8

We send out a notification email whenever we have "phishing" emails reported to us. In these emails, we include a copy-paste of the text inside the original phishing email as a sample of what is reported to us. Our code strips all hyperlinks out of the email via PHP, but still includes (in plain text) the link. When users receive this email in their client (Thunderbird, Outlook, Horde/IMP, etc), the hyperlink is removed.

However, the iPhone likes to take web addresses in plain text and automatically turn them into hyperlinks. Is there any possible way to stop this action from happening via a HTML tag or by using PHP to replace certain parts of the hyperlink?

DD_
  • 7,230
  • 11
  • 38
  • 59
Michael Irigoyen
  • 22,513
  • 17
  • 89
  • 131
  • 2
    Be careful not to be get black listed if you send around similar content in bulk! Attaching the email as an image instead might do you your users a favor. – Eiko Jan 10 '11 at 14:53
  • Side note: I've tried replacing the forward slashes into ASCII equivalents, but the iPhone still turns the link into a hyperlink that works. – Michael Irigoyen Jan 10 '11 at 14:53
  • @Eiko This is not a problem for us. This email is only sent within our domain and never to external address. It is also "blockquoted" in a HTML templated email with more content then just the copy-paste. Good tip, nonetheless. +1 – Michael Irigoyen Jan 10 '11 at 14:55

3 Answers3

3

There doesn't seem to be a way to suppress this behaviour so how about turning them back into links but with no href?

http://example.com -> <a href="">http://example.com</a>

koregan
  • 10,054
  • 4
  • 23
  • 36
  • 1
    While a nice idea, this presents a greater problem. If the text is one URL and the `href` is another URL, clients like Thunderbird (which is our University recommended client) will flag the message as a possible scam: "Thunderbird thinks this message is a scam." We feel we lose credibility if this message is displayed. – Michael Irigoyen Jan 10 '11 at 15:28
  • 1
    Retracting my previous comment, Thunderbird **does not** mark messages as spam if the `href` is blank. If there is anything else that doesn't match the URL text, it will. In addition, I applied CSS inline style to remove any visual representation that the text is actually a hyperlink (removed underline, changed cursor to default, etc). This satisfies what we were trying to accomplish. Accepting this answer. – Michael Irigoyen Jan 11 '11 at 15:27
0

You could try inserting zero-width unicode whitespace at some part of the url.

eg. u'http://www.\u2060example.com' (in python --[sorry])

U+2060 is called 'Word Joiner'. It's a zero width, non-breaking white space character.

This shouldn't be a valid url, so hopefully the iPhone won't turn it into a link.

http://en.wikipedia.org/wiki/Space_(punctuation)#Table_of_spaces

Dunes
  • 37,291
  • 7
  • 81
  • 97
  • Additionally, I tried replacing the dot of the domain with the HTML entity, that does not help either. – graup May 21 '12 at 10:18
0

I had to put my email address that contains an underscore in quotations to stop it from being turned into a hyperlink which hides the underscore from view. Example 1: “address_3@myserver.net”

Lawrence Gresham
  • 1