Feb 28, 2006

New Security Feature in Thunderbird Triggered by Click Tracking

Just noticed a new feature after downloading Mozilla Thunderbird 1.5 (a nice, free email application from the makers of the Firefox browser).


Some of the regular email newsletters I receive were getting these mysterious "might be an email scam" alerts. Since these were perfectly legitimate emails, I thought this was weird…   

Here’s a screenshot of what I was seeing:


If I click the "Not a Scam" button, the alert goes away.

Turns out that in Thunderbird 1.5, there’s this new feature that looks for when the actual URL of a link in the email (in the "behind the scenes" HTML code) is different from the text description of the link (what the user sees).

Scammers do this all the time. They’ll place a link in an email, such as "Verify Your eBay Password" but if you click it, you get taken to some evil website, where they steal your password, or download spyware onto your computer.

This is called "phishing" (more info on phishing here). And here’s a link to an article on CNET that discusses the new Thunderbird feature.

When click tracking looks like phishing

But legitimate email marketers often track clicks for all the links in their messages. And in order to track clicks, the URL of a hyperlink has to be altered by the email service provider, to point to a "redirect script" (see, "How click tracking works" in our knowledge base). When someone clicks a link in an email, they’re taken to a server that counts the click, then is instantly "redirected" to the final destination.

That means if you send an innocent email newsletter to your subscribers with a complete URL spelled out in the email (for example, "Please visit us at http://www.mysite.com" ) and then you enable click tracking for the email, that link would set off the scam alert in Thunderbird.

Is this anything to lose sleep over?

Not at all. As long as your emails are nice and professional looking, recipients won’t get suspicious of your emails when this alert pops up. When I got these alerts for BusinessWeek’s email newsletter, my first impression was, "That’s weird, Thunderbird goofed." I never thought for an instant that, "ohmygod, BusinessWeek is scamming me!" A good reputation always wins over spam filters, scam alerts, and junk buttons.

However, if your email templates look like something you picked up at the dollar store, or something you let your 9-year-old son design, or something you hacked together yourself in Microsoft Word, then having "scam alerts" is probably going to work against you for sure. But instead of trying to get around this alert, put your time into getting a professional email template built (and if you need some help getting started, here are some free HTML email templates for you).

Finally, a quick look-see through Thunderbird’s support forum reveals some comments from their developers admitting that the feature could use a little work, so I’d expect this to be refined in some upcoming releases. I think it’s a great new feature, but they could at least make it "learn" who to trust, just like their spam filter.