Skip to main content

Gmail is opening and caching urls within emails without user intervention or confirmation. How and why?



Gmail opens and caches URLs in emails without user intervention. How and why?

When running a system that checks whether the user clicks on a simulated phishing test. The problem we see is that even if the user does not click the link, sometimes gmail will cache it via email and follow the url (not just the image link). Specifically, when a user opens an email, we will see one or two Google IPs (one of which is registered under YouTube and AMP cache?) also open and follow a URL link. Is this supposed to happen? Why and through what mechanism?

This seems to be happening across the company at the moment, and we have not yet found a cause or solution. This caused severe headaches and caused companies to miss important updates from various companies and government agencies.


To explain the issue in more detail......



Our company uses G Suite for business, and our company’s mailing lists are automatically unsubscribing from external mailing lists, such as police, political, and environmental newsletter mailing lists (to name a few).

The problem started about a month ago when we started receiving email streams confirming that we had successfully unsubscribed from these various external email lists.

After some investigations (and severely warned employees to stop clicking the unsubscribe link), we determined that no user in the company actually accessed any unsubscribe link in the email. These lists appear to be unsubscribed without user intervention.

Sometimes we will see free gmail users being activated via a confirmation link without user intervention. That is why we have placed an extra button on the page itself for activation or unsubscribe. That leads to misunderstandings and some people have requested why their email is active for mailing while they have not confirmed it themselves.

This affects the email addresses and company mailing lists of individual employees.

One of the companies sent us the IP record address of a server that apparently has unsubscribed or subscribed to mail.




51950

82.113.19.4

{

ip: 82.113.19.4,

hostname: cache.google.com,

city: Monaco,

region: Municipality of Monaco,

country: MC,

loc: 43.7333,7.4167,

org: AS6758 Monaco Telecom S.A.,

postal: 98000,

timezone: Europe/Monaco

}

2021-10-20 13:10:58.142262+00:00

Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36

None


51963

193.51.224.135

{

ip: 193.51.224.135,

hostname: cache.google.com,

city: Paris,

region: Île-de-France,

country: FR,

loc: 48.8534,2.3488,

org: AS2200 Renater,

postal: 75000,

timezone: Europe/Paris

}

2021-10-20 13:21:51.211115+00:00

Mozilla/5.0 (Windows NT 10.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36

None




I did nslookup on the IP and it showed the server name to be cache.google.com

I have a strong feeling that this is being caused by some sort of Google spam/security feature that is scanning/checking the unsubscribe links in every email and this action is then registering as an unsubscribe.

Do we have any idea of what could be causing this or have any solutions?

Solution

  1. Add a button for activation on the web page itself and create it with Javascript. So every click will come from a user intervention.
  2. Add tls to Postfix main file..

smtpd_use_tls = yes

smtp_use_tls = yes

vim /etc/postfix/main.cf


We had the same problems. Fixed with secure TLS on smtp with google.

http://www.postfix.org/TLS_README.html#client_tls_may


Extra information in Google support tread.

https://support.google.com/mail/thread/16878288/gmail-is-opening-and-caching-urls-within-emails-without-user-intervention-how-and-why?hl=en

Comments

Popular posts from this blog

Pgpool PgBouncer Postgresql streaming replication, load balancing and administration

The term scalability refers to the ability of a software system to grow as the business that uses it grows. PostgreSQL provides some features to help you build scalable solutions, but strictly speaking, PostgreSQL itself is not scalable. It can effectively use the following resources from one computer. Now, we will show you some configurations that may be useful for your use case. However, this can be problematic when distributing the database solution to multiple computers, because the standard PostgreSQL server can only run on a single computer. In this article, we will study different extension schemes and their implementation in PostgreSQL. Replication can be used in many expansion scenarios. Its main purpose is to create and maintain a backup database when the system fails. This is especially true for physical replication. However, replication can also be used to improve the performance of PostgreSQL-based solutions. Sometimes third-party tools can be used to implement complex exp

Tekstverwerking python Text processing python SpaCy, TensorFlow, NLTK, Allen-NLP, Stanford-NLP

 Dit post maakt gebruik van spaCy, een populaire Python-bibliotheek die de taalgegevens en algoritmen bevat die je nodig hebt om teksten in natuurlijke taal te verwerken. Zoals u in dit post zult leren, is spaCy gemakkelijk te gebruiken omdat het containerobjecten biedt die elementen van natuurlijke taalteksten vertegenwoordigen, zoals zinnen en woorden. Deze objecten hebben op hun beurt attributen die taalkenmerken vertegenwoordigen, zoals delen van spraak. Op het moment van schrijven bood spaCy voorgetrainde modellen aan voor Engels, Duits, Grieks, Spaans, Frans, Italiaans, Litouws, Noors Bokmål, Nederlands, Portugees en meerdere talen gecombineerd. Bovendien biedt spaCy ingebouwde visualizers die u programmatisch kunt aanroepen om een grafische weergave van de syntactische structuur van een zin of benoemde entiteiten in een document te genereren.   De spaCy-bibliotheek ondersteunt ook native geavanceerde NLP-functies die andere populaire NLP-bibliotheken voor Python niet hebben. Spa

Elasticsearch install and configuration on Ubuntu

If you plan to use elastic integrated with Django then it would be better to use an old version of Elastic or replace Haystack with Django-Elasticsearch-DSL (Not tested) See old version install at bottom of this post.  New version Elasticsearch ( attention no haystack at this time )  The Elasticsearch components are not available in Ubuntu’s default package repositories. They can, however, be installed with APT after adding Elastic’s package source list. curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - E: gnupg, gnupg2 and gnupg1 do not seem to be installed, but one of them is required for this operation apt-get install gnupg curl -fsSL https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo apt-key add - Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)). OK echo "deb https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee -a /etc/apt/sources.list.d/elastic-7.x.list apt update apt