Why Mailto Links Should Be Avoided On Websites

Numerous internet surfers probably know the following process: you’re surfing a website and you find a link with an e-mail-address. You click on the link, which begins your odyssey-like journey through the depths of your computer. Why? Because the link leads to the whirring of your hard drive, as the mail-client installed on your computer stirs to action (or, possibly, asks to be set up) and all sorts of additional windows begin to pop open on your screen. Even though you had just been comfortably surfing through the web, now you have to master strong currents as you fight off towering waves.

The link in this case is a so-called mailto link, which automatically starts an e-mail program – even if you don’t even use this program. Mailto links on websites are problematic for three main reasons: They lead to usability problems, make tracking more difficult, and could also represent a security risk.

Usability problems

No e-mail client is installed on your computer
Many users use internet-based mail services, for example hotmail.com, yahoo.com, and gmail.com. The mailto link can only be really useful if Outlook, Thunderbird, or a similar program has already been set up and configured, i.e., the corresponding POP3- and SMTP- server addresses have been entered. Naturally, not all users are familiar with this requirement when they click on a mailto link. The link then loads the not-yet installed (but usually present on the computer) e-mail software, which of course then wishes to be set up. Most users don’t understand this procedure and are confused. And even those who understand what’s happening are annoyed.

Disappointed user expectations
Most users expect that a click on a link will open a new site within the browser. The user is moving through the web, which they accomplish using Internet Explorer, Firefox, or another browser. When – contrary to expectations – a program installed on their computer is started, this often leads to confusion and annoyance. This is a reaction that you can see over and over again in user-tests, especially with users who have less affinity to technology. Even PDF documents that open in the efficient Acrobat Reader lead to critical glances and negative comments. A weighty mail client can lead to deeply furrowed brows and a feeling of complete and utter helplessness; the computer is once again doing whatever it likes. One of the most important usability heuristics, that of user control, is being completely disregarded.

This is also critical because as the user clicks on a contact link, he or she is at that moment at a critical point in their use. The user has determined to contact the vendor. If at this precise moment the user is confronted with massive problems and a feeling of discontent, it is possible that this decision will be reevaluated, and the contact attempt may be terminated.

Long loading times
The loading of a mail application uses computer resources and is a slow process. Under certain circumstances, the user might even click multiple times on the mailto link, as the mail client requires a bit of time before it can start – with the unhappy result that the mail program opens in several instances and windows. In the worst-case scenario, if the user has an older computer, the start of the mail program could even crash the system.

Problematic result checking

A further area of difficulty in the context of mailto links is result checking, which can be implemented with great exactness using tracking tools such as Google Analytics. Every request using a contact form is registered, and it is possible to calculate exactly how many users have opened a contact page and how many actually sent a form to the vendor. The costs invested in an online-marketing campaign can be juxtaposed with the number of conversions, and the cost per conversion can also be calculated perfectly. If you can quantify the value of the request (which is in most cases unfortunately impossible without further effort), you can even calculate a return or yield. Therefore, the use of contact forms allows an exact cost-benefit analysis.

This analysis is much more difficult when additional or only mailto links are offered. It is, admittedly, possible to measure how often the mailto link was activated, but the clicking of the link does not always lead to the sending of an e-mail. Thus, requests sent by e-mail would have to be somehow combined with tracking-data, which can hardly occur automatically or, at the least, would be very difficult. The exact calculation of costs per request and yield on the campaign would likewise no longer be possible.

Moreover, a standardized and – most importantly – efficient further processing of e-mail requests is also decidedly more difficult. For example, one problem would be that in a mail application (opened by a mailto link), receiver and subject are usually already set. If the user changes the subject of the e-mail, it might no longer arrive at the wished-for recipient or in the correct filter, which could delay or even hinder the communication.

Security risks

Very few users know or worry about the fact that e-mails may contain scripts. These scripts are analyzed when the mail client tries to read the message. If the client software has administrator privileges (which is the case for most users of Windows), then the software can run scripts that could influence the entire system. That the user is responsible for this, as they had to interact with the website in order to open the mailto link, could be possible grounds for argumentation. But in any event, probably almost everyone has at some point in time clicked unintentionally on a mailto link.
Of course, it’s also typically the case that a script can’t access the actual computer system unless there’s a security hole in the e-mail software. Older computers or those with unpatched versions of Outlook are especially at risk.

A second security-related aspect is that of the opposite side from the user, i.e. the website operator who is using mailto links on the page: If certain security measures aren’t taken, then mailto links can act as a conduit for spam.

Spammers usually use programs that search automatically for mailto entries on websites: Spam bots search through the source text looking for the string “mailto” as well as the @-symbol. It is also for this reason that website operators should avoid using e-mail addresses as links.


Mailto links are simply misunderstood from many website operators: What was once considered to be comfortable now annoys and irritates most current users and is also dangerous for the operator. Mailto links complicate users’ attempts to contact companies (modern browsers even offer users the opportunity to deactivate the mailto function) and could lead to the cancellation of communication, complicate or confound result checking, and are not without problems regarding security aspects.

There is no reason to find the mailto function on a modern website. Good contact forms are far more effective and – thanks to modern technology – can lead to a positive user experience.

Read this post in German.