When email service providers (ESPs) use click tracking links, these links sometimes get flagged as dangerous or malicious by security software like Norton, or by internet service providers (ISPs) themselves. This can be baffling for senders, as their primary domain may not be flagged, and the issue appears specific to the tracking links provided by their ESP.Understanding why this happens is crucial for maintaining good email deliverability and ensuring your emails reach the inbox without triggering security warnings. It's often related to how these tracking domains are shared and managed, as well as the overall reputation of the domain or IP address used for click tracking.
Key findings
Shared domains: A common cause of blocked click tracking links is when an ESP uses shared domains for click tracking across many customers. If one customer's account or link path on that shared domain becomes compromised (e.g., hosting a phishing site), all other customers using the same shared domain may also experience their links being flagged as malicious.
Reputation spillover: The reputation of a click tracking domain is critical. If the domain itself, or the IP address it resolves to, has a poor reputation due to past abuse or spam, security software will be more likely to block its links. This can occur even if your specific sends are legitimate, as the blocklist might be for the shared infrastructure.
Security software behavior: Security tools, like Norton, often employ sophisticated algorithms to detect suspicious URLs. They may flag links based on known malicious patterns, the domain's history, or real-time threat intelligence. These systems can sometimes produce false positives, but typically, a flagged link indicates a genuine concern.
Lack of differentiation: Some ESPs might not sufficiently differentiate link tracking paths between customers. This means a malicious parameter from one customer's URL could potentially be applied to another customer's URL, leading to widespread blocking.
Key considerations
Dedicated click tracking domains: To mitigate the risks of shared domains, consider setting up a dedicated click tracking domain. This gives you greater control over your link reputation and isolates you from issues caused by other ESP customers. Klaviyo's support documentation suggests this as a solution when shared click tracking domains are blocked.
Proactive submission: If your links are being flagged, you or your ESP should proactively submit the click tracking domain to major security providers (e.g., Norton, Palo Alto Networks, Bluecoat, Brightcloud) for re-evaluation or re-categorization. This can help clear your domain's reputation faster.
Website security audit: Even if the issue appears to be with the tracking link, conduct a thorough security audit of your own website and any content linked in your emails. There's a chance your site has been compromised, leading to the flagging.
Understand ESP practices: Communicate with your ESP to understand their click tracking domain management practices. Confirm whether your domain is truly isolated or if it shares infrastructure in a way that could lead to reputation issues.
Domain reputation management: Monitor your click tracking domain's reputation using various tools. A good reputation for all domains involved in your email sending, including those for tracking, is key to avoiding blocklists and ensuring deliverability.
What email marketers say
Email marketers often face unexpected hurdles with deliverability, and click tracking links being flagged as dangerous by security software is one such challenge. Their experiences highlight the practical steps taken to diagnose and resolve these issues, often involving direct communication with ESPs and security vendors.
Key opinions
Proactive submission is key: Marketers who've faced similar problems emphasize that submitting click tracking domains directly to security providers for re-evaluation is an effective way to address blockages. This proactive step helps to clear the domain's standing.
Custom domains offer control: Some marketers prefer to set up their own dedicated click tracking domains rather than relying solely on those provided by their ESPs. This approach offers more control and can prevent issues arising from shared domain blocklists.
ESP role is crucial: The ESP plays a significant role in managing click tracking infrastructure. If an ESP's shared click tracking domain is compromised, it can impact all customers using that domain, making it essential to work closely with them.
Check all links: It's not just about the ESP's domain. If your emails contain third-party links to your website, those too could trigger warnings if your site has issues, or if the third-party content is flagged.
Key considerations
Investigate immediately: When users report blocked links, promptly use online URL checkers from security software providers to gain insight into why the links are flagged. This initial investigation can guide subsequent actions.
Collaborate with your ESP: If your ESP hosts your click tracking domain, work with them to request re-evaluation from security vendors. They may have established processes for this.
Consider warming up new IPs carefully: If your ESP suggests warming up a new IP for your click tracking domain, question this approach carefully, as it is generally uncommon for click tracking IPs and may indicate a deeper issue or misdiagnosis. Klaviyo's documentation highlights the importance of dedicated click tracking for avoiding issues, not IP warming.
Monitor blocklists: Regularly check email blocklists (blacklists) for your sending domains and any associated click tracking domains. Early detection can prevent widespread blocking.
Marketer view
An email marketer from Email Geeks shared their past experiences with click tracking domains being flagged. They noted that creating their own custom click tracking domains, instead of using ESP-provided ones, proved beneficial. They also advised using online URL checkers from security software companies to get insights into why a link is flagged. In their experience, directly submitting flagged click tracking domains to security providers for re-evaluation or re-categorization was effective and is now part of their checklist for new click domains.
06 Apr 2020 - Email Geeks
Marketer view
A marketer from Campaign Monitor emphasizes the importance of understanding email blocklists. They explain that if emails are being marked as spam, it's essential to understand what an email blacklist is and how to prevent your emails from ending up on one. This knowledge is crucial for ensuring emails reach the inbox.
20 Jul 2019 - Campaign Monitor
What the experts say
Deliverability experts weigh in on the complexities of click tracking link blockages, often pointing to underlying structural issues with how ESPs manage shared domains and the importance of thorough security checks. Their insights provide a deeper technical understanding and help clarify unusual suggestions from ESPs.
Key opinions
Shared path vulnerability: Experts highlight that if an ESP's click tracking domain shares paths across multiple customers (e.g., link.customer1.example/URLSTUFF), a compromise on one customer's part can lead to all customers being blocked. This is a critical security vulnerability.
False positives are rare: While false positives can occur, experts generally agree that if a link is flagged as malicious, there's a strong likelihood of an actual compromise or a serious underlying issue. It warrants a thorough investigation by security professionals.
Google's granular approach: Google's ability to differentiate between specific paths on a shared tracking domain is seen as a more effective approach. For example, linktracking.example/customer1/url and linktracking.example/customer2/url are treated differently, which helps isolate malicious activity to a specific customer's path rather than the entire domain.
Warming up click tracking IPs is unusual: Experts express skepticism about the need to warm up a click tracking IP. This practice is typically associated with sending IPs, not click tracking IPs, and its suggestion should be met with questions.
Key considerations
Verify unique link tracking: Ensure your ESP's click tracking mechanism is sufficiently unique and separated between customers to prevent reputation bleed from a compromised neighbor. This means the paths (the part after the domain) should be customer-specific and not easily transferable or exploitable.
Consult security professionals: If click tracking links are being flagged, involve your internal security team or external security experts to investigate possible compromises on your website or related digital assets.
Distinguish between IP types: Understand the difference between a sending IP and a click tracking IP. Issues with one do not automatically mean issues with the other, and the solutions are often different. Sending IP issues are about email delivery, while click tracking issues are about link safety warnings. Abusix highlights the specific role of ESPs in managing IP addresses and blocklists.
Monitor domain reputation: Regularly review the domain reputation of your tracking links via tools like Google Postmaster Tools for better insight into how these links are perceived by major mailbox providers.
Expert view
A deliverability expert from Email Geeks explained that a previous issue involved an ESP click tracking domain that shared paths across all its customers. When one customer's account was compromised and used for phishing, all customers linked to a malicious site. This led to widespread blocking for all clients using that shared setup.
07 Apr 2020 - Email Geeks
Expert view
An expert from Word to the Wise cautions that issues with link tracking domains are often tied to the underlying domain reputation. If the domain itself has been associated with spam or malicious activity, even legitimate emails using it for tracking can face deliverability issues.
10 Apr 2023 - Word to the Wise
What the documentation says
Official documentation from ESPs, security companies, and industry bodies provides guidelines and best practices for managing click tracking domains and preventing them from being flagged. These resources often clarify the technical requirements and responsibilities for maintaining a healthy sending and tracking reputation.
Key findings
Dedicated click tracking domains are recommended: Documentation from major ESPs, like Klaviyo, explicitly suggests setting up dedicated click tracking domains if shared domains lead to links being blocked. This is a common recommendation to improve deliverability and avoid reputation issues from other users on shared infrastructure.
ESPs play a role in spam blocking: Abusix documentation highlights that ESPs are responsible for managing their IP addresses and domains, and if an IP address is blocklisted, the ESP must resolve the issue unless the sender uses a dedicated server. This underscores the shared responsibility in deliverability.
Tracking methods affect metrics: Email on Acid's help resources explain that different tracking methods can cause disparities in email open and click metrics. While not directly about blocking, this suggests that the underlying tracking mechanism can influence how links are processed and perceived by security systems.
Privacy features impact tracking: Features like Apple's Mail Privacy Protection, as described by Dotdigital, hide IP addresses and prevent senders from linking online activity. While primarily for privacy, such features can indirectly influence how tracking links are perceived by security filters, sometimes leading to more scrutiny.
Key considerations
Implement dedicated domains: For consistent deliverability and to avoid issues with shared IP or domain blocklists, documentation consistently points to using a dedicated click tracking domain. This provides isolation and better control over your sender reputation.
Address IP blocklisting at ESP level: If an IP address associated with your ESP is blocklisted, documentation from security firms indicates that the issue typically needs to be resolved at the ESP's end unless you have a dedicated server. This reinforces the need for clear communication with your ESP.
Monitor deliverability metrics closely: Documentation often emphasizes the importance of closely monitoring email deliverability metrics. Unusual drops in click rates or increases in spam complaints might signal underlying issues with your click tracking links being flagged. This is a good way to uncover hidden factors.
Review security warnings: Understand the nuances of security warnings, such as Gmail's 'This message seems dangerous' alert, which documentation explains can be triggered by various factors beyond simple malware, including unindexed domains or suspicious patterns.
Technical article
Klaviyo Help Center documentation states that if an account uses Klaviyo's shared click tracking domain and sees links being blocked, the user should set up a dedicated click tracking domain. This proactive step helps to ensure that tracking links are not adversely affected by the reputation of the shared domain.
10 Apr 2024 - Klaviyo Help Center
Technical article
The Abusix blog, discussing the role of ESPs in blocking spam, explains that if an IP address is blocklisted, the ESP typically needs to solve the problem on their end. This applies unless the sender is on a dedicated server, emphasizing the ESP's responsibility for shared infrastructure reputation.