Oct 20, 2006

Ask MailChimp: My emails are setting off phishing alarms

Q: "We just sent an email campaign, and a few of our recipients called me up concerned that we’re ‘selling our list’ to people. What gives?"

A: If you code your hyperlinks in your email a certain way, you could inadvertently trip phishing/scam alarms in some email programs…

What’s Phishing?

You’ve probably received a phishing attempt before. It’s when someone sends you an email that claims to be from your local bank, or PayPal, or eBay or something like that. They ask you to log in to your account. But when you click the link to login, they actually take you to an imposter’s website. All they’re trying to do is trick you into entering your password. Read more at Wikipedia.

I’m a legitimate marketer. What’s this got to do with me?

So let’s say I send an email with a link to the MailChimp website, and I choose to track clicks to that link.

9 times out of 10, I’d do it like this:

Want more monkeys? Visit the MailChimp website.

I wouldn’t experience any problems if I coded my link like that.

But if I coded it like this, I’d set off phishing alarms:

Want more monkeys? Visit http://blog.mailchimp.com

That’s because in order to track clicks in your email campaigns, MailChimp (or any email service for that matter), has to change all your hyperlinks (behind the scenes, in your HTML code) to point to a redirect script on our server. 

When a hyperlink is coded so that the text description is a full URL, but the actual URL is something different, it looks kinda suspicious. Like phishing.

So what can I do?

  1. Don’t use URLs in the description portion of your hyperlinks. Use descriptive phrases instead, like "Visit our website at…" or "Take the survey here" (Note: avoid using spammy phrases, like "Click here now!")
  2. You can simply turn off click tracking, if you don’t really need to know how many clicks you got (you can leave open tracking on, though). Just un-check the "track clicks" boxes in MailChimp.
  3. Use special tracking tags in MailChimp to selectively track only when certain links are clicked (leaving out the ones with your URLs in the description)