There was a reference to base href="https://system.netsuite.com/" in the original HTML message.I think the sender's outlook is setup to include URLs or something, after stripping out the base href="https://system.netsuite.com/" everything works fine, but is this not a potential security threat?