Suped

Summary

Unencoded URLs in email can pose subtle yet significant risks to email deliverability and spam filtering. While modern web browsers are often forgiving, automatically correcting malformed URLs, email systems (Mailbox Providers or MBPs) and spam filters are far less lenient. Their strict parsing and heuristic rules can flag such URLs as suspicious, potentially leading to messages being blocked or sent to the spam folder. This issue often arises when tracking parameters or dynamic content are appended to URLs without proper URL encoding, particularly when special characters like spaces or parentheses are included.

What email marketers say

Email marketers often discover unencoded URL issues when their campaigns experience unexpected problems, such as broken links or reduced inbox placement. While the immediate focus might be on user experience, the deeper concern lies in how these malformed URLs are perceived by spam filters and mailbox providers. Marketers frequently encounter situations where their tracking parameters, especially those automatically appended by their ESPs, contain characters that aren't properly encoded, leading to unpredictable deliverability outcomes and sometimes even landing page errors.

Marketer view

Email marketer from Email Geeks indicates that their platform often appends query parameters with unencoded values like 'mailing name' (e.g., 'Foo Bar (1)'). They noted that browsers fix these automatically, so the issue often goes unnoticed until a server or strict filter complains.

19 Dec 2019 - Email Geeks

Marketer view

Email marketer from a Marketing Forum suggests that broken or malformed links, even if only at the landing page level, can significantly hurt user experience and overall campaign performance. It's not just about spam filters; it's about conversion too.

05 Nov 2023 - Marketing Forum

What the experts say

Email deliverability experts consistently advise against unencoded URLs, emphasizing the critical difference between how web browsers and mail processing agents (spam filters, antivirus, mailbox providers) interpret them. While a browser might silently correct a malformed URL, email infrastructure is designed to be highly suspicious of anything that deviates from strict standards, especially when it concerns links. This strictness is a defense mechanism against phishing, malware, and other malicious activities that often leverage malformed or obscure URLs. Experts highlight that unencoded special characters, or those that mimic SQL commands, can trigger advanced heuristics designed to protect recipients from sophisticated attacks.

Expert view

Deliverability expert from Email Geeks suggests that older heuristics might flag badly formed URLs within the message body as a sign of spamware. However, they indicate that systems checking for malicious content by clicking through are less likely to use this heuristic.

19 Dec 2019 - Email Geeks

Expert view

Expert from SpamResource highlights that any element that deviates from standard email formatting or common web protocols can be seen as suspicious by advanced spam filters. Unencoded URLs fall squarely into this category, potentially impacting inbox placement.

20 May 2024 - SpamResource

What the documentation says

Official documentation from various internet standards bodies (RFCs) and mailbox providers consistently advocates for strict adherence to URL encoding guidelines. These guidelines are fundamental to the interoperability and security of the internet. Unencoded URLs violate these standards, making them unpredictable in how they are processed by diverse email systems and increasing their likelihood of being flagged as non-compliant or malicious. Documentation often warns that while browsers might be tolerant, server-side processing and security systems are not, and will often reject malformed requests or interpret them as threats, impacting both deliverability and website functionality.

Technical article

RFC 3986 (URI Generic Syntax) dictates that Uniform Resource Identifiers (URIs) must strictly adhere to specific syntax rules. Characters outside of the unreserved set must be percent-encoded to prevent misinterpretation and ensure global interoperability across various systems.

Jan 2005 - RFC 3986

Technical article

The OWASP (Open Web Application Security Project) documentation on URL encoding notes that improper encoding or decoding of URL parameters is a common vector for web vulnerabilities, including SQL injection and cross-site scripting (XSS) attacks. Security systems are designed to detect these anomalies.

22 Mar 2023 - OWASP

4 resources

Start improving your email deliverability today

Get started