I work for an email marketing company. We have a sender who sent out 3 separate emails blast to over 1 million contacts. They had a very high unsubscribe rate. After our engineering team looked at the logs, we see that all the unsubscribes happened seconds apart but were all different domains. We noticed that they were coming from these IP's
126.96.36.199 and 10.4.34.203. After looking up I see that 188.8.131.52 is pointing to Palo Alto Networks. My question to you is, would your system do a mass unsubscribe if a scan picked up a url in an email as malware? Thank you.
This is possible if your firewall is performing Wildfire inspection of email links.
If the Wildfire Cloud receives e-mail links for analysis it will reach out and attempt to analyze the link and the content presented by cicking that link.
Would you be able to lookup URLs containing verticalresponse.com, vresp.com, vrmailer3.com to see if they've listed VerticalResponse as a company hosting malicious/phishing content? Or is there a PAN site we can go to and lookup URLs ourselves? We want to make sure our urls are not blacklisted.
So I have added both our URL and the sender who is having the mass global unsubscribe issue and I do not see their site or our site being listed with any issues. I am still at a loss how our customer who sent an email to 1million contacts had over 30k unsubscribe from different domains all around the same time?
Wildfire can perform e-mail link following for analysis purposes if the firewall is configured to detect e-mail links within SMTP sessions. If there was an e-mail campaign and Wildfire picked up the links within these e-mails for analysis it may have followed those links (clicked them) thereby resulting in unsubscription. Without additional data I am only speculating at this point.
What additional information can I provide you with to help figure out this issue? Would you be able to tell me if you have blacklisted this URL? http://cts.vresp.com this is part of our unsubscribe link and we are seeing it associated with PAN in our log files.
We have not blacklisted cts.vresp.com.
|Business and Economy|
|Marketing, management, economics, and sites relating to entrepreneurship or running a business.|
|www.bothsidesofthetable.com/ , www.ogilvy.com , www.geisheker.com/ , www.imageworksstudio.com/ , www.linearcreative.com/|
Includes advertising and marketing firms. Should not include corporate websites as they should be categorized with their technology. Also shipping sites, such as fedex.com and ups.com.
I suggest opening a support case with our TAC for deeper analysis of your issue.
The problem may not be that it could have been blacklisted, but instead, it hasn't been whitelisted.
It's possible the Palo Alto Networks firewall is extracting the elink and following it to test whether it's a safe link.
The sole fact that it's following the link to test it is causing the unsubs. You should look into whitelisting the domain so that the firewalls' won't automatically follow your unsubs links. You can explore this option with Support.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The Live Community thanks you for your participation!