I couldn't click a link in my email since I was using only
pine for reading my email until about 2 years ago. I'd have to arrow down and click enter and it would ask if I really wanted to go to the site. I use
Gmail now and they're good about getting spam into my spam folder where I'll never see it. I generally don't click email links. To help me make sure a link is OK I'll hover over links and verify they're going where they say they're going. Big red box warnings when an email client sees the text http:/ my-bank but really links to http:// some-hacked-site.cn/bank/phishing.html are nice. Companies not putting any links at all and simply saying please go to out web page and click update account info in the top right works too. There are other things going on in the background with email such as
SPF and
domain keys that combine info in the email headers (that users generally don't see) and information in DNS about expected sending servers that allow incoming mail servers to help determine if an email is legit or not. Some ISP's force you to login before you can send an email but that doesn't stop you from getting your account login stolen and some spammer using your smtp-auth account for spamming. The core of the issue boils down to the smtp protocol was designed at a time when all hosts on the "internet" were trusted. A major rewrite/replacement with security in mind needs to happen someday.