DOD breaks links in .mil clients

DataSecurity_IllustrationThe Department of Defense is breaking HTML links in mail to .mil domains. This is part of the DoD’s attempt to curtail phishing.

a great majority of intrusions into Pentagon networks are the result of the kind of human error that is exploited in phishing attacks, in which seemingly trustworthy e-mail links are used as attack vectors to hijack user computers, install malware or steal credentials.

Instead of being able to click on links, .mil recipients will have to cut and paste links into a browser in order to visit the website. This will also affect open tracking and break images in emails.
If you’re sending to .mil domains, plain text is going to be best. The DoD has had a policy of not rendering HTML, but some mail clients still did. Now the DoD is taking extra steps to break links.
My suggestions for senders who need to send mail to .mil domains:

  1. Use plain text.
  2. Make links as short as possible so that they’re easier to cut and paste.
  3. Call to actions are even more important as you’re asking for an extra step.
  4. For those of you who can, try and get an address that’s not .mil

For mailers who might sometimes get .mil addresses on your lists, think about whether or not you really want to allow them. Try to get a different address for them. Deliverability will be easier and your pretty HTML can be displayed.


  1. Huey says

    One government agency is conducting weekly anti-phishing training over the course of the last several months. It is becoming more and more sophisticated, to the point where I had to look up the IP address that the target URL resolved to and then look at the reverse DNS of that IP address before it was obvious that the message wasn’t legitimate.
    The fed is getting serious about making this stop.

  2. Sumit Goyal says

    Nice post. Specially last phrase.
    Great Post. Good Luck

  3. Dave says

    Seems like it will be pretty effective


Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Recent Comments