Safe Email Links

TL;DR

Make sure links in your emails are clear, safe and easy to understand. Use descriptive text instead of raw URLs, shorten long links with a trusted service, and always check for typosquatting or malicious redirects.

1. Why Link Safety Matters

Links in emails can be used by attackers to trick people into visiting harmful websites (phishing) or downloading malware. Good link practices protect you and your recipients.

2. Use Descriptive Link Text

1. Avoid raw URLs: Don’t just paste a long, complicated web address directly into the email.
2. Use meaningful text: Instead of https://example.com/long/path/to/resource, use Click here to download the report or Visit our website for more information.
3. Be specific: The link text should accurately describe where the link leads.

3. Shorten Long Links

Long links can look suspicious and are harder to read. Use a reputable URL shortening service.

1. Choose a trusted service: Bitly, TinyURL (be careful with this one as it allows changeable short URLs), or Rebrandly are popular options.
2. Check the destination: Before using a shortened link, expand it to make sure it goes where you expect. Many services offer preview features.
3. Example: Instead of https://verylongandcomplicatedurl.example.com/path/to/resource?param1=value1&param2=value2, use http://bit.ly/shortened-link (after verifying the destination!).

4. Check for Typosquatting

Attackers often create fake websites with URLs that are very similar to legitimate ones (typosquatting). A small typo can lead users to a malicious site.

1. Carefully review the URL: Before clicking, look closely at the domain name. Is it spelled correctly?
2. Look for subtle differences: Attackers might use characters that look similar (e.g., replacing ‘o’ with ‘0’, or ‘l’ with ‘1’).
3. Example: Be wary of https://examp1e.com instead of https://example.com.

5. Verify Redirects

Sometimes, a link might redirect you to an unexpected website.

1. Use a URL expander: Services like CheckShortURL can show you the full chain of redirects before you visit the final destination.
2. Be cautious with unknown links: If a link takes you through multiple redirects, it’s best to avoid it unless you are certain it is safe.

6. Email Client Security Features

Most modern email clients have some built-in security features.

1. Phishing detection: Many clients will warn you about potentially dangerous links. Pay attention to these warnings!
2. Link previews: Some clients show a preview of the destination website before you click.