eM Client automatically accessing unsafe webpages from unread emails

This has been bothering me for a while now. With the large amount of spam we receive, no matter how often you blacklist and mark as junk, some spam email inevitably goes through from time to time. That’s ok, it’s easy to delete. However, it seems like eM Client is automatically accessing threats from scam links in UNREAD emails, the instant it arrives in the inbox. This is what I repeatedly get from Bitdefender until I manually delete the spam email :

Is there a way to prevent eM Client from accessing anything from an email until I select to view it in the program? This seems like a serious security risk and might force me to change email software otherwise.

If you have set the privacy option to block linked content unless you have whitelisted the sender, eM Client will not download any linked content in the message body from that address when the message is received or viewed.

However, if you have set eM Client to source contact avatars from the Internet, it will look for the favicon for that sender’s domain. It is difficult to tell what is being accessed though, as you have redacted the important data, so that may not be what this is about anyway.

I think I see a backslash in the url, so that is probably not a favicon that was accessed.

This option was already set for me though… Here’s the unredacted link (do not follow it obviously…) as well as another one that did the same thing a couple weeks ago :

I just don’t like the fact that MailClient.exe is accessing these links without any kind of interaction on my part. There has to be a way to block this behavior.

I did follow the links for you anyway.

Web2go is a food blog. Got some great ideas for dinner - thanks. Completely harmless, so this is a false positive from your application anyway. Did you maybe try and unsubscribe from a message you received from them? The other is parked at GoDaddy, so not a threat either as there is no webpage.

But it is possible that a spammer used these domains in their address, and so an avatar was attempted to be sourced from there. Please disable avatar sourcing and see if there is any difference. You can do that in Menu > Settings > Contacts and untick Downloads avatars from external sources.