Identifying False Positives in Email Clicks

  • Updated

If you are seeing an abnormally high number of clicks in your emails – particularly the "View in Browser" link – an email scanning service such as Barracuda may be the cause. Read on to learn about spam appliance bots and how to reduce inflated click counts in your Sent Message Reports.

What is an Anti-Spam Appliance?

Email servers use a variety of tools to prevent the delivery of spam messages. Some of these tools will result in inflated, atypical, or suspicious clickthrough data on your Sent Message reports. For example, if your customers use Barracuda Email Security Suite (ESS), it will scan incoming emails and click the first link in each message you send to them. ESS does not identify itself as an email security system (most similar products do), so Act-On does not automatically exclude these clicks.

Typical anti-spam appliance clickthrough activities:

  • A high number of clickthroughs on a sent message, often for contacts on the same email domain
  • Multiple clicks occurring simultaneously, shortly after the message was sent
  • All clicks are for the same link (the first link in your message, often the "View in Browser" link)
  • Click data that is clearly incorrect 

What can I do?

There are two options to help change your reports to remove spambot activity: ignore known IP addresses for Spambots, or ignore clicks on the View in Browser link altogether.

Ignore clicks on the View in Browser Link from Reports

We do not recommend removing the "View in Browser" link from your Email Header if your goal is to eliminate these spambots' behavior. Instead, you can ignore all clicks on this link using an optional feature.

  1. Go to Settings > Other Settings > Custom Account Settings > Labs 
  2. Toggle to enable Ignore clicks on 'View in Browser' link

mceclip1.png

Heads up! Making this change will not remove "View in Browser" clicks from existing reports.

Ignore Known IP Addresses

Common IP Addresses to Ignore

Barracuda ESS

Barracuda US

  • 64.235.144.0-64.235.159.255*
  • 209.222.80.0-209.222.87.255

Barracuda UK

  • 35.176.92.96-35.176.92.127

Barracuda DE (Germany)

  • 35.157.190.224-35.157.190.255

*The range 64.235.144.0-64.235.159.255 is automatically ignored for all accounts created after May 2017.

Palo Alto Networks

  • 65.154.226.100
  • 65.154.226.101
  • 65.154.226.109
  • 65.154.226.159
  • 65.154.226.220

Others

These IP addresses have been associated with abnormal click activities in the past:

  • 196.16.0.0-196.19.255.255
  • 34.192.0.0-34.255.255.255

 

Find & Ignore Scanner IPs from your reports (Data Studio, advanced)

If you have the Data Studio add-on feature, pull an Email clickthrough report that includes the IP address field. These are the IP addresses connected to your email clicks.

To confirm whether these clicks are coming from a security provider, verify their MX record information.

  1. Use Nslookup in your command line/terminal (Windows steps here)
  2. When prompted, add the IP address and domain name for the contact(s) responsible for the clicks
  3. Check the data that comes back - it should include the name and information of the security provider
    • For example, clicks from Barracuda include .ess.barracudanetworks.com

To exclude the false clicks from your email reports, go to Settings > Other Settings > Internal IP Addresses and add the security system's IP addresses. This setting will result in the Sent Message report ignoring clicks associated with these IPs moving forward.

Performing this change will not remove email clicks from existing reports. The reports can only be changed moving forward.

 

Was this article helpful?

Have more questions? Submit a request