Skip to main content

Elevated Email Open Rates Known Causes

© 2024 Firstup All Rights Reserved.

Elevated Email Open Rates Known Causes

  • Created
  • Updated
  1. Tracking pixel not branded for dedicated sender IPs.
    • Observed behavior - Sendgrid subusers setup for dedicated Sender IPs insert unique tracking pixels served from a .ct.sendgrid.net domain that is not allowlisted causing safelinks policy to inspect the pixel image which registers as an open event.
    • Environment - Microsoft EOP w/ Safe Links URL detonation
    • Mitigation - Have customer allowlist the tracking pixel domain in addition to the dedicated IP (neither of which would be included in our general allowlisting article because they are customer-specific)
    • Long-term fix - Update sendgrid subdomain users to use the default link branding, and eventually productize dedicated sender IP or use branded links.

  2. Microsoft Defender Safe Links policy scanning selective links
    • Observed behavior - Some campaigns will show a very high open rate while others to the same audience and delivery methods will not. That is because only links that match the security policy itself will be scanned.
    • Environment - Microsoft EOP w/ Safe Links policy for Sharepoint (or other) URLs
    • Mitigation - Update Safe Links policy to allow list Firstup sender IPs/domains.  Details for configuring can be found in this Microsoft article.
    • Long-term fix - N/A

  3. Avanan third-party email security endpoint
    • Observed behavior - Immediately after an email is delivered, or shortly thereafter, ever link contained in the campaign will be scanned in order from top to bottom. Currently, these click events are identifiable through a User-Agent (ReactorNetty/1.0.4).
    • Environment - Microsoft EOP w/ a transport rule configured to send all inbound mail to Avanan
    • Mitigation - Add an "Anti-Phishing exception" policy to Avanan for link scanning or an MS Exchange transport rule exception to bypass Avanan entirely.
    • Long-term fix - N/A

  4. Sendgrid clicks.socialchorus.com pixel tracking domain not included in documented allowlist requirements
    • Observed behavior - Pixel image source URLs rewritten by Safelinks, Proofpoint, Barracuda, or other email security offering
    • Environment - All (except dedicated sender IP) - required
    • Mitigation - Have customer allowlist the tracking pixel domain in addition to the dedicated IP (neither of which would be included in our general allowlisting article because they are customer-specific)
    • Long-term fix - Move socialchorus delivery domains to firstup.io instead

  5. Required email domains/IPs not allowlisted
    • Observed behavior - Unreliable/Inconsistent email delivery behavior between small and large audiences, different email recipient domains, and varying message sizes and contents
    • Environment - All - required
    • Mitigation - Add the following domains to any exclusion lists:
      email.socialchorus.com
      em.socialchorus.com
      firstup.io
      clicks.socialchorus.com
      clicks.onfirstup.com
    • Long-term fix - N/A

  6. Root Cause Unknown (1 known Customer affected)
    • Observed behavior - Reached users shows 2.3x multiplier from Feb 22nd onward using data exported from Insights reports
    • Environment - TBD
    • Mitigation - N/A
    • Long-term fix - TBD

Related articles

Comments

0 comments

Article is closed for comments.