Summary
Email providers, including free services like Gmail, Yahoo, and Outlook, employ various methods to scan emails for spam and malicious content. This includes analyzing and often clicking the links within emails to assess their safety and destination. While consumer domains might do this less frequently than business email services, it's a common practice to evaluate sender reputation, URL reputation and content to protect users. These scans are part of a broader spam filtering process, which might also involve techniques beyond simple link clicking, such as executing Javascript and observing the results. Microsoft actively clicks all links, while other providers might leverage external services or analyze links without clicking. Not all clicks are from humans, and the frequency of these scans correlates with sender reputation.
Key findings
- Link Analysis: Email providers scan links within emails to assess their safety and destination, with Office 365 showing higher rates of spam filter clicks.
- Sender Reputation: Sender reputation significantly influences the intensity and frequency of link scanning.
- Sophisticated Techniques: Email providers employ sophisticated methods beyond simple click tracking, including Javascript execution and dynamic content analysis.
- URL Reputation: Reputation systems use URL reputation to score incoming mail, even without direct clicking.
- Microsoft's Active Scanning: Microsoft actively clicks all links, rotating between different ESPs.
- Automated Systems: Automated systems are used by providers like Google (Gmail) and are part of Cisco's security products
Key considerations
- Varying Frequency: The extent to which links are clicked varies, from sampling to clicking almost every link, depending on factors like sender reputation.
- Non-Human Clicks: Not all link clicks originate from real users; many are from automated scanning systems.
- External Link Analysis: Consumer email providers might use external services for link analysis.
- Advanced Threat Detection: Link analysis is evolving to include loading pages, executing JavaScript, and observing dynamic content.
- Sandboxing: Microsoft utilizes sandboxing to proactively detonate potentially malicious links
What email marketers say
11 marketer opinions
Email providers, including free services like Gmail, Yahoo, and Outlook, employ various methods to scan emails for spam and malicious content. This often includes analyzing and sometimes clicking the links within emails to assess their safety and destination. While consumer domains might do this less frequently than business email services, it's a common practice to evaluate sender reputation and content to protect users. These scans are part of a broader spam filtering process, which might also involve techniques beyond simple link clicking.
Key opinions
- Link Analysis: Email providers scan links within emails to assess their safety and destination.
- Varying Frequency: Consumer domains may scan links less frequently than business email services.
- Sender Reputation: Sender reputation is a critical factor in determining whether links are scanned and how emails are filtered.
- Broader Spam Filtering: Link analysis is one part of a broader spam filtering process that includes analyzing content and sender reputation.
- Office 365 Scanning: Spam filter clicks can significantly exceed real clicks at Office 365.
- External Services: Consumer providers may use other services to follow links, not just their own.
Key considerations
- Not Always Human: Not every click on a link in your emails is from a real person; many are from automated systems.
- Microsoft's Link Clicking: Microsoft has been actively clicking all links for almost a year, rotating between different ESPs.
- Hit Rate Variation: The frequency of link clicking varies, from sampling to clicking every link, and correlates with sender reputation.
- URL Reputation: URL reputation is used by providers when scoring incoming mail.
- Beyond Click Tracking: Some ISPs are actively loading pages, executing Javascript, and observing what happens.
Marketer view
Email marketer from Litmus shares that email testing platforms can simulate how different email clients render and scan emails. This can include checking if links are properly formatted and lead to the intended destination, mimicking the behavior of spam filters.
25 Apr 2025 - Litmus
Marketer view
Email marketer from Sendinblue shares that mailbox providers use spam filters, which may include click tracking, to ensure a safe email experience. They evaluate the sender's reputation and the content of the email, sometimes clicking links to verify their safety.
3 Feb 2022 - Sendinblue
What the experts say
3 expert opinions
Email services, including free providers, actively analyze links in emails for spam detection. Microsoft has been clicking all links, rotating between ESPs. While providers may not always click links, they use URL reputation in their delivery decisions. Some ISPs are moving beyond simple click tracking, loading pages, executing JavaScript, and observing the results.
Key opinions
- Microsoft's Link Clicking: Microsoft has been clicking all links for almost a year, rotating between different ESPs.
- URL Reputation: Reputation systems use URL reputation in scoring incoming mail.
- Advanced Tracking: Some ISPs are loading pages and executing JavaScript, going beyond simple click tracking.
Key considerations
- URL Analysis: Even if links aren't clicked, their reputation is considered in delivery decisions.
- Dynamic Analysis: ISPs may execute JavaScript to further analyze the linked content.
Expert view
Expert from Spamresource.com explains that reputation systems at large providers absolutely use URL reputation in scoring incoming mail. So they may not 'click' but they will absolutely analyze them as part of the delivery decision.
21 Jan 2025 - Spamresource.com
Expert view
Expert from Word to the Wise shares that they have seen many ISPs are now doing more than just simple click tracking. They are actively loading pages, executing javascript, and seeing what happens.
21 Aug 2024 - Word to the Wise
What the documentation says
5 technical articles
Major email providers, like Google and Microsoft, employ automated systems to scan URLs in emails for phishing and malware protection. These systems analyze links, sometimes visiting the linked pages, to assess their content and security. Microsoft's Safe Links feature rewrites URLs for real-time checks. While Spamhaus doesn't directly click links, they maintain databases of spam sources to aid email providers in blocking spam.
Key findings
- Automated Systems: Email providers use automated systems to check links.
- Phishing and Malware Detection: The primary purpose of link scanning is to detect phishing and malware.
- Google's Link Following: Gmail employs sophisticated methods, including link following, for threat detection.
- Microsoft Safe Links: Microsoft Safe Links rewrites and checks URLs against malicious site lists.
- Reputation Database: Spamhaus maintains databases of known spam sources.
- Cisco Scanning: Cisco email security products analyze the reputation of the website and checking for malicious content.
Key considerations
- Preemptive Detonation: Microsoft pre-emptively 'detonates' suspect links in a sandbox environment.
- Content Assessment: Link analysis involves visiting the linked pages to assess their content and security.
- Indirect Link Analysis: Spamhaus provides data that facilitates link analysis by email providers without directly clicking links themselves.
Technical article
Documentation from Cisco responds that their email security products scan URLs in emails to protect users from malware and phishing attacks. This includes analyzing the reputation of the website and checking for malicious content.
13 Jun 2023 - Cisco
Technical article
Documentation from Google explains that Gmail uses sophisticated methods, including link following, to detect phishing and malware. These automated systems analyze links to identify potentially harmful websites and protect users.
10 May 2022 - Google
Are Bitly links bad for email deliverability?
Are HTTP links penalized by spam filters in email marketing?
Are link shorteners bad for email marketing?
Are spam trigger word lists accurate and should I be concerned about them?
Are URL shorteners like bit.ly bad for email deliverability?
Do email security software solutions click hyperlinks in emails?
Do email spam filters scan image content and QR codes?
Do images in emails affect deliverability?
How can I effectively avoid spam filters when sending emails?
How complex are inbox filters in determining email deliverability and placement?
What are spam trigger words and how do they impact email deliverability?
