How does including email addresses in URL links affect deliverability at Gmail?

Key findings

• Privacy Concern: Embedding email addresses in URLs (e.g., as parameters for tracking or personalization) is a direct leakage of PII. Google has strict policies against transmitting PII, not just in its advertising platforms but across its entire ecosystem, which can indirectly affect how emails containing such links are handled.
• Security Risk: Such links can be exploited for phishing attacks or data breaches, making them suspicious in the eyes of spam filters and security protocols. This increases the likelihood of emails being flagged.
• Deliverability Impact: Even if not explicitly blacklisted, emails with PII in URLs may experience reduced inbox placement, lower engagement (due to broken links or warnings), and a damaged sender reputation over time. Gmail’s filters are sophisticated and analyze content, links, and sender behavior to determine trustworthiness.
• Link Integrity: Mailbox providers (MBPs), especially consumer-focused ones like Gmail, might rewrite or break links containing what appear to be recipient email addresses to protect user privacy and prevent tracking or malicious use.
• Compliance Issues: Including PII in URLs, particularly for recipients in regions like the EU, can lead to significant GDPR violations and hefty fines, irrespective of deliverability concerns.

Key considerations

• Alternative Tracking: Implement secure, non-PII tracking methods like session IDs or anonymized parameters. This ensures accurate click tracking without compromising user data or deliverability. For more about general link impact, see our page on how links affect deliverability.
• Adherence to Policies: Always review and comply with Google's guidelines on avoiding PII in URLs. This is crucial not only for deliverability but also for ethical data handling.
• Reputation Management: Maintaining a strong sender reputation is paramount. Practices that appear risky or privacy-invasive can quickly erode trust with MBPs. Learn more about the specific risks of including email addresses as URL parameters.
• Client Education: Educate clients on the importance of avoiding PII in URLs, emphasizing both deliverability and legal compliance (e.g., GDPR) aspects.

Key opinions

• Obvious Bad Practice: Most marketers recognize that including PII, like email addresses, in URLs is fundamentally a bad practice for multiple reasons, regardless of specific deliverability impacts.
• Client Resistance: A common struggle for marketers is convincing clients to abandon such practices, especially when the clients rely on outdated information or conflicting advice from other sources.
• Impact on Engagement: This practice can lead to atrocious click rates, indicating that either emails are not reaching the inbox, or links are being altered/broken by the recipient's MBP.
• GDPR and Compliance: There's a strong awareness among marketers about the significant legal and financial risks associated with GDPR violations, particularly when a large portion of the audience is in the EU.

Key considerations

• Data Privacy Prioritization: Marketers must prioritize data privacy. Not only does it build trust with subscribers, but it also aligns with MBP policies and avoids legal repercussions. Refer to factors affecting email deliverability.
• Proof to Clients: Providing concrete proof, such as official documentation or a/b test results showing improved performance after removing PII, is essential for convincing reluctant clients. This ties into how unusual link structures can impact deliverability.
• Audit Recommendations: Clearly communicate audit findings and recommendations regarding PII in URLs. Emphasize the potential for severe consequences if advice is not followed, including reputation damage (visible in tools like Google Postmaster Tools) and legal fines.
• Monitoring Reputation: Regularly monitor domain and IP reputation using tools like Google Postmaster Tools to identify early signs of deliverability issues related to link practices or content problems.

Key opinions

• Outdated Practice: Including email addresses in links is an old policy, dating back to pre-2004 for some MBPs like Microsoft, making it a very bad practice regardless of its current specific deliverability effect.
• Link Manipulation: There are recent cases where consumer MBPs rewrite or break links that contain strings resembling recipient email addresses, impacting link functionality.
• Phishing Risk: Google is likely to add phishing warnings to emails that contain email addresses within URLs, signaling a high-risk factor to recipients and potentially impacting inboxing.
• Vendor Responsibility: Experts emphasize that their role is to provide information and guidance. If clients choose not to follow advice (even bad advice from others), the ultimate responsibility for negative outcomes lies with the client's business decisions.

Key considerations

• Proactive Removal: It is always best practice to proactively remove any PII from URLs to prevent potential deliverability issues and protect user privacy. This helps avoid various issues, including those related to unencoded URLs.
• Educate on Risk: Highlight the security implications alongside deliverability. If a link looks like a phishing attempt because of PII, it increases the chances of being blocked. External resources like Spam Resource blog may offer insights on link reputation.
• Long-Term Reputation: Even if an immediate problem isn't apparent, consistently sending emails with PII in URLs can degrade long-term sender reputation, making it harder to reach the inbox in the future. Monitoring your domain reputation in Google Postmaster Tools is advised.
• Privacy by Design: Adopt a 'privacy by design' approach to all email practices, ensuring that PII is protected at every step of the email journey.

Key findings

• Google Policy: Google's ad product policies strictly prohibit passing any data that could be used or recognized as personally identifiable information (PII) to Google. This includes email addresses, names, or any other identifying data within URLs.
• Privacy Protection: The mandate to avoid sending PII is driven by the interest of protecting end-user privacy, a fundamental aspect of Google’s platform policies.
• Broad Application: Although often mentioned in the context of Google Analytics or Google Ads, the principle of avoiding PII in URLs is a general best practice for any web-based communication and can impact how emails are perceived and delivered.
• Indirect Deliverability Effect: While not a direct email deliverability rule, the underlying privacy and security concerns translate into email filtering decisions, where links with PII are deemed risky.

Key considerations

• Compliance Across Platforms: Marketers should assume that PII in URLs is a red flag across all Google services, including Gmail, given their unified approach to user privacy. This is detailed in Google's policy on sending Personally Identifiable Information.
• Content Reputation: Content reputation, which includes the quality and safety of links, is a significant factor in deliverability, as noted by Kickbox. Any practice that undermines trust, like PII leakage, can affect this reputation.
• Avoid Shorteners with PII: Avoid using URL shorteners if they embed PII, as this practice is also flagged by providers. Learn more about URL shorteners and domain reputation.
• Regular Review: Regularly audit email templates and link structures to ensure no PII is inadvertently being transmitted. This should be part of a robust email deliverability checklist.