14. Phishing and HTML Links


Many email clients are being updated to detect phishing attempts. “Phishing” is the industry nickname for the effort to collect sensitive personal and financial information by sending forged emails that look as if they come from an authorized agency, such as a bank, financial service, ecommerce provider or government agency.
Both Mozilla Thunderbird and AOL 9.0 feature phishing scam detection that will affect how your email is treated. To determine whether an email could be a phishing scam, the client looks for a link in your HTML campaign where the display text is a URL.

If the displayed link is different from the actual URL, the client alerts the user.

Most email service providers encode your URLs for tracking, and change the URL within the <HREF> tag.

<a href=”http://www.yoursite.com”>http://www.yoursite.com</a>

The change might look like this:

<a href=”http://ESP.com/c.html?rtr=on&s=3d2,l8xr,pt,37e5,6bav”>http://www.yoursite.com</a>

To avoid having your emails erroneously tagged as phishing attempts, don’t use a URL as the display text for a link in any HTML emails. Instead, use a word or phrase which describes the link itself.

<a href=”http://www.yoursite.com”>Visit us here</a>

Most of the email clients also mark the mails with Phishing tag, if the email message contains any hardcoded IP addresses in links, instead of domain name.

Hence it is advised to use only domain names in all links.

Now a days more and more ISPs are recommending the email senders to implement DKIM for authentication of the sending domains that actually send the mails, to restrict senders to use the sender address to the email sending domain or DKIM to be setup for each sender address. ISPs give higher preference for such senders for inbox deliverability and provide spam complaint feedback loops.

Hence Marketers are advised to get the DKIM setup for their email infrastructure through their service providers.

Read earlier blogs on the subject “Guide to a Better HTML Email Design” on Kenscio Blog.