Ever get this message when you click on a link in an email?

Email Scam Alert Thunderbird thinks this site is suspicious! It may be trying to impersonate the web page you want to visit. Are you sure you want to visit www.democracyinaction.org?

These warnings arise because of the links in a message, and frequently because of the tracking of the clicks for that message. Thunderbird (or Outlook, or whatever) is responding to how that link looks to it, and suspects something bad is going on. It's not, but there are a few things to be aware of when using Salsa, or any email system that tracks click rates for emails.

Explanation

As an example, let's take the simple link:

http://cnn.com/

When composing an email message, you might write something like:

Check out the great new article at http://cnn.com/

which to the computer looks like

Check out the great new article at <a href="http://cnn.com">http://cnn.com</a>

You don't need to know what that means, except that the link [<a href="http://cnn.com">] and the text [http://cnn.com] match up. When sending an email to your friends or family, this works fine, and email programs (like Thunderbird) don't think that anything is going wrong. You can't track how many times people have clicked that link, but in normal email that's not really all that useful. When sending out email blasts, however, it is important to track that click data. To do this, though, requires some changing of the link from the original. For example, the link might change to:

Check out the great new article at <a href="http://www.democracyinaction.org/dia/track.jsp?v=2&c=9SXpGov1fYW">http://cnn.com</a>

Looks kind of ugly, but the key thing to notice is that when you click on the link, you're actually going to "democracyinaction.org", which then redirects you to CNN. That's what enables DemocracyInAction to track your click on that link. However, email clients like Thunderbird don't differentiate a tracking link from a spoofed url, and perceive this as a potential scam -- since you're going to a different site than the message says you are.

Options and workarounds

There are three main ways to get around this type of message when composing an HTML e-mail blast:

#1 -- Don't type out the link people are going to

This is going to be the best option for most groups in most circumstances. While typing out the link is generally considered good practice, in this tracking situation it'll confuse some users. So rather than using the above link, you could use:

Check out the great new article at here at CNN. <http://cnn.com/>

or in computerese:

Check out the great new article <a href="http://cnn.com">here at CNN</a>

There's no link written out, so the email client doesn't think you're spoofing anyone. Remember if you do it this way to tweak the text-only versions of your messages (and you should always send a text companion when sending an HTML version) by adding in the full url at the appropriate place, since people reading the plain text won't see a hyperlink. For instance, if the HTML version says:

Click here!

... the text version might need to say:

Click here:
http://www.cnn.com

#2 -- Make sure the domains match up

So, you might ask, I don't get this type of thing for Amazon, or other companies like that, but I know they're tracking links, and typing the links out. How do they do that? Large companies and organizations have the target web page and the tracking software on the same server. This makes much more sense to email clients. By using the same domain (the name of the server), it is much less likely to be marked as a scam. For example,

Check out the great new article at <a href="http://www.democracyinaction.org/dia/track.jsp?v=2&c=9SXpGov1fYW">http://www.democracyinaction.org/MyOrg/blog/</a>

would generally be okay. Notice how both links start with "democracyinaction.org" Unfortunately, this probably won't be useful for most smaller organizations. DemocracyInAction is a hosted software solution, so in most cases by definition, our users are hosting other content elsewhere. (And nonprofits are more likely than Amazon to want to link to third-party content anyway.) It doesn't even work if you've branded the url of your action pages. Many groups create what's called a CNAME address -- an address that looks like your domain, but points to a different place. For example, http://action.xyz.org, which points to the tracking and emailing system on democracyinaction.org, while the actual content is on http://www.xyz.org. Note the same "xyz.org". While this is a little less suspicious, it is still suspicious enough. The content still has to be on the same domain as the tracking system. You cannot have the link go to "http://www.xyz.org" while the tracking is on "http://action.xyz.org" -- that will cause the errors in many mail clients, including Thunderbird. For solution no. 2 to work, the content and the link tracking must be on the same domain and subdomain

#3 -- Turn off tracking

There's also always the option of turning off link tracking if you don't want to use that data anytime later. You can't get it back later -- it's either got to be on or off, so this is generally not recommended. If you turn off tracking, the messages are exactly like you compose them, and so don't encounter the above issues.