I've not been through *all* the documentation yet, and my install was put off because I had to switch OSs, but I haven't yet seen whether Zimbra does any in-browser phishing warning: specifically, I'd like to see URL links in emails colorized so as to give users a hint:

1) Link in plain text, heated up by Zimbra: blue

2) Link in HTML, plain text URL matches HREF URL: green

3) Link in HTML, plain text URL that's different from HREF URL: red, and maybe a hover.

4) Link in HTML, non URL as the anchor text: yellow, with a hover

This will solve javascript status line replacements (if, indeed, those would leak through in the first place), and also highlight where links came from and where they'll take you.

That sounds, on reflection, like it might be a Zimlet. Can you accomplish that with a Zimlet?