Barracuda filters clicking all links

Earlier this month I mentioned that a number of people were seeing issues with multiple links in emails being clicked by Barracuda filters. I invited readers to contact me and provide me with any information or evidence they had. Not only did a number of senders contact me, but one of the support reps at Barracuda also contacted me.
At issue is a part of the Barracuda email filter call the intent filter. There are 3 different modules to this filter.

  • Intent analysis – Markers of intent, such as URLs, are extracted and compared against a database maintained by Barracuda Central.
  • Real-Time Intent Analysis – For new domain names that may come into use, Real-Time Intent Analysis involves performing DNS lookups against known URL blocklists.
  • Multilevel intent analysis – Use of free websites to redirect to known spammer websites is a growing practice used by spammers to hide or obfuscate their identity from mail scanning techniques such as Intent Analysis. Multilevel Intent Analysis involves inspecting the results of Web queries to URLs of well-known free websites for redirections to known spammer sites.

According to Barracuda support it is the multilevel intent analsysis module responsible for clicks on links. From the behavior descriptions I’ve seen from different people, it appears at least some ESP click tracking domains are included in the “redirectors” category.
Barracuda recommends users keep both settings on, and each setting is defaulted to on. Barracuda users can access the configuration panel through  Basic -> Spam checking -> Intent.
There are a couple things that senders should remember when considering the impact on their email marketing programs.

  1. This behaviour is not going to change engagement rates as calculated at ISPs. Barracuda is a filter that’s used primarily at businesses and unlike ISPs, businesses (and the filters directed at that market) don’t include engagement in their delivery decision making process.
  2. This behaviour may affect one-click unsubscribe links. If clicking the link in an email automatically processes the unsubscribe, then Barracuda may unsubscribe users without their knowledge.
  3. This behaviour may affect opt-in confirmation links.

Marketers can prevent accidental unsubscribes by adding a confirm button on the visited web page and requiring a second click before processing the unsubscribe.
Confirmations are a little more difficult, as senders really do want to keep the transaction as low friction as possible. Adding a confirm button may result in people abandoning the confirmation process.
Auto clicks may be identifiable because all or most of the links in an email are clicked. Many marketers track how active a link is and links that are not often clicked may be markers for auto clicks. Another suggestion some senders are trying is to set up a “stealth” link, that human readers won’t see or click on but that parsing software might. Clicks on that link are a sign that the click was not done by the recipient.
While right now this appears to be limited to Barracuda filters, I expect more filters will adopt this behaviour over time. Some ISPs may even start following links to some URLs. This is one of those cases where the anti-virus technique is actually not a bad practice, even when it creates issues for senders. I recommend senders put some thought into how to identify auto-clicks and compensate for them in statistics and engagement measures.

Related Posts

Persistence of unsubscribes

It’s really, really frustrating when an unsubscribe request doesn’t take. And it happens a lot more than many people expect.
Most of the culprits are marketing companies. United Business Media is a huge problem, for instance. I never even signed up for their mail, but they bought an address I’d used to register for a conference. I unsubscribed at least a dozen times, but the mail kept coming. Of course, it wasn’t actually mail I’d unsubscribed from. Every email was part of a different list.
There was no way to find out what lists I was on through their unsubscribe page and preemptively unsubscribe. I tried mailing their privacy department, but it took multiple emails to get any sort of response. Finally, someone responded that they had removed me from all their lists.
Illegal? Probably not. Annoying? Totally.
This is the reason I don’t unsubscribe from mail if I don’t recognize the sender. Too many people who “acquire” my email address without permission don’t actually pay any attention to the law, much less best practices.
The other time I see this problem is with some of the addresses I’ve used for testing customers and their vendors. I unsub from any lists I’ve signed up for when I’ve collected the information I need. It’s not totally unheard of, though, for those addresses to lay dormant for years and then start receiving mail again.
This is a problem. They’re “reactivating” addresses. Again, they’re probably different “lists” so it’s not a CAN SPAM violation, but I don’t really care. I unsubscribed. I don’t want any more of that mail. I really can’t figure out what possesses companies to just decide, after not having interaction with subscribers for years, that the right thing to do is just add those addresses to a new list.
It’s not even like they try and re-engage me. Or ask me to opt-in. All they do is start sending me copies of the Annoying Meme of the Hour newsletter. It’s even more frustrating because I know that the sender has been exposed to best practices. I have spent anywhere from weeks to months helping them create a email marketing program that shouldn’t do this kind of thing.
I’ve tried talking to some clients after this happens. Usually, the issue is the marketers or IT staff that I worked with are gone. A new, shiny marketing group has moved in and decided that they had this huge database and of COURSE they should mail it, all of it, opt-outs notwithstanding.
It happens to me as a consumer and subscriber, too. In those cases I don’t have much recourse beyond reporting it as spam and blocking the mail. I don’t trust that a new unsubscribe will work, since the last one didn’t. I have to take other steps to make the mail stop.
In this case, I am much less persistent than the sender is. I think it would be better if senders actually believed me when I said I didn’t want their mail. But I don’t expect that will ever happen. Too many senders think they know better.

Read More

Unsubscribe rates as a measure of engagement.

Over at Spamtacular Mickey talks about the email marketers’ syllogism.

  1. Anyone who doesn’t want our mail will opt-out.
  2. Most people don’t opt-out.
  3. Therefore, most people want our mail.

This clearly fallacious reasoning is something I deal with frequently with my clients, particularly those who come to me for reputation repair. They can’t understand why people are calling them spammers, because their unsubscribe rates and complaint rates are very low. The low complaints and unsubscribes must mean their mail is wanted. Unfortunately, the email marketers’ syllogism leads them to faulty conclusions.
There are many reasons people don’t opt-out of mail they don’t want. Some of it may be practical, the mail never hits their inbox, either due to ISP level filters or their own personal filters. Some people take a stance that they do not opt out of mail they did not opt-in to and if they don’t recognize the company, they won’t opt-out.
In any case, low levels of opt-outs or even this-is-spam hits does not mean that recipients want that mail. The sooner marketers figure this out, the better for them and their delivery.

Read More

Expectations

One of the themes I harp on with clients is setting recipient expectations. Senders that give recipients the information they need to make an informed subscription decision have much higher inbox and response rates than senders that try to mislead their recipients.
Despite the evidence that correctly setting expectations results in better delivery and higher ROI on lists some senders go out of their way to hide terms from recipients. I’ve heard many of those types of comments over the years.

Read More