All Collections
FAQ
Suspiciously looking clicks in my report
Suspiciously looking clicks in my report
Rikke Søndergaard avatar
Written by Rikke Søndergaard
Updated over a week ago

It's probably link scanners

Do you encounter suspiciously looking clicks in your email report, or did your website crash after an email sending?

If you see a rapid influx of requests to your server a few seconds after sending an email from APSIS One that overloads your site - that's most likely link scanners.


In this article


What are Link Scanners?

Link scanners have been around for a few years now. They are generally speaking a form of anti-malware software which follows links in mails, to make sure there is no malicious payload on the other end of the link.

It has become more and more common in the past 4-5 years. Not only do major email providers such as Microsoft 365 ATP, Barracuda and Proofpoint, but it can also be done by individual antivirus programs.


How do they work?

When a link scanner of some sort scans or "clicks'' the links in a mail, it a) records an "open" due to the tracking pixel, and b) can cause false positives for CTOR. This is a common problem in email marketing, but it's important to remember that it's not just a problem with the APSIS platforms - all ESPs worldwide have this issue - and it does not affect all subscribers, but a small minority.

By default APSIS email tool is filtering out clicks from known link scanners such as ATP.

Performance implications for your website

On rare occasions the amount of requests sent to your server by link scanners can overload it. If your website runs into performance issues or even crashes as a result of sending emails from APSIS One, that is the most probable reason.


What can be done?

If you see a rapid influx of requests to your server few seconds after sending an email from APSIS One that overloads your site - that's most likely link scanners. You can consider following actions:

  1. Check your webserver logs to determine the root cause.

  2. Serve static plain HTML pages resources you link in your newsletter – this will create much smaller load on your webserver compared to dynamically generated content.

  3. Send our your emails in smaller batches (use different segments or split testing feature)

  4. Identify and block requests from link scanners (not recommended).

  5. Add throttling mechanism or CDN (content delivery network) to your server (such as Cloudflare, AWS CloudFront, Azure CDN, Google Cloud CDN, etc).

  6. Increase performance of the webserver, or consider changing hosting provider.

If needed, reach out to your hosting provider or IT department – APSIS team do not have access to your servers and cannot troubleshoot this for you.


Why blocking link scanners is not a good approach

Blocking traffic from a link scanners may sound like a good idea but it can lead to many issues, such as:

  • You may block valid traffic trying to reach your domain – if your customers are trying to reach your domain from a VPN and their clicks will come from the same environment they can be recognized as a link scanner and blocked by mistake.

  • Link scanners will not be able to verify your domain and content – in result they won't be able to mark it as safe. That can create some unwanted scenarios such as:

    • Increase spam-score and increase the possibility of sendings get marked as spam.

    • Add warning messages on top of the email warning about unsafe links/content

    • Block the email entirely

For the reasons mentioned above APSIS does not recommend blocking links scanners as a valid strategy.

Did this answer your question?