With Halloween just around the corner, it’s common to see all sorts of scary surprises pop up in your home, neighborhood, or even workplace. But over the past few months, an increasing number of senders have been experiencing a more sinister surprise in their email metrics: phantom clicks.
What are phantom clicks, exactly? They go by various names – some in the industry call them “URL checks during the SMTP transaction,” while many senders refer to them as “bot clicks” or “link crawlers.” All of these terms are used to refer to clicks that are made not by a person, but by an automated anti-abuse system before the mail is delivered. When these systems receive a message, they will follow one, some, or all of the links in the message to determine their target. These checks are designed to ensure redirects are not being abused by spammers and scammers to hide the true destination of their links.
If you track clicks via ESP link tracking or another analytics solution, this can cause your metrics to indicate a recipient clicked in your email even if they never did. And even worse, these phantom clicks can activate ‘single-use’ links like one-click unsubscribes or opt-in confirmations. Many senders have reported contacts being unsubscribed because of this type of link checking.
When a message is sent to a recipient using these services, the system makes a determination whether or not to check the links in the message. Depending on that decision and on the specifics of the service, they will check either certain links, all links, or no links in the given message. But how do they decide? As with most filtering algorithms, the specific methods are proprietary and well-guarded. Even so, there are a few practices and factors that are more likely to cause your links to be validated:
- Multiple levels of link redirects. Are you using your ESP’s tracking link along with a separate analytics redirect? You’re likely to be targeted for link validation. Limit your link tracking to a single redirect if you must.
- Single-use or encoded URLs. Links that are recipient-specific or otherwise unique from the other URLs in the message can be a red flag as well. If your links are encoded, the filter may see each link as a separate domain and therefore suspicious. Disable link encoding and avoid links that perform an action with a single click if possible.
- Domains with poor reputations. This one can be tricky if you are linking to third-party websites. If the target of your link is a site that is known to be referenced in a lot of spam messages or has a poor web reputation, filters are likely to follow the link. If it’s your own domain that has a poor reputation, you’ll continue to see these issues until you resolve that. Otherwise, keep your links to third-party sites to a minimum.
(Our Resources page can help if you need to check the reputation of a domain.) - Misaligned domains. The more different domains linked your message (including the header), the more suspect your message appears. When possible, ensure your message’s return-path, mail from, and link tracking domains are all the same. If you use an ESP, many allow a ‘whitelabel’ option that allows you to make this happen with only a few DNS changes on your end.
This is by no means an exhaustive list – hundreds of factors come into play for each decision made by these systems – but following these guidelines should help minimize your chances of sighting these phantom clicks.
– BG
