I'd ask about this in the Security Forum, but it is possible to create a HTML email to show a link, but thwart the display of that info.

BEWARE that you should NEVER EVER VIEW such emails. Just delete them since another EXPLOTATION can have code execute by pre-viewing said email.

Fix? (gotta love this...)

Don't do that. (preview or view.)

Workaround. Look to strip all email to plain-text (e-dexter?)