Can link security checkers cause false no-js reports in email analytics?
Summary
What email marketers say10Marketer opinions
Email marketer from EmailOnAcid explains that security software may pre-scan links in emails, resulting in inflated click rates and potential misrepresentation of user behavior due to no-JS environments.
Email marketer from EmailToolTester explains that false or inaccurate tracking can be caused by corporate firewalls or security tools that examine links in a sandbox environment, potentially without JavaScript support.
Email marketer from Litmus responds that some email clients and security tools scan links before the recipient clicks, which can result in clicks from environments without JavaScript enabled, skewing analytics.
Email marketer from SuperOffice Blog highlights that security scans, especially within corporate networks, can interact with links in emails leading to skewed click data as they may not execute Javascript.
Marketer from Email Geeks shares they see untracked clickers, especially from schools and businesses. Mentions Sailthru shows clicks with 0 pageviews and that hidden links can accidentally happen with Sailthru’s Email Composer.
Email marketer from Sendinblue says that while email tracking is useful, link clicks might be automatically visited by security protocols, leading to an artificial inflation of click numbers and possibly erroneous tracking of devices with no Javascript.
Email marketer from EmailGeekForum explains that bot clicks can mimic users without JavaScript enabled, triggering false reports in analytics due to security measures.
Email marketer from Reddit shares that some security tools or corporate firewalls might execute links in a no-JS environment for security checks, leading to false positives in analytics.
Email marketer from StackOverflow answers that some link scanners operate without fully rendering JavaScript, leading to potential discrepancies in analytics reports for click sources.
Marketer from Email Geeks explains if a link checker may register in your analytics as a browser not supporting JavaScript, then yes, that is a possibility.
What the experts say3Expert opinions
Expert from Word to the Wise explains that link scanning behavior can cause false positives due to pre-fetching by security tools without Javascript support which may trigger inaccurate analytics data.
Expert from Spam Resource explains that some security software will rewrite URLs in emails to proxy them through their own servers to protect users. These proxy servers typically do not execute JavaScript, and will therefore show up as no-js users clicking links.
Expert from Email Geeks shares you can add hidden links to the header/footer that no user could see and when those get clicks, they can help you discard other clicks at that same time from that same “user”.
What the documentation says5Technical articles
Documentation from OWASP explains that bot detection often involves identifying clients that do not execute JavaScript, which can influence how link security checkers are perceived in email analytics.
Documentation from Google Analytics support explains that if JavaScript is disabled, Google Analytics cannot collect data, which may cause some hits to be incorrectly attributed when link checkers are involved.
Documentation from MDN Web Docs shares that User-Agent sniffing can identify environments that do not fully support JavaScript, providing insights into potential discrepancies caused by link security checkers in email analytics.
Documentation from Microsoft shares that Safe Links in Microsoft Defender may pre-scan URLs which can trigger a visit to a URL without proper javascript support.
Documentation from IETF explains that email transport agents (MTAs) and security gateways might access links in emails for security purposes, which can influence the accuracy of click-tracking and potentially cause discrepancies due to environments without JavaScript enabled.