Many receiving servers have additional security settings in place to protect recipients from spam. Sometimes these security settings will prompt the server to test the URLs in a mailing in order to determine if those links are trustworthy. When this happens, the server “clicks” on the links before delivering the mailing to the recipient’s inbox. This is often referred to as “server sniffing” and is a way to protect those recipients from fraudulent or malicious content.
How to identify server sniffing
One of the tricky things about server sniffing is that it’s incredibly difficult to differentiate server clicks from true clicks. The click behavior itself is the same, regardless of whether a human or a server clicks on the link, making it nearly impossible for humans to identify.
That said, identifying whether server sniffing may be affecting a particular email is easier than identifying which exact clicks are real and which are from servers. The most common way to determine that a mailing has been affected by server sniffing is to look at the click timestamps for your audience. Clicks occurring in rapid or immediate succession (or even all at the same exact time) point to server behavior more than actual human interaction.
Verified interactions and machine activity
In the summer of 2025, we added new data to the mailing response Overview. Specifically, we added data for verified opens and verified clicks. Located underneath the total open rate and click-to-open rate, the verified interactions show the number of opens and clicks that originate from a human source, instead of a machine. For more information about verified interactions, check out this article.
At the same time, we also added a new tab to the mailing response page: the Machine activity tab. This tab shows the number of Apple MPP opens, machine opens, and machine clicks that a mailing received. While it can’t show you exactly which clicks came from server sniffing, it does help give you an idea of how much of your click rate came from machines. For more information about the Machine activity tab, check out this article.
Verified interactions and machine activity are not filtered from response exports or the overall open and click data. They also cannot be exported, used to create segments, viewed in Insights, or accessed through the API.
How to prevent server sniffing
There is no easy answer for how to prevent server sniffing. The criteria for when a link is checked by a receiving server changes based on many factors. Some of them are more obvious, for example, a link titled “Free Money” is going to raise some eyebrows. But other factors are harder to predict. Things like time of year, the amount of traffic that the receiving server has seen recently, previous recipient inbox behavior, and even that server’s specific security settings can all contribute to whether or not links get checked, among other factors.
The most important thing that you can do to prevent server sniffing is to authenticate your sending domain. At minimum, you should have DKIM and DMARC set up. For more information about email authentication, please refer to this article. Once you’ve set up authentication, here are some other things that can help prevent server sniffing:
Avoid link shorteners
Bad actors have been known to hide malicious links behind bit.ly and other shortened links. As a result, some servers check those links at a higher rate before delivery.
Use the simplest version of a link
Sometimes, if you copy a link directly from your browser, it can contain tags that are specific to your browsing session. This makes the link longer than necessary and adds extra characters to the tail, which can increase server sniffing. This doesn’t include UTMs added by Google Analytics.
Avoid common “red flag” words and phrases
Words like “free money”, “inheritance”, and other clickbait-type words can also increase the likelihood of server sniffing.
Keep a balanced image-to-text ratio
If a campaign is very image-heavy and has relatively little text, comparatively, that can be a red flag to servers.
Remove unengaged contacts from your audience
Inbox providers pay attention to recipients’ behavior. If contacts are not opening or clicking on your campaigns, it’s better to remove them from your audience to protect your deliverability and sender reputation. For more information, please refer to these articles for more information:
Server sniffing conclusion
Server sniffing is a challenging topic across the marketing email industry because there’s no way to definitively prevent it and it’s extremely difficult to distinguish between server clicks and real, human clicks. Following the best practices we’ve mentioned, maintaining your audience, and keeping your sending behavior consistent are the best ways to prevent server sniffing that we’ve found so far.
Frequently asked questions about server sniffing
Does this mean that my response data is inaccurate?
It’s understandable to be concerned about the accuracy of your response metrics. When it comes to server sniffing, it’s important to know that the clicks are being tracked accurately. However, you can use the verified opens and clicks on the Overview tab and the information in the Machine activity tab to determine how much server sniffing is contributing to your open and click rates.
Why is authentication important for preventing server sniffing?
Server sniffing is caused by the security settings of receiving servers. As a result, the best way to prevent server sniffing is to remove or reduce any factors that could make your campaign look like a security risk. Authentication is the most important thing that you can do to improve the trustworthiness of your mailings. Unauthenticated mailings make it look like someone is spoofing your domain, which is a huge red flag.
For more information about why authentication is important, please refer to this article. For more information about how to set up authentication, please refer to this article.
Why do I need to remove unengaged contacts?
It’s easy to assume that a bigger email list is automatically better. After all, the larger your email list, the more people who could potentially see your mailing, right? As it turns out, though, that’s not actually the case. Often, a smaller, more engaged list is far more beneficial for your deliverability and sender reputation.
Inbox providers notice how contacts respond to your emails. If contacts do not open, click, or otherwise engage with your mailings, that affects how inbox providers treat your future mailings. And if you continue sending to contacts who do not engage with your mailings, inbox providers begin to view your mailings as potentially unwanted. This increases the likelihood that they will end up in recipients’ junk folders and increases their odds of experiencing server sniffing.
The best way to prevent this is to make a habit of removing contacts who don’t engage with your mailings. You don’t need to delete them – it’s okay to just opt them out. That way, they won’t contribute towards your contact limit, you won’t accidentally send to them, and if they want to resubscribe, they can!