Symptoms
URLs in email body or attachments are accessed while the message is in transit. Message, link or click-tracking (UTM) systems such as marketing mail tools may record open, read or click events even though the intended recipient has not accessed the message at all.
Confirmation of symptoms is through two positive identifications:
- Source IP address for the URL visits is an Amazon IP (use a whois service to verify this)
- Received internet headers for the message and URL request timestamps indicate that the message was being processed by TrendMicro Hosted Email Security when the URLs were accessed
Cause
Our email security system may access URLs in email messages and attachments to make a security threat assessment of the web pages or other content that they point to.
Workaround
There is no way to prevent the URL access from happening. However, some marketing mail tools are able to identify URL visits from common email security systems and remove these "clicks" from open rates and other reports. Consult with your marketing mail tool provider for further guidance.
