Suped

Why does the Outlook app display the URL behind href links in the email content?

10 Marketer opinions2 Expert opinions5 Technical articles1 Resource

Summary

The Outlook app displays full URLs behind href links due to a multifaceted approach involving potential HTML/ESP coding bugs, security measures, and email client settings. Several experts and marketers suggest it's primarily a security feature implemented to combat phishing by enhancing transparency. By displaying the full URL, users can verify the link's destination before clicking, promoting safer browsing habits. Outlook's 'Safe Links' feature, URL scanning services, and security software configurations also contribute to this behavior. Documentation emphasizes that recognizing and validating full URLs is crucial for security awareness. Additionally, regional beliefs and Outlook's reading pane settings might influence the display.

Key findings

  • HTML/ESP Bugs: Incorrect HTML coding or ESP's link tracking can cause URLs to be displayed.
  • Security Measure: Displaying full URLs is a deliberate security feature to combat phishing.
  • Safe Links: Outlook's 'Safe Links' rewrites URLs and shows the scanning service's address.
  • Reading Pane: Outlook's reading pane settings can display full URLs on hover.
  • Transparency: Showing full URLs increases transparency, helping users verify link destination.

Key considerations

  • Code Quality: Ensure clean HTML coding to minimize display issues.
  • ESP Impact: Understand how ESP's link tracking affects URL display.
  • Security Awareness: Educate users about URL display and phishing prevention.
  • Client Settings: Consider the impact of email client and security software settings.
  • Regional Preferences: Acknowledge that design choices can be influenced by regional beliefs.

What email marketers say
10Marketer opinions

The Outlook app displays the URL behind href links in email content due to a combination of factors, including potential HTML coding bugs, ESP link tracking, and deliberate security measures. Several sources suggest it's often a security feature to combat phishing by making the full URL visible, allowing users to verify the link's destination before clicking. Additionally, stricter security implementations in email clients and the 'Safe Links' feature in Outlook contribute to this behavior. Some sources indicate that it can be related to the reading pane settings or specific security software configurations.

Key opinions

  • HTML/ESP Bug: The URL display may be due to an HTML coding bug or an issue with the ESP's link tracking implementation.
  • Security Feature: Displaying full URLs is often a security measure to prevent phishing and enhance transparency.
  • Outlook Safe Links: Outlook's 'Safe Links' feature rewrites URLs for scanning, which may cause the display of a different URL.
  • Reading Pane Settings: Outlook's reading pane settings may be configured to show the full URL on hover for security reasons.

Key considerations

  • Coding Practices: Ensure clean and correct HTML coding to minimize potential display issues in email clients.
  • ESP Tracking: Understand how your ESP's link tracking affects URL display in various email clients.
  • User Awareness: Educate users about the reasons for URL display and how to identify potential phishing attempts.
  • Security Settings: Consider the impact of security software and email client settings on link display and user experience.
Marketer view

Email marketer from Reddit suggests that it could be due to Outlook's reading pane settings, where hovering over a link displays the full URL for security reasons, regardless of the HTML coding.

May 2021 - Reddit
Marketer view

Email marketer from BleepingComputer Forums states it's likely a security feature that displays the full URL as a warning sign for links that might redirect to malicious sites.

August 2024 - BleepingComputer Forums
Marketer view

Email marketer from EmailGeeksForum mentions that some email clients are implementing stricter security measures, which include displaying the full URL to prevent phishing attempts by masking the true destination of the link.

November 2024 - EmailGeeksForum
Marketer view

Marketer from Email Geeks suggests it could be an HTML coding bug causing the URL to display in the Outlook app.

November 2023 - Email Geeks
Marketer view

Marketer from Email Geeks suggests it could be a bug of ESP adding its link tracking into the email code causing the URL to display in the Outlook app.

December 2023 - Email Geeks
Marketer view

Email marketer from TechTarget says the changes are part of an industry-wide shift towards more transparent security practices in email clients, giving users more information before clicking.

December 2022 - TechTarget
Marketer view

Email marketer from PhishingAwareness.com states that some email clients now show the full URL to educate users about where they are being directed, thereby enhancing security and trust.

January 2025 - PhishingAwareness.com
Marketer view

Email marketer from CybersecurityBlog explains the feature to display URLs helps users make informed decisions by showing the complete path and destination of the link.

October 2024 - CybersecurityBlog
Marketer view

Email marketer from StackExchange notes that this behavior is often seen when security software or email clients are configured to reveal the underlying URL to help users identify potential phishing attempts.

November 2021 - StackExchange
Marketer view

Email marketer from MarketingLand suggests that ESP link tracking could be the culprit, as Outlook might be displaying the raw, tracked URL before it redirects to the intended destination.

June 2024 - MarketingLand

What the experts say
2Expert opinions

Experts suggest that the Outlook app displaying URLs behind href links is likely a deliberate security measure by Outlook. This is to enhance transparency and help users identify potential phishing attempts by clearly showing the full URL before a click. There's also the consideration that different regional beliefs, such as German alignment preferences, might influence such design choices.

Key opinions

  • Deliberate Security Measure: The URL display is likely a deliberate security feature implemented by Outlook to combat phishing.
  • Increased Transparency: Showing the full URL enhances transparency, allowing users to verify the link's destination.
  • Regional Considerations: Design choices might be influenced by regional beliefs or preferences.

Key considerations

  • User Education: Educate users about the security reasons behind the URL display and how to verify link authenticity.
  • Design Philosophy: Understand that design choices may be influenced by security needs and regional preferences.
  • Security Awareness: Promote security awareness training to help users make informed decisions about clicking links.
Expert view

Expert from Email Geeks asks why it is being assumed it's a bug and suggests it could be a deliberate choice by Outlook, especially considering German alignment beliefs.

April 2024 - Email Geeks
Expert view

Expert from Word to the Wise, Dennis Dayman, suggests it's a security measure implemented by Outlook to increase transparency and help users identify potential phishing attempts by showing the full URL before they click.

September 2023 - Word to the Wise

What the documentation says
5Technical articles

Documentation from various sources indicates that Outlook's display of URLs behind href links is primarily due to security measures. The 'Safe Links' feature, as explained by Microsoft, rewrites URLs to scan them for malicious content, often displaying the scanning service's address. This, along with URL scanning practices mentioned by URLScan, aims to analyze links for threats. Google Transparency Report and OWASP further emphasize that showing full URLs is a common tactic to combat phishing by making suspicious links easier to identify and by validating those links before clicking.

Key findings

  • Safe Links Feature: Outlook's 'Safe Links' feature rewrites URLs to scan for malicious content.
  • URL Scanning: URL scanning services analyze URLs for potential threats and may display the scanned URL.
  • Combating Phishing: Displaying full URLs is a tactic to combat phishing by helping users identify suspicious links.
  • Security Awareness: Recognizing and validating full URLs is essential for security awareness training.

Key considerations

  • Security Implications: Understand the security implications of URL rewriting and scanning on user experience.
  • Transparency: Strive for transparency in security measures to maintain user trust.
  • User Education: Educate users on how to identify and validate URLs to protect against phishing attacks.
  • Balance Security and Usability: Balance security measures with usability to prevent user frustration.
Technical article

Documentation from OWASP mentions that URL obfuscation is a common phishing technique and recommends security awareness training that includes recognizing and validating full URLs before clicking on links.

August 2024 - OWASP
Technical article

Documentation from Google Transparency Report indicates that displaying full URLs is a common tactic used to combat phishing and malware distribution by making it easier for users to identify suspicious links.

December 2022 - Google Transparency Report
Technical article

Documentation from Microsoft Docs explains the 'Safe Links' feature rewrites URLs for scanning, and the original URL is displayed on hover or in certain views as part of its security mechanism.

December 2022 - Microsoft Docs
Technical article

Documentation from Microsoft Support states the behavior is related to 'Safe Links' feature, where Outlook rewrites URLs to scan them for malicious content. The displayed URL is the Microsoft scanning service's address.

May 2022 - Microsoft Support
Technical article

Documentation from URLScan explains that URL scanning services, like those used by Outlook, analyze URLs for malicious content and may display the scanned URL instead of the original in some cases.

September 2023 - URLScan.io

Related resources
1Resource

Obtain Outlook Email Link in Desktop App - Questions ...
Obtain Outlook Email Link in Desktop App - Questions ...

Is there anyway of obtaining an email message url that can be pasted into Things 3? I have Hookmark (previously Hook), but it doesn't work with Outlook.

Keyboard Maestro Discourse

Related questions