Tracking email clicks

posted: February 22, 2025

tl;dr: A peak under the hood of email link clicks...

Please first read Tracking email opens for background information. This post discusses how a user’s clicks of the links in an email are typically tracked.

I recently received a marketing email from Stanley Steemer which I will use as an example. The email contains a link towards the top that allows me, the recipient, to schedule a service appointment online on the Stanley Steemer website. A clickable link uses the <a> anchor HTML element. Here is what the link looked like when the email team at Stanley Steemer entered the HTML for the email into the email system that Stanley Steemer uses to send emails:

<a style="padding: 5px 10px; border: 1px solid #000000;
font-family: 'Open Sans', Arial, sans-serif; font-size: 12px; color: #000000;
text-decoration: none; text-transform: uppercase; font-weight: bold;"
href="https://www.stanleysteemer.com/">Schedule Online</a>

Where the link goes is determined by the URL that href is set to, in this case the Stanley Steemer website.

The trick used to track link clicks is that the email system swaps in a different URL for the href value before sending each individual email to each recipient. The email system computes a unique URL for each link in an individual email sent to an individual recipient. The URL is not the URL for the ultimate destination, in this case the Stanley Steemer website. Instead, the URL goes to a server that is part of the email system that sent the email. Here’s what the HTML link actually looked like in the email that I received:

The server at link.email.stanleysteemer.com is not the Stanley Steemer website, which is at www.stanleysteemer.com. The server at link.email.stanleysteemer.com is instead a server which tracks link clicks and redirects (or forwards) the user to the ultimate destination of www.stanleysteemer.com. The long string of letters, digits, and other characters in the URL which are after the server address are what identifies this particular link in this particular email which was sent to me.

A pop-up message displayed by the Mimecast email monitoring service

When I click on the link in my email tool, it issues a request to link.email.stanleysteemer.com. The entire URL is passed in the request, and the long string of characters after the server address tell Stanley Steemer’s email system that it was me that clicked on that particular link in that particular email. The email system records a link clicked event, and then redirects the request to the ultimate destination in the original HTML source, which is the Stanley Steemer website.

As an aside, there is often a further level of redirection that happens, for those who have corporate email inboxes patrolled by Mimecast or other anti-phishing/anti-spam services. Mimecast will replace all the links in the email that is delivered to the user's inbox so that the links first go to Mimecast. If Mimecast thinks the link is legitimate, it will redirect to the link in the email as sent to the user, which will redirect to the ultimate destination in the original email HTML source. So this link in an email in a Mimecast-protected inbox will look something like this:

So there are typically one or two redirects that happen when a recipient clicks on a link in an email, which allow intervening servers to do some work, including recording link click events. This method for tracking link clicks has one huge advantage over the method for tracking email opens: the email client cannot block traffic to the server that tracks link clicks, because that server also is responsible for taking the user to the ultimate destination.

100% of the link clicks recorded by the email system that sent the email are actual link clicks. However, that does not mean that they are link clicks done by a human who is engaging with the email. These days it is quite common for bots or other automated software systems to click on links in emails. This problem is the subject of my next post.

Related post: Tracking email opens