I have now filed this feature request with all 9 email apps on my target list. This post is the status log: which submissions are publicly visible, which are only on record through private channels, and where readers can add a vote. For the rationale behind the request, see Email link phishing: why your email app should always show the URL. For a working client-side implementation, see Reveal URLs: spot phishing links before you click.
What I asked for
The ask is simple: email apps should display every link's actual URL right at the link, not only on hover or long-press, and visually flag it when the hostname of the URL does not match the hostname the visible link text implies. That would close the link-text-mismatch gap behind modern phishing, where an authenticated message can still hide a malicious destination behind innocent display text. Ideally the feature would be configurable as a graduated policy such as full URL, domain-only, or external-links-only.
Status across the 9 email apps
| App | Link | Channel | Public? | Status |
|---|---|---|---|---|
| Outlook | View / vote | Microsoft Feedback Portal | Yes | Submitted on 2026-07-09; public Microsoft Feedback Portal idea page available |
| Proton Mail | View / vote | Proton feature-request portal | Yes | Submitted on 2026-07-09; public page verified on 2026-07-10 |
| Thunderbird | View / vote | Mozilla Connect (Ideas) | Yes | Submitted on 2026-07-09; public page verified on 2026-07-10 |
| Tuta | View / vote | GitHub Discussions → Ideas | Yes | Submitted on 2026-07-09; public page verified on 2026-07-10 |
| Yahoo Mail | View / vote | Yahoo Feedback | Yes | Submitted on 2026-07-09; public page verified on 2026-07-10 |
| Apple Mail | — | Apple Mail feedback form | No | Submitted on 2026-07-09; private channel only |
| FastMail | — | Support ticket | No | Submitted on 2026-07-09; Ticket 1719933 |
| Gmail | — | In-app "Suggest an idea" | No | Submitted on 2026-07-09; private in-app channel |
| Zoho Mail | — | Zoho feature ticket | No | Submitted on 2026-07-09; Ticket 205219035064389701 |
- Outlook — public Microsoft Feedback Portal page
- Proton Mail — public UserVoice suggestion page
- Thunderbird — public Mozilla Connect idea page
- Tuta — public GitHub discussion in the Ideas category
- Yahoo Mail — public Yahoo Feedback page
On record through private channels
Apple Mail and Gmail were filed through private or in-app channels, so there is nothing public to link to even though the requests are on record. FastMail and Zoho Mail are also on record, but there is no public URL for the tickets created.
Scope note: this post covers email apps only. Browsers are fully out of scope — showing a link's real destination on a webmail page is the mail app's job, not the browser's.
This is an early status update, not the end of the campaign. If vendors respond, change status, or add better public threads, I will update this post. Until then, the most useful action is to add votes on the verified public pages above.
If you want help improving email or web security in your organisation, feel free to get in touch.