Some email clients like Thunderbird will sometimes show a scam warning message on emails which appear to be normal and not suspicious. The Thunderbird warning is two-part: first an inline message “This message may be a scam, and second a modal dialog which appears when you click on any link in the email. Combined this could be worrisome for users who aren’t sure what the warning means.
I’ve been seeing this more frequently lately with email newsletters. The most common cause is link tracking added by the newsletter delivery vendor (MailChimp, Tinyletter, etc.). The scam warning will come up whenever the displayed text link does not match the embedded hyperlink. It’s mean to detect phishing attacks where the displayed text may say “paypal.com”, but the link actually goes to “evilsite.com”.
For example, this link will cause the warning:
<p>Visit our home page: <a href="http://mailchimp.com/track/xyz...">http://example.com</a></p>Instead the problem can be avoided by using text instead of a URL for the link:
<p>Visit our <a href="http://mailchimp.com/track/xyz...">home page</a></p>Here’s an example of Thunderbird complaining about a few links in Scott Hanselman’s Newsletter of Wonderful Things. (By the way I don’t mean to pick on this excellent newsletter, just using it as an example.)
To learn more, I recommend these two resources which explain the Thunderbird behavior and how to prevent it for most cases:
- From Mozilla, an explanation of Thunderbird’s Scam Detection
- From MailChimp, how to avoid possible fraud alerts