Anti-Phishing Filters and the Legitimate Sender

Recently I have had several discussions about Anti-phishing measures being deployed by ISPs and the type of things that Legitimate Marketers need to be aware of.  It appears that several ISPs are deploying a anti-spam and anti-phishing service that evaluate the URLs embedded in your HTML code against those links in the readable text.  
While this is not really anything new, some of these behaviours have been modified recently at a number of ISPs and are causing changes in the way bounces are being generated.
** Note: For all examples round brackets have replaced > or

Normal HTML links look like this : 
(a href=””) (/a) 
The view of a managed deployment tools ends with your links looking like this: 
(a href=”″) 
ISPs see links like this all the time, except they are usually from some spammer sending you a notice about your Bank account or your PayPal being compromised and asking you to login to verify the status of your account.  These services are comparing the two URLs being used and finding that example 2 above looks a lot like the phishing message I just described…  Consisting of two different URLs, potentially redirecting at two different websites that do not match. 
What do I ensure I’m not getting caught in this manor? 
When building links in your message use words, or other visual queues, as your Human readable text and not a URL.  This will hyperlink the word, button, image etc… instead of another miss-matched domain from your html.  
(a href=”″) 
(a href=”″)My Best Link Idea(/a)
As an added benefit, I personally believe, it will improve the aesthetics of your email messaging. 

Author: Matt V - @emailkarma

Matthew Vernhout is a digital messaging industry veteran and Certified International Privacy Professional (Canada) (CIPP/C) with nearly two decades of experience in email marketing. Matthew is 250ok’s Director of Privacy, and he is currently the Vice Chair of the eec, after serving for several years as the Chair of their Advocacy Subcommittee. Matthew was recognized as the 2019 eec thought-leader of the year.

Share This Post On


  1. I’ve often received legitimate HTML email where the visible portion is one URL, but the actual link is an ESP’s redirector to that URL (presumably for tracking purposes?)

    So, I think perhaps the ESPs bear some blame here too.

    Post a Reply
  2. JD – Yes and No… an all to common answer :S

    Yes because: What used to work has once again been ruined by those that are using email for criminal gains.

    No because: Times change and your email programs have to change with them.

    This is just one example of such needed change.

    Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.