Gmail is opening and caching urls within emails without user intervention or confirmation. How and why?
Gmail opens and caches URLs in emails without user intervention. How and why?
When running a system that checks whether the user clicks on a simulated phishing test. The problem we see is that even if the user does not click the link, sometimes gmail will cache it via email and follow the url (not just the image link). Specifically, when a user opens an email, we will see one or two Google IPs (one of which is registered under YouTube and AMP cache?) also open and follow a URL link. Is this supposed to happen? Why and through what mechanism?
This seems to be happening across the company at the moment, and we have not yet found a cause or solution. This caused severe headaches and caused companies to miss important updates from various companies and government agencies.
To explain the issue in more detail......
Our company uses G Suite for business, and our company’s mailing lists are automatically unsubscribing from external mailing lists, such as police, political, and environmental newsletter mailing lists (to name a few).
The problem started about a month ago when we started receiving email streams confirming that we had successfully unsubscribed from these various external email lists.
After some investigations (and severely warned employees to stop clicking the unsubscribe link), we determined that no user in the company actually accessed any unsubscribe link in the email. These lists appear to be unsubscribed without user intervention.
Sometimes we will see free gmail users being activated via a confirmation link without user intervention. That is why we have placed an extra button on the page itself for activation or unsubscribe. That leads to misunderstandings and some people have requested why their email is active for mailing while they have not confirmed it themselves.
This affects the email addresses and company mailing lists of individual employees.
One of the companies sent us the IP record address of a server that apparently has unsubscribed or subscribed to mail.
51950
82.113.19.4
{
ip: 82.113.19.4,
hostname: cache.google.com,
city: Monaco,
region: Municipality of Monaco,
country: MC,
loc: 43.7333,7.4167,
org: AS6758 Monaco Telecom S.A.,
postal: 98000,
timezone: Europe/Monaco
}
2021-10-20 13:10:58.142262+00:00
Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.159 Safari/537.36
None
51963
193.51.224.135
{
ip: 193.51.224.135,
hostname: cache.google.com,
city: Paris,
region: Île-de-France,
country: FR,
loc: 48.8534,2.3488,
org: AS2200 Renater,
postal: 75000,
timezone: Europe/Paris
}
2021-10-20 13:21:51.211115+00:00
Mozilla/5.0 (Windows NT 10.0 Win64 x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36
None
I did nslookup on the IP and it showed the server name to be cache.google.com
I have a strong feeling that this is being caused by some sort of Google spam/security feature that is scanning/checking the unsubscribe links in every email and this action is then registering as an unsubscribe.
Do we have any idea of what could be causing this or have any solutions?
Solution
Add a button for activation on the web page itself and create it with Javascript. So every click will come from a user intervention.
Add tls to Postfix main file..
smtpd_use_tls = yes
smtp_use_tls = yes
vim /etc/postfix/main.cf
We had the same problems. Fixed with secure TLS on smtp with google.
http://www.postfix.org/TLS_README.html#client_tls_may
Extra information in Google support tread.
https://support.google.com/mail/thread/16878288/gmail-is-opening-and-caching-urls-within-emails-without-user-intervention-how-and-why?hl=en
Comments
Post a Comment