Mandrill defaults to email link click tracking


(Slind) #1

Hey,

I don’t know if discourse it self does use mandrill as email delivery provider or not. However I think here are some that use mandrill.
I have one small issue which I can’t figure out. Mandrill does add tracking urls which leads to scam warning in mail clients like thunderbird. With other forum softwares I did edit the mail template and give all links a non link title which solves the problem. But I can’t figure out where to do this for discourse, so I tried to disable from the mandrill interface. The only option I could find is Settings->SendingDefaults-TrackOpens, unfortunately did disabling this feature not solve the issue.

How did you solve this small issue?

Thanks in advance Slind


(Michael Downey) #2

From Mailchimp:

Turns out that in Thunderbird 1.5, there’s this new feature that looks for when the actual URL of a link in the email (in the “behind the scenes” HTML code) is different from the text description of the link (what the user sees).

In other words, this is when something in the HTML email is like:

<a href="http://site-a.example.com/">http://site-b.example.org/</a>

Can you view the source of the Mandrill-processed email to see if there’s a link like this, where the href doesn’t match what’s in between the <a> tags?


(Slind) #3

I know this is why I would like to change the email template so that links with a link in the element body get changed to the subject or something else like “here”

Maybe this should even be a global pullReq, as I don’t think that it has any down sights.

What mandrill and other mass mail delivery providers do to track links is this:

<a href="https://track.mandrill.com/somecrazylongtrackigncode">http://example.com/path/to/thread</a>

as the href link and the content of the element don’t fit it is evaluated as scam which is used in pishing mails to show for example the original paypal domain but link to another site.


(Tudor Vedeanu) #4

Yes, I’ve noticed that too. All URLs in the emails, no matter what their intended destination is, are actually like this:

http://mandrillapp.com/a-very-very-very-very-long-string


(Michael Downey) #5

One thing that seemed to help us (but I can’t guarantee how Thunderbird implements its scam alerting) was to have Mandrill use the same domain as our web sites (including Discourse).

In other words, create something like track.example.org which would match up with discourse.example.org.

Here’s how: How to Use a Custom Tracking Domain – Mandrill Knowledge Base


(Slind) #6

I just checked my trash can of the mail box. There is only one link that is causing the issue with click tracking:

To respond, visit <a href="http://mandrillapp.com/track/click/30187202/example.com?p=eyJzIjoiN3....">http:/example.com/t/our-next-big-goal/119/2</a> in your browser.

What to the authors think about changing it globally to:

To respond, visit <a href="http://mandrillapp.com/track/click/30187202/example.com?p=eyJzIjoiN3....">Our next big Goal - Example Community</a> in your browser.

Do the authors check most threads or should it be put into a feature request on the github issue tracker?


Slight mail template change (no link element content)
(Slind) #7

I tried using sub domains before, unfortunately does that not help for thunderbird but with most other mail clients.


(Michael Downey) #8

To propose a Discourse feature request, create a new topic here on meta.discourse.org in the feature category.

However, I’m sure that the Thunderbird project would also welcome patches to improve how it handles these cases: 651334 - Enhance scam/phishing/spoof warning for clicking on mismatched host links (href/url/domain different from linktext url)


(Slind) #9

alright thanks. I did create a small request:

I don’t think this should be changed in thunderbird. While it is possible to add a white list for e.g. mandrill and the other delivery providers, it is still possible that the redirect goes to a completely different site. Yes, sub domains for tracking could be added as bypass, but even there it isn’t said that the sub domain is used by the same person and it does still redirect.

Through of course links with a normal text in the content can link to anything, but I think the main reason here is that the average user is more careful if the link isn’t displayed and as soon as it is displayed it might be considered trustworthy.


(Michael Downey) #10

I guess my point is that the Thunderbird project knows this UI is a bit too much and triggers way too often. It’s not just Discourse getting flagged, it’s most bulk email providers.

Even Mozilla recommends disabling the feature if one gets too many false positives: Phishing protection - MozillaZine Knowledge Base

However, if it’s a big problem for you right now, you may want to consider a different email provider (other than Mandrill) that doesn’t rewrite URL’s (or allows you to disable it).


(Slind) #11

I would like to go with an edited mail template if I would know how/where to do that :slight_smile:


(Michael - DiscourseHosting.com) #12

Mandrill does allow you to disable click tracking, but only from within the email.

By default, for HTML messages, click-tracking will be applied to any links that are in <a> tags. In some cases, though, you may want to selectively disable click-tracking.

To disable click-tracking on individual links, add a new parameter to the link tag, mc:disable-tracking.

The HTML link will look similar to this:
<a href=“http://linkthatshouldnotbetracked.com” mc:disable-tracking>Click here to confirm your email address</a>

Since Mandrill is a recommended mail provider, it would be neat if adding this parameter in the email link tags would be configurable within Discourse.


(Jeff Atwood) #13

This is easily configurable from within Mandrill. Not related to Discourse at all.

Note that this does default to on in Mandrill.

Mandrill, Settings, Sending Defaults, Track Clicks → set to “No click tracking”


(Dean Taylor) #14

You will also find this mentioned here:

And an alternative method here: