Why is it not recommended to put links in full text (www.yoursite.com) ?


What's the problem?

You have put a spelled link (like "http://www.oxemis.com") in your message and the anti-spam analysis tells you about a potential phishing problem that may impact the deliverability of your messages.

 

What is phishing?

For some years now, scammers have been sending e-mails posing as banks or other organizations that they are not. To do this, they use the fact that, thanks to HTML, we can display the address of a site on one link and make us go to another when we click on it.

A concrete example: the link below displays "www.oxemis.com" but it actually points to "www.google.fr" (click on it to check - the link will open in another page): 

http://www.oxemis.com

Also, it is easy for a hacker to exploit this feature. In the email they send, they put a link in this form: www.yourbank.com which actually points to a fake site... This is a perfect copy of the original site, so if you do not pay attention to the address displayed in the browser, you may identify yourself with your codes. Codes that will be immediately retrieved and exploited by the hacker who set up this site.

 

What does this have to do with link tracking?

Tracking systems (all) also use this principle to record clicks in your messages.
When you apply tracking, your URLs (the address to which the link points) are modified like this:

http//www.yoursite.com becomeshttp://trackingserver.com/click.php?recipient=id&url=http://www.yoursite.com

(we have voluntarily simplified the destination address)

 

This does not change the text displayed or the appearance of your message, we only change the address behind the link. This allows us to record the fact that the recipient identified by "id" has clicked on your link. Once the click is recorded, the recipient is redirected to your site. This operation is completely transparent for the user (it happens in a few milliseconds) but, for antispams, you try to make it look like the tracking server is "yoursite.com".

Some systems detect that there is a risk of phishing.

 

How to correct the problem?

Two solutions are possible. The first is never to write the address of your site in full letters.

For example, replace : www.yoursite.com (or http://www.yoursite.com) by : "Visit our website" which points to  "http://www.yoursite.com".

 

For example :

http://www.oxemis.com : bad frown (the text contains the website url)

Visit our website : good smile ! (the url is not displayed)

 

To do this in OxiMailing it's simple: in the editor, enter the text "Visit our website" (for example) and then select it. Then right-click and "Add a link...". In the window that appears, enter the website's Internet address in the "URL" field (http://www.yoursite.com in the example).

 

Second solution: you can use the "personalization of tracking links" technique to avoid this problem. For more information: see this article.

 

Tags: phishing, SPECIF_PHISHING, tracking

Chuck Norris has counted to infinity. Twice.