One-click Unsubscribe and a Lesson in Security Technology

Scanning through the blogosphere, I came across a recent article on the apparent “dangers of using one-click unsubscribe,” because corporate firewalls will “[open] your email and automatically unsubscribe them by clicking on every link in it.”

In case you’ve seen it as well, let me shed a little light on things.

Unfortunately, the author has addressed a rare situation and positioned it as commonplace. A firewall doesn’t regularly work through the practice of actually “˜opening and clicking’ on the links in every message passing through its filters. Think about the impact of all the services and processes that would break:

  • Trackback URLs that record whether the address is a valid one (every account would be flagged as valid, and all emails flagged as read)
  • All links would read as clicked, including forwarding, sharing, and instant-unsubscribe, as described

It would mean that all email and web tracking stats for every email that’s gone through a corporate firewall would read at 100% positive. And every B2B marketer on earth will tell you that is emphatically not the case.

But just to be sure, I dropped a line to one of my contacts, a computer security expert, who shared this bit of insight on what actually happens at the firewall:

“In practice, what most security vendors actually do is look up the email domain and content in a database of known-bad things, and react based on that. If that database is cloud-based (most are nowadays) then the cloud can determine in real time how popular or risky each piece of content is, and whether it should bother downloading from there. Popular content is typically downloaded and analysed by the cloud; everything else is just looked up in the database and returned.”

Now, to be fair, if a message is flagging up a bunch of other spam or malware indicators, and a firewall can’t find a definitive safe/unsafe answer in the databases it has access to, it will follow some or all of the links in a message to look for threats. Potentially including your unsubscribe link.

This issue came up in the email industry earlier this summer, and we have seen a handful of clicks-by-firewall in our own stats. But it’s certainly not the widespread practice or risk to your list integrity this author makes it out to be.

If you are spamming, firewalls activating your one-click unsubscribe is probably the least of your worries.

But if, like the rest of us, you are sending legitimate messages, to opted-in recipients, through a reputable ESP, you shouldn’t see this type of thing affecting your messages, or your data.

It’s never a bad idea, though, to review how risky a message might seem to an anti-spam gateway, and regularly test your campaigns through a tool like Litmus or SpamAssassin.

Just like a Google robot crawling your website doesn’t show link clicks and tracks in your webstats, neither does a firewall routinely scanning your email actually register opens and clicks, or by extension, unsubscribe your contacts.

So don’t panic about this particular piece of misinformation. And if you do ever have questions about your deliverability, drop us a line any time.

View All Resources »