Why are we seeing automatic opens and clicks on Office 365 hosted recipient domains?

Marketer from Email Geeks confirms that Microsoft Defender is clicking on all links, including unsubscribe links, causing issues.

Email marketer from Snov.io explains that Microsoft Defender scans all emails, including opening them and clicking on the links to check for malicious content. This results in inaccurate open and click rates. Marketers should understand the impact of Defender on their analytics.

Email marketer from EmailGeek Forum advises to analyze the IP addresses associated with the clicks to determine if they are coming from Microsoft's Safe Links servers. Compare the IP addresses to Microsoft's published ranges to confirm. This helps differentiate between legitimate user clicks and automatic scans.

Email marketer from Litmus highlights that Office 365 Defender can impact email engagement analytics by pre-fetching images and following links. This can inflate open and click rates, making it difficult to get an accurate picture of subscriber behavior. Marketers should be aware of this when analyzing campaign performance.

Email marketer from Reddit suggests that Microsoft Safe Links sometimes clicks unsubscribe links. This can cause contacts to be unintentionally unsubscribed from mailing lists, impacting email marketing efforts. It is important to monitor your unsubscribe rates and consider excluding your domain from the safe links scanner.

Email marketer from StackOverflow details that the ATP Safe Links feature can generate false positives for email tracking. The URL rewriting and scanning process can trigger events such as clicks, which will affect metrics. This is a common issue for organizations using Office 365 and similar security products.

Email marketer from Mailjet support explains that Microsoft's URL Threat protection aka 'Safe Links' can cause premature/unrealistic open rates. As a sender, there is no way to prevent Microsoft from scanning emails with their security protocols. The only way to avoid this is to advise the recipient to disable this feature - which is unhelpful.

Email marketer from Proofpoint explains that Microsoft is not the only service that impacts open rates. They detail that Proofpoint also performs scanning, pre-fetching and link clicks for security reasons. They also advise checking with your email provider for more information about ways to manage this problem.

Marketer from Email Geeks shares a link to Microsoft's documentation about Safe Links, suggesting it's the cause of the issue.

Marketer from Email Geeks clarifies that you can exclude domains from Safe Links, but not specific phrases.

Expert from Word to the Wise explains that Microsoft's Safe Links can affect deliverability metrics by pre-scanning URLs in emails. This can result in inflated click rates as Safe Links clicks links before a human recipient does, skewing campaign results.

Expert from Spam Resource explains that Microsoft uses 'Safe Links' as a security feature which unfortunately increases open rates as it pre-fetches emails, inflating engagement analytics.

Documentation from Microsoft Learn details that Safe Links rewrites URLs in inbound email messages. When a user clicks a URL in a message, they are first routed through Microsoft's Safe Links service. The destination URL is checked in real time against a list of malicious URLs. This process will trigger a click on the link, even if a user does not visit the end destination.

Documentation from Barracuda explains that they offer comprehensive protection against email-borne threats. It details that they use advanced threat detection techniques to identify and block malicious emails. They also perform scanning and link clicking for security reasons.

Documentation from Cisco explains that they offer email security in the cloud and on premises. Their email security blocks spam, malware, and phishing with layered defenses. Cisco is another provider who also performs scanning and link clicking for security reasons.

Documentation from Microsoft Learn explains that Safe Links is a feature in Microsoft Defender for Office 365 that proactively protects users from malicious URLs in email messages and Office documents. It scans URLs to determine if they lead to phishing sites, malware downloads, or other malicious websites. This scanning can result in automatic clicks and opens.

Documentation from Microsoft Learn explains how administrators can configure Safe Links policies to exclude specific URLs from scanning. This is useful for trusted internal URLs or URLs that are known to cause issues with Safe Links. Excluding URLs will prevent the Safe Links service from clicking on the URL.