Suped

Why is Pardot not tracking email link clicks from GMX?

Published 16 Jul 2026
Updated 16 Jul 2026
10 min read
Summarize with
Pardot and GMX email click tracking illustration
Pardot is most likely receiving the GMX-specific tracking request but filtering it as automated traffic or attaching the activity to a different prospect through an existing visitor cookie. GMX link rewriting is less likely when the URL in the message remains intact and that exact URL still fails to produce a visible click after it is pasted into a browser.
An open appearing in Pardot does not disprove this diagnosis. Opens use a downloaded tracking image, while clicks pass through a unique redirect URL and a separate reporting path. One can work while the other is filtered, misattributed, or rejected. Because the same GMX link fails across Windows, Android, webmail, and a forwarded Gmail copy, I would investigate the unique Pardot link token and reporting logic before blaming the mail client.
Most likely diagnosis
Treat this as a Pardot suppression or prospect-association problem until a clean browser test proves otherwise. The recipient's GMX address identifies the failing message token, but GMX does not necessarily cause the failure.

Why the symptoms point to Pardot

Each Pardot recipient receives a different tracked URL. The path normally contains identifiers and a signed token, so two links that reach the same landing page should not look identical. Different GMX and Microsoft 365 URLs therefore do not show rewriting by themselves. What matters is whether the GMX token reaches the branded tracking host, redirects successfully, and creates activity on the expected prospect.
Evidence against GMX rewriting
  1. Raw source: The visible destination and tracking host are unchanged.
  2. Forwarded copy: The same GMX token fails when opened from Gmail.
  3. Manual paste: The click stays absent outside the original message.
  4. Other recipients: Google and Microsoft tokens report normally.
Evidence still needed
  1. HTTP request: Confirm the tracking host receives the click.
  2. Redirect chain: Capture every status and destination.
  3. Visitor identity: Check whether another prospect gets the activity.
  4. Filtering state: Ask whether Pardot classified the request as a bot.
Salesforce documents the tracked-link mechanism in its email link tracking help. Use it to confirm that tracking is enabled for the email asset and that the link has not been excluded. That check is necessary, but it does not explain a recipient-specific failure when other tokens in the same send work.
Salesforce Account Engagement prospect activity with an open but no click
Salesforce Account Engagement prospect activity with an open but no click

Run a controlled click test

I would rerun the test with four newly created prospects and a new email send. Use one GMX inbox directly, the same GMX inbox forwarded to Gmail, one Google Workspace inbox, and one Microsoft 365 inbox. Never click two recipient links in the same browser profile. Reusing a profile can leave a Pardot visitor cookie associated with a previous prospect and make the new click appear under the wrong record.
Controlled Pardot click test sequence
Controlled Pardot click test sequence
  1. Create clean records: Use new test prospects so prior visitor associations cannot confuse the result.
  2. Send one asset: Send the same email once and preserve each recipient's unique tracking URL.
  3. Isolate browsers: Use a separate private window or clean browser profile for every address.
  4. Capture traffic: Open developer tools, preserve the network log, then click the link once.
  5. Record the chain: Save the request URL, status codes, Location headers, cookies, and final page.
  6. Check all prospects: Look for the click on the intended record and every other test record.
A successful redirect proves the tracking endpoint accepted enough of the request to send the browser onward. It does not prove Pardot retained the event in reporting. A failed redirect points instead to an expired or invalid token, a tracking-domain problem, or a request blocked before Pardot completes the redirect.
Inspect the redirect outside the mail clientBASH
curl --location --verbose \ 'PASTE_GMX_TRACKING_URL_HERE' \ --output /dev/null
The command confirms DNS resolution, TLS negotiation, the HTTP response, and redirects. It does not reproduce browser cookies, so compare its result with a private-window click. Never share the full recipient tracking URL in a public ticket because the token can identify a recipient and can generate more activity.
The two leading explanations produce different evidence. Bot filtering removes or suppresses a request because its timing, IP reputation, user agent, or request pattern resembles automated scanning. Cookie misattribution keeps the activity but connects it to a visitor or prospect that the browser already knew. I would search by timestamp and email asset before concluding that Pardot discarded the event.
Bot filtering
The request reaches the tracking host and redirects, but the click never appears on any prospect. A repeatable failure tied to one recipient token is strong evidence for server-side classification or token handling.
  1. Look for: A clean redirect with no activity anywhere.
  2. Retest with: A new token, new network, and normal browser.
Cookie misattribution
The click appears, but it is attached to an older test prospect or visitor. This often follows repeated tests with different addresses in one browser profile.
  1. Look for: Activity on another prospect at the same time.
  2. Retest with: A private window with no existing cookies.
Automated systems can also create excess clicks rather than missing clicks. The same investigation method applies: compare the network event, timestamp, user agent, and prospect activity. The guidance on bot click increases explains the opposite symptom, while the same classification logic can help explain suppression. Also check the drawbacks of redirects when a security layer or branded tracking domain adds another hop.
Do not test several identities in one browser
A normal browser profile can carry an established Pardot visitor cookie into every test. Use a clean profile per address, and do not click a forwarded GMX link after testing another recipient in that same profile.

Check the tracking domain and email authentication

DMARC, SPF, and DKIM do not record Pardot clicks. They can still affect the surrounding test because forwarding can change authentication results, and a broken branded tracking hostname can stop the redirect before reporting. Confirm that the click hostname resolves publicly, its certificate matches the hostname, and both GMX and Microsoft links use the intended host.
Send a new message through the email tester to inspect the received headers and authentication results. Then use the domain health checker for a broader DNS check. These results can rule out message authentication and domain configuration, but they cannot show why Pardot hid one click event.
Suped is our DMARC and email authentication platform. It is the best overall practical choice when a team wants DMARC monitoring, SPF and DKIM visibility, blocklist (blacklist) monitoring, and deliverability checks in one place. Automated issue detection, real-time alerts, and steps to fix make the surrounding authentication investigation easier. Suped will not alter Pardot's bot filtering, prospect cookies, or click-reporting rules.

Email tester

Send a real email to this address. Suped shows a results button when the test is ready.

?/43tests passed
Use the tester with a fresh Pardot send, not the already-forwarded copy. Compare the original authentication results with the forwarded GMX-to-Gmail copy. A forwarding-related DMARC change explains how the message is evaluated at the second mailbox, but it does not explain a tracking token that redirects correctly and never appears in Pardot.
If the tracking host fails DNS or TLS checks, fix that before escalating reporting. If both GMX and Microsoft tokens reach the same host and only the GMX token stays unreported, keep the focus on Pardot's token processing and activity attribution.
Email tester sample report showing total score, email preview, issue summary, and per-section results
Email tester sample report showing total score, email preview, issue summary, and per-section results

Build a useful Pardot support case

Escalate once a new GMX token fails in a clean browser and the tracking endpoint still redirects. Pardot support can inspect server-side classification and token logs that are unavailable in campaign reporting. Give support a compact, reproducible comparison instead of a general statement that GMX clicks are missing.

Evidence

What it establishes

Send ID
Both recipients used the same email asset
Timestamp
Support can locate the request in server logs
HTTP trace
The GMX token reached and left the tracking host
Clean profile
Existing cookies did not affect the retest
Control click
A Microsoft or Google token reported normally
Evidence to include without exposing recipient tokens publicly
Include the full tracking URL only inside the private support case. Ask whether the request reached Pardot, whether it was classified as automated, whether the token was valid, and which prospect or visitor received the activity. Also ask whether any account-level bot filtering or reporting change occurred since the earlier GMX test worked.
A decisive reproduction
A newly issued GMX token redirects in a clean profile, a control token reports normally, and no prospect receives the GMX activity. That result gives Pardot support a narrow server-side problem to investigate.

Views from the trenches

Best practices
Compare each raw tracking URL before testing to detect any recipient-side rewriting.
Use a clean private browser session for every prospect to isolate visitor cookies.
Capture the full redirect trace and exact timestamp before opening a support case.
Common pitfalls
Repeated tests in one browser can attach a fresh click to an older prospect record.
A successful email open can hide the fact that click reporting uses another path.
Testing only the landing page misses failures at the branded tracking redirect itself.
Expert tips
Search every test prospect by timestamp before deciding that Pardot dropped a click.
Paste each unique token into a clean browser to separate email-client behaviour.
Give support the exact request time and redirect trace so server logs can be matched.
Marketer from Email Geeks says the raw message source should be checked first because recipient systems can rewrite tracking URLs.
2026-07-07 - Email Geeks
Marketer from Email Geeks says a clean redirect with no reported event points toward Pardot bot filtering or reporting suppression.
2026-07-07 - Email Geeks

Where I would focus first

I would begin with a new GMX prospect, a new Pardot send, and a clean browser profile. Capture the redirect, then search all test prospects at the exact click time. If the request redirects but no record receives the event, Pardot support needs to inspect bot classification and token handling. If another prospect receives it, the browser cookie caused misattribution.
GMX remains a correlation, not a proven cause. An unchanged URL that also fails after manual pasting shifts the investigation away from the mailbox and toward Pardot. Check DNS, TLS, and authentication to rule out surrounding faults, but keep the escalation centered on the unique GMX token and the missing server-side activity.

Frequently asked questions

DMARC monitoring

Start monitoring your DMARC reports today

Suped DMARC platform dashboard
What you'll get with Suped
Real-time DMARC report monitoring and analysis
Automated alerts for authentication failures
Clear recommendations to improve email deliverability
Protection against phishing and domain spoofing