When you receive a plain text email with a http URL in it, it is turned into a clickable link. The href of that link is lowercase so it will trigger the scam detection because of URL title vs href mismatch.
Send a plain text email with content "test http://gOogle.com" (note the uppercase O), opened it and got "This message may be scam" with details of "
This email contains a link which reads as 'http://gOogle.com' in the text, but actually points to 'http://google.com/'. This is often the case in scam emails to mislead the recipient"
5.7.2 ? are you sure.
But in master it was fixed this morning.
Just built messagelib from master now and it works. Thanks, sorry for the noise.