Why am I seeing spam filter clicks with Hotmail and Outlook.com?

Summary

The phenomenon of spam filter clicks with Hotmail and Outlook.com is primarily attributed to Microsoft's security measures and ongoing testing. Features like Safe Links, Advanced Threat Protection, and aggressive bot detection lead to automated scanning, pre-fetching, and rewriting of URLs in emails. This results in non-human interactions and early clicks recorded by tracking systems, artificially inflating click rates. Experts suggest these activities are due to Microsoft verifying links for safety, checking for phishing and malware, and potentially testing new systems. As a result, email marketers need to account for these automated clicks and consider their impact on reputation and analytics.

Key findings

  • Microsoft Testing: Microsoft appears to be testing new systems and going through ESPs/senders to follow links, potentially affecting click rates.
  • Non-Human Interaction: Many see non-human interaction from Microsoft recipients, targeting network space and contributing to false clicks.
  • Aggressive Bot Detection: Outlook is known for aggressive bot detection, leading to false clicks as Microsoft systems check email links.
  • Safe Links Scanning: Microsoft's Safe Links feature scans emails for malicious content, pre-scanning and rewriting URLs which results in early or 'fake' clicks.
  • Proactive URL Verification: Microsoft employs systems to proactively verify links for security, often misidentified as user clicks.
  • Click Protection Systems: Microsoft implements click protection, checking links before users click, resulting in premature click registration.
  • Inflated Click Rates: Automated scanning and verification processes lead to artificially inflated click rates.
  • ATP/Defender Safe Links: Advanced Threat Protection, Defender Safe Links scans every link, artificially inflating click rates so filtering these scans out of reporting is key.

Key considerations

  • Account for Security Scans: Recognize that security scans by Microsoft can trigger false clicks, affecting email tracking data and overall analytics.
  • Factor in Reputation Impact: Consider that Microsoft's active link checking can impact your sending reputation.
  • Filter Bot Clicks: Implement methods to filter out bot clicks from Microsoft to obtain a more accurate picture of user engagement.
  • Monitor Deliverability: Regularly monitor deliverability and engagement metrics to understand the impact of these security features.
  • Stay Updated on Testing: Stay informed about potential ongoing testing by Microsoft that could affect email performance.
  • Understand Microsoft Features: Familiarize yourself with Microsoft's Safe Links, Advanced Threat Protection, and other security features to better understand their behavior.

What email marketers say
10Marketer opinions

The spam filter clicks observed with Hotmail and Outlook.com are primarily due to Microsoft's security features, such as Safe Links and aggressive bot detection. These systems scan emails for malicious content, pre-fetch links for security, and provide click protection by checking links before user interaction. This results in artificial clicks that are registered by tracking systems, inflating click rates. Email marketers need to be aware of this behavior and account for it in their analytics.

Key opinions

  • Aggressive Bot Detection: Outlook employs aggressive bot detection mechanisms that can generate false clicks.
  • Safe Links Feature: Microsoft's Safe Links feature scans emails for malicious content and rewrites URLs, leading to premature clicks.
  • Link Verification: Microsoft uses systems to verify links in emails, which can be misidentified as user clicks.
  • Pre-fetching Links: Outlook pre-fetches links for security, causing early clicks before recipient interaction.
  • Click Protection Systems: Microsoft implements systems to provide click protection, checking links before users click.
  • Inflated Click Rates: Automated scanning by Microsoft's systems results in artificially inflated click rates.
  • Defender Safe Links: Microsoft Defender Safe Links scans every link, so filtering these scans out of reporting is key.

Key considerations

  • Account for Security Scans: Be aware that security scans by email providers like Microsoft can trigger false clicks, affecting email tracking data.
  • Filter Out Bot Clicks: Consider implementing methods to filter out bot clicks from Microsoft to get a more accurate representation of user engagement.
  • Monitor Deliverability: Monitor deliverability and engagement metrics carefully to understand the impact of these security features on your email campaigns.
  • Understand Safe Links: Familiarize yourself with how Microsoft's Safe Links feature works and its impact on click tracking.
Marketer view

Email marketer from Validity explains that Microsoft Defender Safe Links scans every link for safety issues, artificially inflating click rates. These initial clicks are due to Microsoft's automated systems validating the URLs, so filtering these out is key.

December 2021 - Validity
Marketer view

Email marketer from SendGrid discusses that Microsoft's Safe Link feature rewrites and checks links in emails before delivery, which can cause artificial clicks. This is because Microsoft is verifying links for potential threats.

October 2023 - SendGrid

What the experts say
4Expert opinions

The occurrence of spam filter clicks with Hotmail and Outlook.com is largely attributed to Microsoft's active link checking, the Safe Links feature, and potentially ongoing testing. Microsoft aggressively scans links for malicious activity, pre-scans links for safety, and follows links, which can trigger false clicks registered in tracking systems. This non-human interaction and reputation system response are affecting various ESPs and senders.

Key opinions

  • Microsoft Testing: Microsoft appears to be conducting tests involving link following across different ESPs and senders.
  • Non-Human Interaction: Many users are experiencing non-human interaction from Microsoft recipients, possibly targeting chunks of network space randomly.
  • Active Link Checking: Microsoft actively checks links in emails, impacting their reputation systems and causing false clicks.
  • Safe Links Pre-Scanning: Microsoft's Safe Links feature pre-scans links, rewriting URLs and analyzing them for malicious content before users click, leading to artificial clicks.

Key considerations

  • Monitor for Testing Effects: Be aware that Microsoft may be conducting ongoing testing that affects click rates and email deliverability.
  • Account for Non-Human Clicks: Recognize that a portion of clicks from Microsoft recipients may be non-human and due to automated processes.
  • Factor in Reputation Impact: Understand that Microsoft's link checking can impact your sending reputation.
  • Understand Safe Links Behavior: Consider how Microsoft's Safe Links feature contributes to pre-scanning and its impact on tracking systems.
Expert view

Expert from Email Geeks shares that lots of people are seeing non-human interaction from Microsoft recipients. They seem to be targeting chunks of network space, apparently randomly and assumes they are testing something.

August 2024 - Email Geeks
Expert view

Expert from Word to the Wise shares that Microsoft actively checks links in emails, and they have seen their reputation systems respond to this activity. Microsoft is aggressively scanning links for malicious activity before the user even has a chance to click. This link checking can trigger false clicks that are registered in your system.

August 2022 - Word to the Wise

What the documentation says
3Technical articles

Spam filter clicks observed with Hotmail and Outlook.com are primarily a result of security features such as Microsoft's Safe Links and Proofpoint's URL Defense. These features scan and rewrite URLs in inbound emails to protect users from malicious content. The proactive verification of URLs by these systems leads to early clicks recorded by tracking software, which are not user-initiated.

Key findings

  • Safe Links Scanning: Microsoft's Safe Links in Exchange Online scans and rewrites URLs to protect users from malicious links.
  • ATP URL Checking: Advanced Threat Protection in Microsoft 365, including Safe Links, automatically checks URLs in emails.
  • Early Clicks: The URL checking process leads to early clicks recorded by tracking software.
  • URL Defense Rewriting: Proofpoint's URL Defense rewrites and scans URLs to protect against phishing and malware.
  • Non-User Initiated Clicks: These scans can result in initial clicks that are not initiated by the user.

Key considerations

  • Understand Security Features: Recognize that Microsoft Safe Links and other security features contribute to early clicks.
  • Account for Automated Clicks: Acknowledge that automated URL verification processes can affect click-through rates.
  • Filter Out Scan Traffic: If possible, implement methods to filter out automated scan traffic from your tracking data.
  • Monitor Impact: Regularly monitor the impact of these security features on your email campaign metrics.
Technical article

Documentation from Microsoft explains that Advanced Threat Protection features in Microsoft 365, including Safe Links, may automatically check URLs in emails. This process leads to early clicks recorded by tracking software, as Microsoft's system is actively verifying the link.

October 2021 - Microsoft.com
Technical article

Documentation from Proofpoint shares that URL Defense, a security feature, rewrites URLs and scans them when clicked to protect against phishing and malware. It explains that this could result in initial clicks that are not user-initiated.

November 2023 - Proofpoint