As a Campaign Monitor customer, you are probably well aware of phishing – attempting to steal private or sensitive information by enticing people to click a link to your fraudulent website. What you might not know is that some email clients have phishing detection built in.
Normally that’s a fantastic feature for protecting people, but it can also catch legitimate emails, including those sent from Campaign Monitor. Here’s the deal:
The problem
One of the ways phishing is detected is comparing the actual href URL to what is shown to the reader of the email. When you import your email into Campaign Monitor, we take all your links, and convert them to a Campaign Monitor URL, so we can track who clicked them, report on it, and send them on to your original destination.
So your original HTML might be
<a href=”https://www.abcwidgets.com“>https://www.abcwidgets.com</a>
but once you have imported it, it will look something like
<a href=”https://abcwidgets.create…com/t/y/l/dijkdh/l/t“>https://www.abcwidgets.com</a>
It is the mismatch between the link text (which is https://www.abcwidgets.com) and the actual href URL that phishing software can pick up on, and then trigger alerts.
The simple solution
You’ll just want to make sure to stay away from using URLs as the visible link text in your campaigns, and in templates you create for your clients. Use the website name instead, as in
<a href=”https://www.abcwidgets.com“>The ABC Widgets website</a>
That way there is no mismatch, and no security issues. It’s very simple to avoid, once you know about the problem.
