A number of people have asked me recently if I know anything about appliances clicking all the links in emails. Some of those people have asked specifically about Barracuda, some have just asked if I knew of any filters that clicked links.
The answer is, yes, there are cases where spam filters have followed all the links in an email. One of the filters that I know has done this in the past is Barracuda. Based on discussions with the different people who are reporting this behavior, it does seem that this is happening more often. One person did mention that they were primarily seeing this with mail where the click domains were different from the From: domains.
I’m still working on getting more information from folks, and will update if I hear anything more. I’m also working on some advice for folks who get caught in this.
If you have experience with Barracuda (or other spam filters) clicking all the links in an email, drop me an email (contact)
Barracuda clicking all links in emails
B
RSS - Posts
The most problematic point of this would be unintended unsubscription: One-click-unsubscribe processes are pretty popular.
We had noticed this phenomen two years ago and published some stats and advise in German –> http://www.email-marketing-forum.de/Fachartikel/details/Achtung-Autoklicks-koennen-Ihr-E-Mail-Marketing-gefaehrden/27540
In essence:
– double opt-in questionable
– confirmed opt-in dangerous
– 1 click unsubsribe dangerous
– click stats wrong
– 1 click surveys worthless
This also impacts how senders can measure recipient engagement and activity, if they are utilizing and tracking the link clicking behavior of their recipients.
I wonder if Barracuda utilizes recycled traps? If so, then that would effectively nullify the effectiveness or purpose of their traps.
We have also seen an increase in ‘fake clicks’ from Barracuda IP’s recently. Of the 6 or so different URLs in our email, only 1 appears to be tested and this is never the Un-Subscribe or About Us URL’s. So while it does skew our engagement stats at least we are not loosing readers.
This is not new. Barracuda is based on spamassassin which has a webredirect plugin
http://wiki.apache.org/spamassassin/WebRedirectPlugin
We used this plugin our own antispam servers too for some time. ( to get rid of the single line spams )
For an ESP one may try to screen the useragent when acting on a click, but that would not be a permanent fix. Barracuda cannot use a unique useragent else spammers too will use the same trick.
The Barracuda appliances may very well be doing this, as it seems to be a growing trend in anti-spam vendors to both combat malware URLs in email and enforce inbound policy.
[…] issue came up in the email industry earlier this summer, and we have seen a handful of clicks-by-firewall in our own stats. But it’s certainly not the […]