Link Safety Best Practices

Why Links Get Flagged

Phishing attacks, malware distribution, and spam campaigns all rely on links. Platforms respond by treating every URL as a potential threat. They check the destination, the format, and the domain reputation before showing your content to anyone.

A single flagged link can reduce your post's reach to near zero. On some platforms, it can also affect the reach of your future posts.

URL Shortener Detection

URL shorteners like bit.ly, tinyurl.com, and t.co hide the actual destination. Spammers love them because victims can't see where the link goes before clicking.

• TextScore flags all shortened URLs in your content.
• Some platforms (especially Facebook and LinkedIn) actively suppress posts with shortened links.
• Even trusted shorteners like bit.ly are flagged because they've been widely abused.

What to Do Instead

Use full URLs. If the URL is too long, most platforms generate their own preview cards. For emails, hyperlink the text instead of showing the raw URL. If you need tracking, use UTM parameters on your own domain rather than a third-party shortener.

Homograph Attacks

Homograph attacks use characters from other alphabets that look identical to Latin letters. For example, the Cyrillic "a" looks like the Latin "a" but is a different character. Attackers use this to create domains like "apple.com" that look real but lead to phishing sites.

• TextScore scans URLs for mixed-alphabet characters.
• These are nearly impossible to spot by eye. Automated detection is the only reliable defense.
• If TextScore flags a homograph, don't publish that link. Verify the source and get the correct URL.

IP-Based URLs

Legitimate websites use domain names. Links that point directly to IP addresses (like http://192.168.1.1/page) are almost always suspicious.

• TextScore flags any URL that uses an IP address instead of a domain.
• IP-based URLs are a classic indicator of temporary phishing sites and malware servers.
• No legitimate content should link to an IP address. If you see one in your text, replace it with the proper domain URL.

Suspicious Domain Patterns

TextScore analyzes domain names for patterns associated with malicious sites:

• Unusual TLDs: Domains ending in .xyz, .top, .click, .loan, and similar TLDs have high spam rates. Not all are malicious, but many platforms treat them with extra caution.
• Excessive subdomains: URLs like login.secure.account.example.com use subdomains to look legitimate while hiding the actual domain.
• Brand impersonation: Domains like "paypal-secure-login.com" or "google-verify.net" impersonate trusted brands.
• Random strings: Domains with random character combinations (like x7kf9p2.com) are often temporary spam sites.

Before You Publish

• Use full URLs from trusted domains. Link directly to the source. No shorteners, no redirects.
• Check every link. Paste your content into TextScore and review the link safety results. Fix or remove any flagged URLs.
• Click your own links. Make sure they go where you expect. Broken links don't just frustrate users - they can lower your content's quality signals.
• Use HTTPS. Links to HTTP (non-secure) pages get flagged by browsers and some platforms. Make sure your links use HTTPS.
• Limit outbound links. Posts with many external links look promotional. Use only the links that add real value to your content.

For Email Campaigns

Email providers are the strictest link checkers. Gmail, Outlook, and Yahoo all scan email links before delivery.

• Use your own domain for all links. Links to third-party domains increase spam risk.
• Avoid redirect chains. Each redirect adds suspicion.
• Don't use URL shorteners in emails. This is the single fastest way to land in spam.
• Keep the number of unique domains low. Emails linking to 5+ different domains look like spam.
• Make sure your sending domain has proper SPF, DKIM, and DMARC records. Link safety and sender reputation work together.

For Social Media

Each social platform handles links differently, but the principles are the same:

• X: Add context around your links. A URL with no explanation gets less distribution. Use t.co only through native tweeting - don't manually use Twitter's shortener in other content.
• Facebook: Native content outperforms links. If you must share a link, add substantial text around it. Consider putting the link in the first comment.
• LinkedIn: Full URLs from recognized business domains perform best. LinkedIn suppresses posts with links to unfamiliar domains.
• Medium: Inline links to high-quality sources improve your article's credibility. Avoid linking to low-quality or spammy sites.

If TextScore flags a link in your content, here's how to resolve it:

• Shortened URL: Replace with the full destination URL. Copy the link from your browser's address bar after the shortener redirects.
• Suspicious domain: Verify the source. If it's legitimate but uses an unusual TLD, consider linking to an alternative source with a more established domain.
• IP-based URL: Find the domain name for that server and use it instead. If no domain exists, don't link to it.
• Homograph detected: Delete the link entirely and find the correct URL by navigating to the site directly through your browser.
• HTTP (not HTTPS): Try changing http:// to https://. If the site doesn't support HTTPS, consider whether you should be linking to it.

After fixing flagged links, run your content through TextScore again to confirm everything passes.