Skip to main content
Act-On Software

Identifying False Positives in Email Clicks

If you are seeing an abnormally high number of clicks in your emails – particularly the 'View in Browser' link – an email scanning service such as Barracuda may be the cause. Read on to learn about spam appliance bots and how to mitigate their activity on your Sent Message Reports.

Introduction

 

Email servers use a variety of tools to prevent delivery of spam messages. Some of these tools will result in suspicious or atypical clickthrough data on your Sent Message reports. For example, if your customers use Barracuda Email Security Suite (ESS), it will scan incoming emails and click through links. ESS does not identify itself as an email security system (most similar products do), so Act-On does not automatically exclude these clicks.

Typical spam appliance clickthrough activities:

  • High number of clickthroughs on a sent message, often for contacts on the same email domain
  • Clicks occurring all at the same time, often just after the message was sent
  • Clicks all on the same link (ie the first link in your message, often the "View in Browser" link)
  • Clearly incorrect click data (ie web bot activity)

 

Investigate MX Records

 

To confirm that clicks are coming from a security provider, check the MX records for the domain that generated the clicks.

  1. Use Nslookup in your command line/terminal (Windows steps here) to verify the MX record information
    • When prompted, add the IP address and domain name of the customer responsible for the clicks (available in the sent message report)
  2. Check the data that comes back - it should include the name and information for the security provider
    • Eg., clicks from Barracuda include .ess.barracudanetworks.com

 

Ignore Scanner's IP Addresses

 

To exclude the false clicks from your email reports, go to Settings > Other Settings > Internal IP Addresses and add the security system's IP addresses. This setting will result in the Sent Message report ignoring clicks associated with these IPs moving forward. Performing this change will not remove the e-mail clicks from existing reports - the reports can only be changed moving forward.

For Barracuda ESS, you must ignore both of the following IP address ranges:

  • 64.235.144.0-64.235.159.255
  • 209.222.80.0-209.222.87.255

 

 

  • Was this article helpful?
Support

Have a question about this topic?

Ask the community!