Does your newsletter have a virus?

What do you make out of this ? I get it every time you send me a newsletter.

“The MessageLabs Email Security System discovered a possible virus or unauthorised code (such as a Trojan) in an email sent to you. The email has now been quarantined and was not delivered.”

What we have here is what's called a "false positive" - your security software claiming that something it potentially malicious when it isn't.

We'll look at how this can happen, and possible steps you can take to avoid the issue.

The most common reason that these false positives get reported is when a link's visible text doesn't match the destination. The classic case that they're looking for is something like this:
"The most common reason that these false positives get reported is when a link's visible text doesn't match the destination."

Click on that link and you will not go to paypal, but somewhere else entirely. In this example it's benign, but in real life it's often not, and often a fundamental technique used in phishing attempts.

Here's the problem ... there are legitimate reasons to do something like that. For example, when I include a link in my newsletter, the actual destination may be routed through my newsletter mailing service so as to track which links seems to be of the most interest to the most people. They do that by making the destination of the different than what you see.

Here's another example using my own technology:

If you click on that you will indeed go do Microsoft's web site, but if you look at the actual destination of the link on the page, it's not Microsoft at all, it's When you click on that link it first goes to, and looks up the URL associated with the token "ms". It then counts the fact that the link was clicked, and redirects you to the real destination.

It's a very common and legitimate technique used in newsletters, in ads, and here at Ask Leo!.

However, some anti-malware tools don't like it.

Your options:

  • If your security software or spam filter allows it, "white list" the email address from which the email is coming from. In my case that's "" and "".

  • If you don't have the option to whitelist specific email addresses, often adding those addresses to your address book or contact list will have a similar effect.

  • Look for options that may allow you to control the types of things that the software scans for and turn them off.

  • If you don't have control over the software that's scanning your email, complain to the appropriate people that it's preventing you from receiving legitimate emails that you requested.

  • Finally, if need be, use a different email provider. Gmail appears to be handing the newsletter without problem, for example.

But the bottom line is that, no, the Ask Leo! newsletter does not have a virus, or any malicious content. Any tools that say so are just ... well ... wrong.

Posted: October 22, 2009 in: Administration
« Previous post:
Next post: »

New Here?

Let me suggest my collection of best and most important articles to get you started.

Of course I strongly recommend you search the site -- there's a ton of information just waiting for you.

Finally, if you just can't find what you're looking for, ask me!

Confident Computing

Confident Computing is the weekly newsletter from Ask Leo!. Each week I give you tools, tips, tricks, answers, and solutions to help you navigate today’s complex world of technology and do so in a way that protects your privacy, your time, and your money, and even help you better connect with the people around you.

The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition

Subscribe for FREE today and claim your copy of The Ask Leo! Guide to Staying Safe on the Internet – FREE Edition. Culled from the articles published on Ask Leo! this FREE downloadable PDF will help you identify the most important steps you can take to keep your computer, and yourself, safe as you navigate today’s digital landscape.

My Privacy Pledge

Leo Who?

I'm Leo Notenboom and I've been playing with computers since I took a required programming class in 1976. I spent over 18 years as a software engineer at Microsoft, and after "retiring" in 2001 I started Ask Leo! in 2003 as a place to help you find answers and become more confident using this amazing technology at our fingertips. More about Leo.

1 thought on “Does your newsletter have a virus?”

  1. Leo, thanks for the info in this article. I’m sure many of your readers will find it useful and also understand why some security software could suggest the above stated about Ask Leo! newsletters in particular and newsletters from any other services.
    From given by you explanation and examples I (eventually) understood how ‘link’s visible text doesn’t match the destination’ and how it all works in this case. Your explanation was so very clear and simple to understand (us usual!).
    Thank you!

Comments are closed.