Does your newsletter have a virus?

Search First! Then browse: Categories | Full Archive | By Date | Newsletter

Summary: Occasionally, the Ask Leo! newsletter will get flagged as having a virus or malware. It doesn't. We'll look at why this happens.

What do you make out of this ? I get it every time you send me a newsletter.

"The MessageLabs Email Security System discovered a possible virus or unauthorised code (such as a Trojan) in an email sent to you. The email has now been quarantined and was not delivered."

•

What we have here is what's called a "false positive" - your security software claiming that something it potentially malicious when it isn't.

We'll look at how this can happen, and possible steps you can take to avoid the issue.

•

The most common reason that these false positives get reported is when a link's visible text doesn't match the destination. The classic case that they're looking for is something like this:

http://paypal.com

"The most common reason that these false positives get reported is when a link's visible text doesn't match the destination."

Click on that link and you will not go to paypal, but somewhere else entirely. In this example it's benign, but in real life it's often not, and often a fundamental technique used in phishing attempts.

Here's the problem ... there are legitimate reasons to do something like that. For example, when I include a link in my newsletter, the actual destination may be routed through my newsletter mailing service so as to track which links seems to be of the most interest to the most people. They do that by making the destination of the different than what you see.

Here's another example using my own technology:

microsoft.com

If you click on that you will indeed go do Microsoft's web site, but if you look at the actual destination of the link on the page, it's not Microsoft at all, it's http://go.ask-leo.com/ms. When you click on that link it first goes to go.ask-leo.com, and looks up the URL associated with the token "ms". It then counts the fact that the link was clicked, and redirects you to the real destination.

It's a very common and legitimate technique used in newsletters, in ads, and here at Ask Leo!.

However, some anti-malware tools don't like it.

Your options:

If your security software or spam filter allows it, "white list" the email address from which the email is coming from. In my case that's "leo@ask-leo.com" and "leosanswers@aweber.com".
If you don't have the option to whitelist specific email addresses, often adding those addresses to your address book or contact list will have a similar effect.
Look for options that may allow you to control the types of things that the software scans for and turn them off.
If you don't have control over the software that's scanning your email, complain to the appropriate people that it's preventing you from receiving legitimate emails that you requested.
Finally, if need be, use a different email provider. Gmail appears to be handing the newsletter without problem, for example.

But the bottom line is that, no, the Ask Leo! newsletter does not have a virus, or any malicious content. Any tools that say so are just ... well ... wrong.

Related:

Phishing? What's Phishing? Phishing is a way that internet scammers trick you into providing your personal and financial details. Phishing opens the door to identity theft, and more.
Why am I getting warnings from your newsletter and site links? A recent newsletter surfaced warnings from a couple of security services. As a result, we'll look at what false positives are, and what to do.
Why am I sometimes not getting your newsletter? Like any newsletter, "Leo's Answers" the weekly newsletter from Ask Leo! can sometimes be filtered as spam by mistake. There are things you can do.

Article C3902 - October 22, 2009

Recent Comments

0 Comments

Post a comment on "Does your newsletter have a virus?":

Name: (Required) Email Address: (Required) (Email Address will not be published.) Remember Me? YesNo	By popular demand... my tip jar Buy Leo a Latte!
Comments: (you may use HTML tags for style)	Subscribe to the RSS Feed specifically for comments on this article.

Before commenting, please...

Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored.
Comment only on this article. Use the Google search box at the top of the page if you have a question about something else.
Don't include personal information in the comment. No email addresses. No phone numbers. No physical addresses.

Don't spam. Excessive links to unrelated sites within a comment or across multiple comments will cause all such comments to be removed.
Don't ask me to recover lost passwords or hacked accounts. I can't, and those comments will be deleted.
I can't respond to every comment. And I can't vouch for the accuracy of others who do.

Read Why didn't you answer my question? for hints on getting an answer.
By posting a comment you agree to the Terms of Service. Don't agree? Don't post.
Read the article at the top of this page. If your comment shows you didn't, it'll be deleted and ignored. Yes, I'm saying this twice; you'd be amazed.

Please wait. Your comment is being processed ...

Question? Ask Leo!

Terms, Conditions & Privacy
Product Reviews, Recommendations and Affiliate Links Disclosure