Helping people with computers... one answer at a time.
Occasionally, security software examines links in email and alerts you if something is suspicious. Frequently, as in my newsletter, it's totally benign.
My email client, Thunderbird, thinks that your newsletters are a scam. I get an overall message with the email, plus a warning whenever I click on a link. This doesn't bother me, and no doubt I could fix it by setting something in the client, but it must be happening to others, and I thought you might want to know so you can fix whatever is triggering it.
•
Unfortunately, this happens to a lot of newsletters and other mailings. Needless to say my newsletter's no scam, but seeing as how I do run Thunderbird myself, and how I do occasionally get this report from folks, I thought it worthwhile to explain exactly what Thunderbird is doing, especially since other email programs may be doing something similar.
And it's a good education on how some scams try to fool you.
The scam warning has always thrown too many false positives for my taste, so I'll also show you how to turn it off in Thunderbird.
•
The fundamental issue is very, very simple. Hover over this link (or click, if you like - it's safe):
http://microsoft.com
The URL it links to is not the URL that is displayed. It might be trying to deceive you into clicking on what you see to get you to go somewhere else.
In other words, it might be a scam.
This is very easy to do in HTML. More commonly, the link would be:
Buy Leo Coffee!
Which a) is not displaying a URL at all, but text, and b) is very clear about what to expect when you click.
Now let's look at something a little more sinister:
http://paypal.com
You may think you're clicking on a link to Paypal, but you're not. If the page you land on, however looks like Paypal you may not even notice.
You might get scammed.
Now, not all scams can be easily detected, and not everything that's detected is a scam. However, Thunderbird's scam detection includes something like this simple rule:
-
If the display text of a link "looks like" a URL that begins with http://
-
and if the target of a link is also a URL that begins with http://
-
then if the rest of the URL doesn't match, it might be a scam.
The upshot is that:
http://microsoft.com
would generate the warning (display text and destination are both URLs, but they are different), while
http://buyleoalatte.com
would not - both display and destination are the same. Neither would:
microsoft.com
Since even though the display and destination are different, the displayed text is not a URL.
•
So why is it happening in a non-scam publication like my newsletter?
In fact, it's due to an extremely common and legitimate tool used in legitimate newsletters and other mass emailings: click tracking.
I'll continue to use my newsletter as an example. I occasionally include links, often from advertisers, that are complete URLs. For example: "http://www.FreePrintableCertificates.net" might be both the display text and the destination of an advertiser's link.
When the newsletter is sent, the destination of the link is automatically replaced with a different URL - something like "http://clicks.aweber.com/...". Aweber is my newsletter mailing service, and "clicks.aweber.com" is the domain they use to count clicks. When you click on the link that displays "http://www.FreePrintableCertificates.net" you're actually taken first to "http://clicks.aweber.com/..." where it simply counts the fact that you've clicked on that link, and then automatically forwards you to the intended destination, often faster than you'd ever notice.
But the display text and the destination that are encoded into the email a) are both URLs, and b) are different - so Thunderbird says "this might be a scam".
Even though it's not.
It's an extremely common technique to see just how popular things are. Understanding what people are clicking on is one of many ways that I and my advertisers get a better understanding of exactly what it is that interests people, and how better to target what we do to be more interesting and useful to you.
•
Since it's such a common technique, I personally find little value in having Thunderbird throw the warning all the time, for newsletters that I've signed up for and that I know are not scams. Unfortunately, not all email programs let you "whitelist" or say "these emails are always good" when it comes to scam detecting.
So I turn the feature off.
In Thunderbird's Tools, Options, Privacy, E-mail Scams dialog:
simply make sure that "Tell me if the message I'm reading is a suspected email scam" is unchecked.
Other email programs may have similar settings if you're seeing this warning too often.
Remember, too, that it is just a warning, not an absolute determination. With this feature enabled, which you may elect to do, it's just an alert that you need to tread carefully, nothing more.
And now you'll know what to look for.
Article C3758 - June 10, 2009
Leo A. Notenboom has been playing with computers since he
was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed.
After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers
to common computer and technical questions. More about Leo.
Hey Leo, good post. I guess I am just hoping that all my opt-ins won't be using Thunderbird. I'd like to add that, putting a "Warning: If You Are Using Thunderbird" note on your Aweber Confirmation (right after signup) might be a good idea. Some people see "scam" and instantly freak, and I guarantee this will cause some lost sales. For those of us that have to cloak our affiliate links, or use tracking, there is no choice. Fortunately, I do not see any other email programs being so "tight" if you'll pardon my French.
Posted by: Ziah at July 13, 2010 2:09 PMHi everyone.
Thunderbird's scam filter engine is quite good, i think so. I have found that Thunderbird will filter the below case as "may be scam"
- HTML email
- There is at least a link with the link text begin with "http://..."
- The link about has its URL different from the link text.
For example:
http://click.link.com
If the link text doesn't begin with http, or the link is an image, is will pass the scam test.
Posted by: Mai at October 19, 2010 3:31 AMI use T/Bird, and attempted to do as suggested, but found no privacy tab, after Tools>Options>???
Posted by: Larry Jones at October 20, 2010 12:25 AMI think it's more important for people to learn to recognize such scams than having to rely upon any program (s) to protect you.
Posted by: Terry Hollett at October 20, 2010 8:54 AMThe answer to Larry's question: In Thunderbird 3.1.5 (ie the current one - you have upgraded, haven't you?), the button you want after 'Options' is 'Security', not 'Privacy'. HTH
Posted by: Glyn Duggan at October 26, 2010 12:28 PM