Sendinblue transforms url, causing MailScanner to find possible fraud.

[henzeb]

We use Sendinblue to deliver our mostly transactional e-mails. The domain www.domain.com/link then usually becomes r.domain.com/<long hash>. clicking on it results in redirecting the user to the original url.

Since there are tips and tricks out there stating that we need clean, separate subdomains for sending e-mails (senders hygiene), we have something like r.email.domain.com... the url just contains www.domain.com, as does the text of the tag.It's a clickable url in the footer.

It could as wel be similar to #401 or #426, but I am not sure about that.

[msapiro]

This is neither #401 or #426. It is MailScanner doing exactly what it is supposed to do. Namely it is 'disarming' or flagging as possible phishing a link whose text looks like a URL, but with an href that goes to a different site.

If you don't want this, don't use a mail service that converts your link into a tracking link to a different site. MailScanner only knows that the apparent site in the text is not the target site, and that's what it flags.

You may think the target is innocuous because it redirects to the original site, but MailScanner can't know that that is the case, and in any case, some people don't like to be tracked and want to know about it.