As a Campaign Monitor customer, you are probably well aware of phishing – attempting to steal private or sensitive information by enticing people to click a link to your fraudulent website. What you might not know is that some email clients have phishing detection built in.

Normally that’s a fantastic feature for protecting people, but it can also catch legitimate emails, including those sent from Campaign Monitor. Here’s the deal:

The problem

One of the ways phishing is detected is comparing the actual href URL to what is shown to the reader of the email. When you import your email into Campaign Monitor, we take all your links, and convert them to a Campaign Monitor URL, so we can track who clicked them, report on it, and send them on to your original destination.

So your original HTML might be

<a href=”“></a>

but once you have imported it, it will look something like

<a href=”http://abcwidgets.create…com/t/y/l/dijkdh/l/t“></a>

It is the mismatch between the link text (which is and the actual href URL that phishing software can pick up on, and then trigger alerts.

The simple solution

You’ll just want to make sure to stay away from using URLs as the visible link text in your campaigns, and in templates you create for your clients. Use the website name instead, as in

<a href=”“>The ABC Widgets website</a>

That way there is no mismatch, and no security issues. It’s very simple to avoid, once you know about the problem.

  • Richard Pearce

    Have you tested to see what happens in a plain text campaign?

  • David Greiner

    Hi Richard,

    We don’t allow link tracking for plain text campaigns, so this is only an issue in HTML emails.

  • Jeph Kryzak

    I know Gmail does this. What other mail services do we know that does this?

    The major drawback to this, according to my CM reports, is that people click links that say “www…” far more (~60%) than “Event Title.”

  • Frances Dugan

    good to know – thanks for the info!

  • Jake Holman

    This is brilliant advice, seriously. When your email is marked as a Phishing Email, you can be sure people won’t do anything other than delete it.

    @Jeph – Hotmail, Web Exchange, Yahoo do this to my knowledge. As well as most Anti-Virus, Firewalls & Anti-Phishing. Also, it’s ~60% higher only because the call to actions on other links isn’t obvious enough. If a link isn’t obvious enough, don’t send the email.

  • Pete Prodoehl

    From a branding perspective, this makes me sad… as we commonly use where “NameOfBusiness” is the link text, which helps build awareness of the URL, and is available if the email is printed out. Do you know if it will still be marked as a phishing attempt if the email address it comes from is in the address book of the receiver?

  • george

    It is unfortunate, we also use it.

    But what if the the link is to the same domain only to different page on the site? for example” would that still be a problem is some clients?

  • Jonathan

    This is perfectly logical, but regrettable.

    Campaign Monitor could offer a workaround. Don’t burn the heretic, but you could allow us to tag a URL as non-trackable, which would then not be converted by CM. Sure, no click stats, but these are probably for generic links in an address block or the like. It would be up to us to choose. Change the link text and track, leave it and risk being phishicated, or sacrifice the tracking.

    Happy Tuesday.

  • Chris McMahon

    I second Jonathan’s suggestion

  • Version-X

    As a simple alternative way to get the actual URL in there you could always do a graphical button with the in it.

  • Matthew

    Jonathan, Chris, you can indeed do this. Add cm_dontconvertlink to your links. And cm_dontimportimage works for img tags.

  • Simon

    What about as the text inside the A tags? (Without the http:// prefix) Will this also cause the same problem?

  • Derek Harris

    This is not specific to Campaign Monitor as many ESPs will change the URL to allow for link tracking. I have worked for a number of ESPs over the years and this issue has come up, but it has never been as prevalent as in the last year or so. Emailers will need to adapt, just like we had to adapt to the new MS Outlook and CSS changes.

  • Idea Man

    Would URLs as link text be flagged as a phishing link if tracking was done via a subdomain that points to CM…?

  • Mathew Patterson

    As far as we have seen, having the http part in, or not in the rendered text doesn’t make any difference, it will still be flagged, so better to avoid it.

    As Matthew mentioned above, you can turn off link tracking for individual links – see for details. That will avoid the issue at the cost of losing tracking.

  • Harish


    I like this website very much. There are lots of informations that a designer needs to be.

    Hey guys, do you have another such kind of websites that is beneficial for a web designer. Please send me the URLs at

    I shall be really thankful to you all. Hope I will get lots of good URLs from you all soon.


  • Simon

    My comment above automatically inserted http://

    If you didn’t use the protocol prefix, would there still be a problem?

  • George

    My solution: create a redirect from your domain to CM tracking url which then redirects back to your website URL.

    So url will be

    The redirection script will then point to your tracking url.

  • Michael Wickler

    Matthew, can you be more specific?

    When you say: “Add cm_dontconvertlink to your links. And cm_dontimportimage works for img tags.”

    How do you add these to your tags? Are they IDs, classes, something else?

  • Michael Wickler

    Ah, I found my answer. Add cm_dontconvertlink to the link tag as a stand-alone item (not an id/class/etc.) which is then removed during the send, leaving an untracked/clean URL. This is a nice quick solution when it’s crucial to have display text match the URL, as long as you can live without the tracking. Otherwise George’s solution seems good.

  • PamelaLYNC

    I love it! That is way cool man! The steps weren’t that complicated too, which is great.

  • Arwyn Bailey

    It still does not work.

    I am using Campaign monitor, i import the html file, and no matter what i do your software inserts jibberish and this means that the browser CANNOT locate the page.

    I insert the cm_dontimportimage code into the HTML and still, the browser give out the error message that the page CANNOT be found.

    I have complained to the code writers of the templates, they say it is Campaign Monitor.

    I have spent about four days trying to get Campaign monitor to either edit a template loaded, up, or an HTML file, and NOTHING works, as ALL results, on a test email, via Campaign monitor, DO NOT work.

  • Davida Fernandez

    Hi Arwyn, I’m so sorry to hear that you are having struggles importing templates! We’ll be happy to take a look at the templates and code you are using – send us the details here – you’ll receive an email and can reply back and attach the template files and we’ll be happy to investigate.

Want to improve your email marketing? Subscribe to get tips on improving your email marketing delivered to your inbox.

Join 200,000 companies around the world that use Campaign Monitor to run email marketing campaigns that deliver results for their business.

Get started for free