diff --git a/test/js/conversation-page-state-test.vala b/test/js/conversation-page-state-test.vala
index 93414f82..5b09364f 100644
--- a/test/js/conversation-page-state-test.vala
+++ b/test/js/conversation-page-state-test.vala
@@ -17,6 +17,9 @@ class ConversationPageStateTest : ClientWebViewTestCase<ConversationWebView> {
         add_test("is_deceptive_text_deceptive_href", is_deceptive_text_deceptive_href);
         add_test("is_deceptive_text_non_matching_subdomain", is_deceptive_text_non_matching_subdomain);
         add_test("is_deceptive_text_different_domain", is_deceptive_text_different_domain);
+        add_test("is_deceptive_text_embedded_domain", is_deceptive_text_embedded_domain);
+        add_test("is_deceptive_text_innocuous", is_deceptive_text_innocuous);
+        add_test("is_deceptive_text_gitlab", is_deceptive_text_gitlab);
         add_test("is_descendant_of", is_descendant_of);
         add_test("is_descendant_of_with_class", is_descendant_of_with_class);
         add_test("is_descendant_of_no_match", is_descendant_of_no_match);
@@ -77,6 +80,26 @@ class ConversationPageStateTest : ClientWebViewTestCase<ConversationWebView> {
                ConversationWebView.DeceptiveText.DECEPTIVE_DOMAIN);
     }
 
+    public void is_deceptive_text_embedded_domain() throws Error {
+        load_body_fixture("<p>my hovercraft is full of eels</p>");
+        assert(exec_is_deceptive_text("Check out why phishing.net is bad!", "example.com") ==
+               ConversationWebView.DeceptiveText.NOT_DECEPTIVE);
+    }
+
+    public void is_deceptive_text_innocuous() throws Error {
+        // https://gitlab.gnome.org/GNOME/geary/issues/400
+        load_body_fixture("<p>my hovercraft is full of eels</p>");
+        assert(exec_is_deceptive_text("This will be fixed in the next freedesktop-sdk release (18.08.30)", "example.com") ==
+               ConversationWebView.DeceptiveText.NOT_DECEPTIVE);
+    }
+
+    public void is_deceptive_text_gitlab() throws Error {
+        // Link text in gitlab is "@user.name", which was previously false positive (@ can't be part of a domain)
+        load_body_fixture("<p>my hovercraft is full of eels</p>");
+        assert(exec_is_deceptive_text("@user.name", "http://gitlab.org/user.name") ==
+               ConversationWebView.DeceptiveText.NOT_DECEPTIVE);
+    }
+
     public void is_descendant_of() throws GLib.Error {
         load_body_fixture("<blockquote><div id='test'>ohhai</div></blockquote>");
         assert(
diff --git a/ui/conversation-web-view.js b/ui/conversation-web-view.js
index a76e3c36..451db288 100644
--- a/ui/conversation-web-view.js
+++ b/ui/conversation-web-view.js
@@ -304,12 +304,12 @@ ConversationPageState.getNodeBounds = function(node) {
  * Test for URL-like `text` that leads somewhere other than `href`.
  */
 ConversationPageState.isDeceptiveText = function(text, href) {
-    // First, does text look like a URI?  Right now, just test whether
-    // it has <string>.<string> in it.  More sophisticated tests are
-    // possible.
-    let domain = new RegExp("([a-z]*://)?"               // Optional scheme
-                          + "([^\\s:/]+\\.[^\\s:/\\.]+)" // Domain
-                          + "(/[^\\s]*)?");              // Optional path
+    // First, does text look like a URI? 
+    let domain = new RegExp("^"
+                          + "([a-z]*://)?"                             // Optional scheme
+                          + "([^\\s:/#%&*@()]+\\.[^\\s:/#%&*@()\\.]+)" // Domain
+                          + "(/[^\\s]*)?"                              // Optional path
+                          + "$");             
     let textParts = text.match(domain);
     if (textParts == null) {
         return ConversationPageState.NOT_DECEPTIVE;