link to pdf: <a href=“http://www.truste.org/pdf/How_Not_Look_Like_Phish.pdf” rel=“nofollow”>http://www.truste.org/pdf/How_Not_Look_Like_Phish.pdf</a>

   I agree with their reasoning on this one since the program lokos to see if the link and URL in the <a> tags are the same or different. Basic forms of phishing disguise the true link under the shown text.</a>

10. Dave Greiner
    November 3, 2005 11:44am

    Scotty, thanks for the heads up on that report, hadn’t seen it before.

    My impression from that part of the report was more about getting your customers to be sceptical about “click here” links in general, but it wasn’t really saying that these links make you look like a phisher.

    Personally I’m not sure how much weight I’d give that suggestion anyway. Non URL link text is used in a very large percentage of all HTML emails we deliver (and receive) and is an intuitive and practical way to inform the user where the link goes. Also, it ensures you aren’t flagged as a potential phisher by these 2 (and potentially more in the future) email clients.

11. Simon Preston
    April 18, 2006 1:37pm

    I work for a large publisher. An issue that has started to rear its ugly head for us, is Outlook SP2s phishing filter. Most new computers come with this functionality automatically enabled. Basically, the service pack looks at each individual email on merit and then decides if it’s a phishing scam of not. If it thinks your email message is a scam it disables all of the links in it. Even if you add your name to the safe senders list doesn’t have a positive impact - as the address could be spoofed. As I’ve said it just looks at the construction of the email. Too many ‘click here’ type links can trigger it. I heard about one sender who had a Spam warning at the foot of their email message - this triggered the anti phishing software. Has anyone else had similar problems? Does anyone have a solution? There is predicatably little guidance on Microsoft’s site.

12. Paul Burgess
    May 12, 2006 2:44am

    This must be a joke. I just received an email with such a link in it, and was positive that it was a phishing scam. Not until I searched the domain and ended up here did I realize what it could be.
    Not only does the link look suspicious, but the domain is hosted with private whois info, so I cannot pinpoint or verify the accuracy of the service.
    All the reasons that are given to NOT look like a phishing email, MAKE it look like a phishing email.

13. David
    August 31, 2006 8:05am

    When ebay?sends me a mail like this I delete it along with all the 15million other ones.
    http://ebay.yourdomain.com/.aspx/l/....

    A listing in SORBS was not good either.

    0.6 SARE_UNI           RAW: SARE_UNI
    1.5 RCVD_IN_SORBS_WEB     RBL: SORBS: sender is a abuseable web server
                      [64.79.4.243 listed in dnsbl.sorbs.net]
    4.0 SARE_FORGED_EBAY     Message appears to be forged, (ebay.com)
    100 SARE_FEB_BLOCKER     SARE_FEB_BLOCKER

14. Dave Greiner
    September 1, 2006 12:09pm

    Hi David,

    As you noted, eBay have recently started using Campaign Monitor for some of their email newsletters. As you also mentioned, they are in the unfortunate position of being such a popular target for phishing scams today.

    We have already approached them about disabling link tracking in their emails to ensure all links go straight to the eBay servers. This among a number of other changes we discussed with them should help to alleviate any concerns their recipients might have.

    Also, I can confirm 100% that none of Campaign Monitor’s mail servers are listed in the SORBS blacklist network. In fact, the IP address you mentioned (64.79.4.243) isn’t one of ours. It may be the original IP of the eBay team member who send the campaign, but I’d have to look into that before I could confirm it. At any rate, we’ve let them know about the issue.

    Feel free to double check any of our mail server IP’s across all of the popular RBL’s here: <a href=“http://www.robtex.com/rbls/” rel=“nofollow”>http://www.robtex.com/rbls/</a>

    Our current IP’s are:
    69.16.197.37
    209.59.181.2
    209.59.181.6
    209.59.181.10
    209.59.181.30

    Thanks again for your thoughts.

15. David
    September 12, 2006 8:49am

    Thanks for the reply

    Your right came from someone else to you just to make it look a little more fishy.

    Received: from [64.79.4.243] by M1.campaignmonitor.com via HTTP; Thu, 31 Aug 2006 05:37:17 +1000

    Hope you can fix this up because I like my ebay news.

    Thnaks

16. Joshua
    October 24, 2006 6:07am

    As somebody who both sends and receives email from Campaign Monitor, I have to agree that the tracking address can look suspicious to the recipient. In addition, I’ve been subscribed to the Threadless newsletter for three or four years now (wearing one of their tees now, actually…) but only in recent months my web hosts spam filters been quarentining their emails. Not all the time, but sometimes. I see these emails in a weekly spam report and just leave it there and manually check out the site.

    If you’re interested, I’m on DreamHost and the emails tend to get about 4 or so on the SpamCop (I think it is) filter. I really should just go whitelist them, but I thought it warrented mentioning.

    Still, this is the best service of it’s kind of come upon!

17. Mathew Patterson
    August 30, 2007 2:44pm

    

    Just in case you haven’t come across it, we have added the ability to turn off link tracking and image converting since this blog post.

18. Dave Greiner
    August 30, 2007 11:25pm

    On top of this, we’ve also added support for email authentication, which is a great way to ensure your emails never look like phishing emails and also that you protect your domain against others trying to abuse it.

Comments for this entry are closed.