Does your newsletter have a virus?

What do you make out of this ? I get it every time you send me a newsletter.

“The MessageLabs Email Security System discovered a possible virus or unauthorised code (such as a Trojan) in an email sent to you. The email has now been quarantined and was not delivered.”

What we have here is what's called a "false positive" - your security software claiming that something it potentially malicious when it isn't.

We'll look at how this can happen, and possible steps you can take to avoid the issue.


The most common reason that these false positives get reported is when a link's visible text doesn't match the destination. The classic case that they're looking for is something like this:

http://paypal.com
"The most common reason that these false positives get reported is when a link's visible text doesn't match the destination."

Click on that link and you will not go to paypal, but somewhere else entirely. In this example it's benign, but in real life it's often not, and often a fundamental technique used in phishing attempts.

Here's the problem ... there are legitimate reasons to do something like that. For example, when I include a link in my newsletter, the actual destination may be routed through my newsletter mailing service so as to track which links seems to be of the most interest to the most people. They do that by making the destination of the different than what you see.

Here's another example using my own technology:

microsoft.com

If you click on that you will indeed go do Microsoft's web site, but if you look at the actual destination of the link on the page, it's not Microsoft at all, it's http://go.ask-leo.com/ms. When you click on that link it first goes to go.ask-leo.com, and looks up the URL associated with the token "ms". It then counts the fact that the link was clicked, and redirects you to the real destination.

It's a very common and legitimate technique used in newsletters, in ads, and here at Ask Leo!.

However, some anti-malware tools don't like it.

Your options:

  • If your security software or spam filter allows it, "white list" the email address from which the email is coming from. In my case that's "leo@ask-leo.com" and "leosanswers@aweber.com".

  • If you don't have the option to whitelist specific email addresses, often adding those addresses to your address book or contact list will have a similar effect.

  • Look for options that may allow you to control the types of things that the software scans for and turn them off.

  • If you don't have control over the software that's scanning your email, complain to the appropriate people that it's preventing you from receiving legitimate emails that you requested.

  • Finally, if need be, use a different email provider. Gmail appears to be handing the newsletter without problem, for example.

But the bottom line is that, no, the Ask Leo! newsletter does not have a virus, or any malicious content. Any tools that say so are just ... well ... wrong.

1 thought on “Does your newsletter have a virus?”

  1. Leo, thanks for the info in this article. I’m sure many of your readers will find it useful and also understand why some security software could suggest the above stated about Ask Leo! newsletters in particular and newsletters from any other services.
    From given by you explanation and examples I (eventually) understood how ‘link’s visible text doesn’t match the destination’ and how it all works in this case. Your explanation was so very clear and simple to understand (us usual!).
    Thank you!

Comments are closed.