Why are click tracking links from my ESP being blocked as dangerous?

10 Marketer opinions 3 Expert opinions 5 Technical articles 3 Resources

Summary

Click tracking links from ESPs are blocked due to a combination of reputation, security, and technical factors. Poor URL, domain, sender, and IP reputation due to spam activity, phishing attempts, or blocklist listings trigger security software. Shared hosting risks, compromised accounts, short domain history, suspicious redirects, missing SSL certificates, uncommon TLDs, brand misalignment, and inaccurate URL categorization contribute to the problem. Experts recommend monitoring reputations, using dedicated resources, maintaining security, ensuring proper SSL setup, and aligning brand identity to avoid blocks.

Key findings

Reputation is Key: Poor URL, domain, sender, and IP reputation due to spam, phishing, or blocklists are major factors.
Shared Hosting Risks: Shared hosting can expose your links to risks from other users' malicious activities.
Security Vulnerabilities: Compromised accounts and a lack of proper security measures can lead to blocks.
Technical Issues: Missing SSL certificates, suspicious redirects, and uncommon TLDs raise red flags.
Brand Alignment: Mismatched branding and domain registration inconsistencies contribute to suspicion.

Key considerations

Monitor Reputation: Actively monitor URL, domain, sender, and IP reputation using available tools.
Dedicated Resources: Use dedicated IPs and domains for click tracking to avoid shared hosting risks.
Implement Security: Maintain robust security measures, including SSL certificates and regular malware scans.
Follow Best Practices: Avoid suspicious redirects, URL shorteners, and uncommon TLDs.
Align Branding: Ensure consistent branding across sending domains, click tracking links, and website content.
Request Re-evaluation: If flagged, submit your domain for re-evaluation to security providers and blocklist operators.

What email marketers say
10Marketer opinions

Click tracking links from ESPs can be blocked as dangerous for several reasons, primarily related to reputation. The reputation of the URL itself, the domain it resides on, and the IP address of the server hosting the domain all play a role. Negative factors include association with spam, use of shared hosting where other users engage in malicious activities, a short domain history, use of cloaked redirects or URL shorteners, absence of HTTPS and a valid SSL certificate, uncommon TLDs, misalignment with brand identity, and a poor overall sender reputation. Security software flags these links based on these factors to protect users from potential threats.

Key opinions

URL Reputation: The reputation of the click tracking URL is critical. A new URL or one associated with spam is likely to be blocked.
Shared Hosting Risks: If the ESP uses shared hosting for click tracking, the actions of other users on the same server can negatively impact your links.
Domain Age Matters: The age and history of the click tracking domain are important. Newer domains or those with a history of spam are more likely to be flagged.
Suspicious Redirects: Using cloaked redirects or URL shorteners can make links appear suspicious and lead to blocking.
SSL Security: Lack of HTTPS and a valid SSL certificate can trigger warnings and blocks.
Brand Alignment: Click tracking domains should align with your brand and sending domain to avoid appearing suspicious.

Key considerations

Monitor Reputation: Actively monitor the reputation of your click tracking domain, URL, and sending IP address.
Use Dedicated Resources: Consider using dedicated hosting for click tracking to avoid the risks associated with shared hosting environments.
Establish Domain History: Warm up new click tracking domains gradually to build a positive reputation.
Avoid URL Shorteners: Use direct links or reputable click tracking services instead of URL shorteners or cloaked redirects.
Implement HTTPS: Ensure that your click tracking domain uses HTTPS and has a valid SSL certificate.
Maintain Brand Consistency: Ensure that your click tracking domain aligns with your brand and sending domain to build trust.

Marketer view

Email marketer from EmailAnalysis.com warns that click tracking domains that don't align with your brand or sending domain can appear suspicious and lead to blocks.

November 2024 - EmailAnalysis.com

Marketer view

Email marketer from StackExchange explains that URL reputation is a crucial factor. If the click tracking domain is new or has been associated with spam, security software might block it.

April 2021 - StackExchange

Marketer view

Email marketer from Email Marketing Forum points out that the age and history of the click tracking domain matter. A domain with a short history or a history of spam is more likely to be flagged.

January 2023 - Email Marketing Forum

Marketer view

Email marketer from Email Marketing Tips Blog warns that using cloaked redirects or URL shorteners for click tracking can be seen as suspicious and lead to blocks, as these techniques are often used in phishing attacks.

May 2022 - Email Marketing Tips Blog

Marketer view

Email marketer from Email Deliverability Forum suggests ensuring that the click tracking domain uses HTTPS and has a valid SSL certificate. Lack of SSL can trigger warnings and blocks.

October 2023 - Email Deliverability Forum

Marketer view

Email marketer from Reddit mentions that if the IP address of the server hosting the click tracking domain has a poor reputation (due to spam sent from other domains on the same server), security software might block the links.

December 2023 - Reddit

Marketer view

Email marketer from ReputationDefender Blog suggests monitoring your brand's online reputation. If your brand is associated with spam or scams, click tracking links using your brand's domain might be affected.

December 2024 - ReputationDefender Blog

Marketer view

Marketer from Email Geeks shares their team experienced similar issues with click tracking domains and suggests using online URL checkers for insights. They recommend submitting domains to security providers for re-evaluation and recategorization and includes a list of links.

October 2021 - Email Geeks

Marketer view

Email marketer from EmailGeeks Blog mentions that using uncommon or newly registered top-level domains (TLDs) for click tracking can raise suspicion and increase the likelihood of being blocked.

May 2024 - EmailGeeks Blog

Marketer view

Email marketer from Reddit suggests that if the ESP uses shared hosting for click tracking, a single user's malicious activity can negatively impact the reputation of the shared domain, leading to blocks for everyone.

November 2023 - Reddit

What the experts say
3Expert opinions

Click tracking links from ESPs are blocked as dangerous due to multiple factors related to security and reputation. A compromised customer on a shared ESP click tracking domain can lead to all customers being blocked. Poor sender reputation stemming from spam complaints or blocklist listings heavily impacts link deliverability. Using short link domains with a bad reputation also negatively affects campaigns.

Key opinions

Compromised Domains: A compromised customer on a shared ESP click tracking domain can result in all customers being blocked.
Sender Reputation: Poor sender reputation from spam complaints or blocklist listings negatively affects link deliverability.
Short Link Reputation: Using short link domains with bad reputations can harm email campaigns.

Key considerations

Security Audits: Regularly audit your website security to prevent compromises that could affect your click tracking links.
Reputation Monitoring: Continuously monitor your sender reputation and promptly address any issues.
Avoid Short Links: Avoid using short link domains with poor reputations. Consider using reputable services or direct links.

Expert view

Expert from Word to the Wise highlights that using short link domains with poor reputations will negatively affect the deliverability of your email campaigns. This includes click tracking links utilizing those short link domains. She suggests avoiding URL shorteners altogether or using a reputable service.

December 2021 - Word to the Wise

Expert view

Expert from Spam Resource emphasizes that a poor sender reputation, often stemming from spam complaints or being listed on blocklists, significantly impacts whether click tracking links are flagged as dangerous. He also advises that monitoring your sending reputation is crucial.

July 2023 - Spam Resource

Expert view

Expert from Email Geeks explains an issue where a compromised customer on an ESP click tracking domain led to all customers being blocked due to linking to a phishing site, and warns users to check if your security team has checked to ensure your website is not compromised.

November 2024 - Email Geeks

What the documentation says
5Technical articles

Click tracking links from ESPs are blocked as dangerous because security providers like Norton, Google Safe Browsing, Spamhaus, Palo Alto Networks, and BrightCloud flag them based on various criteria. These include malware detection, phishing attempts, suspicious behavior, spam activity, and incorrect or malicious categorization. If a click tracking domain triggers these flags or is listed on a blocklist, it is likely to be blocked by security software and browsers.

Key findings

Malware and Phishing Detection: Norton and Google Safe Browsing flag websites hosting malware or engaging in phishing activities, leading to blocks.
Spam Activity: Spamhaus maintains blocklists of domains and IPs associated with spam, causing affected click tracking links to be blocked.
URL Categorization: Palo Alto Networks' URL filtering service categorizes URLs, and incorrect or malicious categorization can lead to blocking.
URL/IP Reputation: BrightCloud provides URL and IP reputation services; a poor reputation can cause security vendors to block click tracking links.

Key considerations

Regular Security Checks: Regularly scan your website and click tracking domain for malware and phishing attempts to prevent being flagged.
Monitor Blocklists: Check if your click tracking domain is listed on Spamhaus or other blocklists and take steps to be removed if necessary.
Correct Categorization: Ensure that your click tracking domain is correctly categorized by URL filtering services like Palo Alto Networks.
Maintain a Good Reputation: Take proactive steps to maintain a positive URL and IP reputation, as assessed by services like BrightCloud.

Technical article

Documentation from Spamhaus explains that they maintain blocklists of domains and IPs associated with spam activity. If a click tracking domain is listed on a Spamhaus blocklist, it's likely to be blocked by security software.

September 2024 - Spamhaus

Technical article

Documentation from Palo Alto Networks explains that their URL filtering service categorizes URLs based on content and reputation. Incorrect or malicious categorization of a click tracking domain can lead to blocking.

October 2021 - Palo Alto Networks

Technical article

Documentation from BrightCloud explains that they provide URL and IP reputation services. These services are used by security vendors to classify URLs. A poor BrightCloud reputation could cause blocking.

March 2023 - BrightCloud

Technical article

Documentation from NortonLifeLock explains that Norton flags websites based on various criteria, including malware detection, phishing attempts, and suspicious behavior. Click tracking links may be blocked if they trigger these flags.

December 2021 - NortonLifeLock

Technical article

Documentation from Google explains that Google Safe Browsing flags websites as unsafe if they host malware or engage in phishing. If a click tracking domain is flagged by Google, it will be blocked in various browsers and applications.

October 2024 - Google

eSports Logo Voting Scam : r/SteamScams

Posted by u/WolfieBane - 205 votes and 312 comments

Solved: HubSpot Community - Are Bots Affecting Your Email ...

Hi, HubSpot Community. I’m Jake from the HubSpot Product team. In the last year, the marketing industry as a whole has seen a spike in bot clicks in emails, so I wanted to take a moment to discuss what bot activity looks like, who’s most likely to be affected, and what you can do to address it. Wh...

community.hubspot.com

Frequently asked questions about deliverability | Klaviyo Help Center

Search our knowledge base to find answers to the most commonly asked questions. Browse our articles, community forum, live and recorded trainings, and more, to learn all about how to use Klaviyo and to discover our best practices.

Klaviyo Help Center

Are Bitly links bad for email deliverability?

Are HTTP links penalized by spam filters in email marketing?

Are link shorteners bad for email marketing?

Are URL shorteners like bit.ly bad for email deliverability?

How do HTTP tracking links affect email deliverability and user experience?

How do URL shorteners and domain reputation impact email deliverability?