How do link scanners affect click metrics?
Still have a question, spotted an error, or have a better explanation or a source we should cite?
Security systems in corporate email environments scan links before (and sometimes after) delivery to check for phishing and malware. This is standard behavior for email gateways from providers like Proofpoint, Mimecast, and Microsoft Defender. The scanning works by literally clicking the links.
When a gateway clicks your tracking URL, your ESP records a click event. From the analytics system's perspective, it looks identical to a human clicking. You get a click in your report, but no human made it.
The impact varies by audience. For B2B lists where most subscribers are in corporate environments with email security gateways, bot clicks can be a significant portion of your total click count. Some senders see 30-50% of their reported clicks from security scanners. Consumer-facing lists are less affected since fewer personal email accounts run enterprise security gateways.
How to spot it: look for clicks with extremely fast timing (within seconds of delivery, before any human could have received and opened the email), or clusters of clicks from the same IP. Most ESPs have bot-click filtering options, or you can set up click honeypots (links that a human would never click but a scanner would) to identify scanner activity.
This affects your CTOR calculations too, since inflated click counts push the numerator up artificially. Extreme cases can result in clicks exceeding delivered message counts entirely, which is almost always a scanner artifact.
Contributors
Who worked on this answer
Every name links to their profile. Every company links to their site. Real people, real accountability.