Scam warning by Thunderbird – activation link is different

I already posted this on dpreview, but haven’t gotten any feedback, yet.

There is something fishy about the first email with the activation link. Behind that link lies a completely different link from what is shown in the email.

In the email the shown link begins with: “h_ttps://…”

The link behind that begins with: “h_ttps://…”

What’s up with that? Is your site already hi-jacked by scammers and they exchanged the links in the sign-up process? Or is it a technical necessity and it just looks unfortunate?

I was bold (or maybe stupid) enough to copy and paste the top link and it worked, the other looked just too fishy to me. Could you enlighten us about the discrepancy in the links?

(*) I inserted an underscore in the links because I couldn’t get the automatic links removed.

I believe the link is via Send In Blue, which is a service for marketing and automated email deliveries.

It looks like it is indeed:

Hiding the main url is a bit concerning, although it might be the way it is configured by default. I checked the URL with all the online checkers I could find, and none threw any warning of phishing or malware.

1 Like

Yes, I have that link as well. The link points to Sendinblue and probably is used to count the amount of successful activation emails (how many sent emails convert into the click activation link action). Sendinblue is a legitimate emailing service which can be integrated with Discourse (the forum software).

Most commercial emails with links you get work similarly. I see no reason why one would need this feature on a hobby website but also no reason why one would not add this if it is free and easy.

Actually I do see a reason why one would use an emailing service: If you estimate that you will need to send a lot of emails in a short amount of time in most cases this will not be possible with the usual web hosting companies. An emailing service will allow a much higher throughput (and also provide read and click tracking).

Thank you all for the explanation! Then I feel relieved. But I do still think it is very bad practise. In times where everyone and everything’s trying to scam you this is like walking into a bank with a black ski mask on your head because you suffer from photosensitivity. :slight_smile:

There is nothing nefarious going on.

Scruffy and acfo nailed it: Sendinblue is this site’s current SMTP provider. It’s one of many companies that provides mass emailing capabilities. Others include Mailgun, Amazon, and SendGrid.

Discourse (the software that powers this forum) requires an SMTP provider in order to function. It’s a requirement.

If the server that this forum is on was trying to handle email for the forum itself, it would be a huge problem, because email providers are cracking down bigtime on unknown / unauthenticated senders. It is necessary to have a reputable SMTP provider to ensure deliverability. I chose Sendinblue because they have a good reputation and a more generous free tier than others. You can see if you probe’s DNS records that DKIM and SPF are configured. Those are protocols for email authentication. Sendinblue is authorized to send emails for

Sendinblue is automatically creating the URLs that forward to URLs. It’s not something that I configured. But it certainly isn’t nefarious. In fact, it is extremely common for links in transactional emails, or marketing emails, to forward to a different URL. I imagine that’s why it’s a Sendinblue default. Their customers expect it. Given that it’s such a common practice, I don’t think it will alarm our users, or new users signing up. But I totally understand your wondering about it!

Mozilla Thunderbird slaps scam warnings on lots of emails in my experience. False positives can be so common that I just have that “feature” turned off. Better to have a provider with a great spam filtering system, or configure an external spam filtering system to sit in between your inbox and the Internet.


Thank you for your detailed explanation!

I maintain that a link mismatch like in this case is a bad idea. First we tell users that it is a big no-no to click a mismatched link – because of security reasons. Then we turn around 180° and tell users that this is okay – because of marketing reasons. Yepp, that sounds like the world we live in! Or maybe I am getting too old.

I read in the sendinblue-website that this feature indeed cannot be deactivated, so even I you wanted to, it’s not possible with them. So let’s hope that this is not a problem for most users and that it doesn’t hinder the growth of this community in some way.

Anyway – thank you so much for your initiative and the work you have been putting into this site!

The use of additional domains / URLs for tracking purposes annoys me too, but it’s a ubiquitous practice.

The “don’t click on links you don’t recognize” guidance that people often get is unhelpful in my view, because legitimate links can be unrecognizable, and illegitimate links can be recognizable (meaning, they look like trustworthy links, even though they are not). What we need to do is improve the ability of people to critically assess emails they get so they don’t fall victim to social engineering and phishing schemes, and strengthen organization-wide cybersecurity defenses. Many orgs’ cybersecurity hygiene is bad. Really bad.

1 Like

No, you’re not getting old. In my professional opinion it’s not a good idea to link to another unrelated domain precisely because it looks fishy, especially when this triggers scam warnings in outlook and thunderbird. In most projects I have worked on, the read pixel and click tracking was done using the same domain. This usually involved some amount of coding to integrate with the reporting service.

However keeping in mind, that this forum was set up in record time, using an available and free service even if having to put up with mismatching links is a compromise I can understand.

That said I’m sure if we can suggest a free service which plugs in to Discourse just as easily which doesn’t create mismatching links, our admin may be happy to give it a try.

Imho it is as it is and we need to work around it. To be fair thunderbird did once manage to give me a useful warning when the scammer had been especially creative with the use of similar looking numbers and letters in the domain name.

Found a solution:

I got link tracking turned off by contacting the Sendinblue customer support. They ask you whether you want to disable link tracking for campaigns or transactional emails or both. Hope it helps!

Thank you for identifying this solution. I put in a request to Sendinblue and tracking links are now disabled!