Summary
The Outlook app displays full URLs behind href links due to a multifaceted approach involving potential HTML/ESP coding bugs, security measures, and email client settings. Several experts and marketers suggest it's primarily a security feature implemented to combat phishing by enhancing transparency. By displaying the full URL, users can verify the link's destination before clicking, promoting safer browsing habits. Outlook's 'Safe Links' feature, URL scanning services, and security software configurations also contribute to this behavior. Documentation emphasizes that recognizing and validating full URLs is crucial for security awareness. Additionally, regional beliefs and Outlook's reading pane settings might influence the display.
Key findings
- HTML/ESP Bugs: Incorrect HTML coding or ESP's link tracking can cause URLs to be displayed.
- Security Measure: Displaying full URLs is a deliberate security feature to combat phishing.
- Safe Links: Outlook's 'Safe Links' rewrites URLs and shows the scanning service's address.
- Reading Pane: Outlook's reading pane settings can display full URLs on hover.
- Transparency: Showing full URLs increases transparency, helping users verify link destination.
Key considerations
- Code Quality: Ensure clean HTML coding to minimize display issues.
- ESP Impact: Understand how ESP's link tracking affects URL display.
- Security Awareness: Educate users about URL display and phishing prevention.
- Client Settings: Consider the impact of email client and security software settings.
- Regional Preferences: Acknowledge that design choices can be influenced by regional beliefs.
What email marketers say
10 marketer opinions
The Outlook app displays the URL behind href links in email content due to a combination of factors, including potential HTML coding bugs, ESP link tracking, and deliberate security measures. Several sources suggest it's often a security feature to combat phishing by making the full URL visible, allowing users to verify the link's destination before clicking. Additionally, stricter security implementations in email clients and the 'Safe Links' feature in Outlook contribute to this behavior. Some sources indicate that it can be related to the reading pane settings or specific security software configurations.
Key opinions
- HTML/ESP Bug: The URL display may be due to an HTML coding bug or an issue with the ESP's link tracking implementation.
- Security Feature: Displaying full URLs is often a security measure to prevent phishing and enhance transparency.
- Outlook Safe Links: Outlook's 'Safe Links' feature rewrites URLs for scanning, which may cause the display of a different URL.
- Reading Pane Settings: Outlook's reading pane settings may be configured to show the full URL on hover for security reasons.
Key considerations
- Coding Practices: Ensure clean and correct HTML coding to minimize potential display issues in email clients.
- ESP Tracking: Understand how your ESP's link tracking affects URL display in various email clients.
- User Awareness: Educate users about the reasons for URL display and how to identify potential phishing attempts.
- Security Settings: Consider the impact of security software and email client settings on link display and user experience.
Marketer view
Email marketer from Reddit suggests that it could be due to Outlook's reading pane settings, where hovering over a link displays the full URL for security reasons, regardless of the HTML coding.
31 Jan 2025 - Reddit
Marketer view
Email marketer from BleepingComputer Forums states it's likely a security feature that displays the full URL as a warning sign for links that might redirect to malicious sites.
24 Jul 2024 - BleepingComputer Forums
What the experts say
2 expert opinions
Experts suggest that the Outlook app displaying URLs behind href links is likely a deliberate security measure by Outlook. This is to enhance transparency and help users identify potential phishing attempts by clearly showing the full URL before a click. There's also the consideration that different regional beliefs, such as German alignment preferences, might influence such design choices.
Key opinions
- Deliberate Security Measure: The URL display is likely a deliberate security feature implemented by Outlook to combat phishing.
- Increased Transparency: Showing the full URL enhances transparency, allowing users to verify the link's destination.
- Regional Considerations: Design choices might be influenced by regional beliefs or preferences.
Key considerations
- User Education: Educate users about the security reasons behind the URL display and how to verify link authenticity.
- Design Philosophy: Understand that design choices may be influenced by security needs and regional preferences.
- Security Awareness: Promote security awareness training to help users make informed decisions about clicking links.
Expert view
Expert from Email Geeks asks why it is being assumed it's a bug and suggests it could be a deliberate choice by Outlook, especially considering German alignment beliefs.
12 Jan 2023 - Email Geeks
Expert view
Expert from Word to the Wise, Dennis Dayman, suggests it's a security measure implemented by Outlook to increase transparency and help users identify potential phishing attempts by showing the full URL before they click.
13 Feb 2025 - Word to the Wise
What the documentation says
5 technical articles
Documentation from various sources indicates that Outlook's display of URLs behind href links is primarily due to security measures. The 'Safe Links' feature, as explained by Microsoft, rewrites URLs to scan them for malicious content, often displaying the scanning service's address. This, along with URL scanning practices mentioned by URLScan, aims to analyze links for threats. Google Transparency Report and OWASP further emphasize that showing full URLs is a common tactic to combat phishing by making suspicious links easier to identify and by validating those links before clicking.
Key findings
- Safe Links Feature: Outlook's 'Safe Links' feature rewrites URLs to scan for malicious content.
- URL Scanning: URL scanning services analyze URLs for potential threats and may display the scanned URL.
- Combating Phishing: Displaying full URLs is a tactic to combat phishing by helping users identify suspicious links.
- Security Awareness: Recognizing and validating full URLs is essential for security awareness training.
Key considerations
- Security Implications: Understand the security implications of URL rewriting and scanning on user experience.
- Transparency: Strive for transparency in security measures to maintain user trust.
- User Education: Educate users on how to identify and validate URLs to protect against phishing attacks.
- Balance Security and Usability: Balance security measures with usability to prevent user frustration.
Technical article
Documentation from OWASP mentions that URL obfuscation is a common phishing technique and recommends security awareness training that includes recognizing and validating full URLs before clicking on links.
2 Jan 2023 - OWASP
Technical article
Documentation from Google Transparency Report indicates that displaying full URLs is a common tactic used to combat phishing and malware distribution by making it easier for users to identify suspicious links.
7 Dec 2023 - Google Transparency Report
Are HTTP links penalized by spam filters in email marketing?
Can images in emails cause them to go to spam?
Does using HTTP links instead of HTTPS links affect email deliverability?
How can I effectively avoid spam filters when sending emails?
How do hyperlinks in the body of an email affect deliverability?
