'Gmail visiting link destinations when clicking links in emails - Anyone else seen this?

I've got an app that sends emails with links to allow end users to triage leads (mark them dead, sold, disqualified, etc.) The links go a landing page on the server where the end user submits a POST form to register the update.

Looking at the server side logs, when the end user clicks the link in gmail (web client or an app), I can see the request from their browser to the server. Frequently, I'll see additional GET requests from google (specifically cache.google.com) following the end users click. These are probably ok, just google doing some form of spam/malicious link checking.

Under some undefined circumstances, after the google GETs, there is occasionally a POST. This seems plan wrong or anti-social at least. It is problematic for me because it causes an errant status update to be registered or submits a form that needs the end user to enter information.

Here's a log snippet showing an instance:

{ my IP redacted } test.com - [03/May/2022:16:51:27 -0400] "GET /app/?m=l&t=3Nj6QOWbhvmde35zPqBsuyl71YMTlEur&s=19 HTTP/1.1" 200 7543 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/15.4 Safari/605.1.15"
167.142.232.4 test.com - [03/May/2022:17:23:17 -0400] "GET /app/?m=l&t=3Nj6QOWbhvmde35zPqBsuyl71YMTlEur&s=19 HTTP/1.1" 200 7543 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36"
167.142.232.4 test.com - [03/May/2022:17:23:18 -0400] "GET /app/js/Common/emailValidation.js HTTP/1.1" 200 413 "https://test.com/app/?m=l&t=3Nj6QOWbhvmde35zPqBsuyl71YMTlEur&s=19" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36"
167.142.232.4 test.com - [03/May/2022:17:23:18 -0400] "GET /app/js/Leads/landing.js?4 HTTP/1.1" 200 7214 "https://test.com/app/?m=l&t=3Nj6QOWbhvmde35zPqBsuyl71YMTlEur&s=19" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36"
167.142.232.4 test.com - [03/May/2022:17:23:18 -0400] "GET /app/js/Leads/leadDetailValidators.js HTTP/1.1" 200 2812 "https://test.com/app/?m=l&t=3Nj6QOWbhvmde35zPqBsuyl71YMTlEur&s=19" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36"
167.142.232.4 test.com - [03/May/2022:17:23:19 -0400] "GET /app/images/email/logo.png HTTP/1.1" 200 4796 "https://test.com/app/?m=l&t=3Nj6QOWbhvmde35zPqBsuyl71YMTlEur&s=19" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36"
167.142.232.4 test.com - [03/May/2022:17:23:20 -0400] "POST /app/index.cgi HTTP/1.1" 302 - "https://test.com/app/?m=l&t=3Nj6QOWbhvmde35zPqBsuyl71YMTlEur&s=19" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36"
167.142.232.4 test.com - [03/May/2022:17:23:21 -0400] "GET /app/index.cgi?m=l&t=3Nj6QOWbhvmde35zPqBsuyl71YMTlEur HTTP/1.1" 200 4828 "https://test.com/app/?m=l&t=3Nj6QOWbhvmde35zPqBsuyl71YMTlEur&s=19" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36"

Details:

  • Line 1 - end user clicks
  • Lines 2-6 - google loading the landing page and resources.
  • Line 7 - google posting to the form on landing page
  • Line 8 - redirect to form submission results

Other Details Noted:

  • The landing page has some javascript that changes some for the form data in the post. I can see that google is running the javascript on the page.
  • I removed the javascript on the page and simplified the form to include only basic form (no css, no js, bare minimum marker, no submit button in form) and the form still gets POSTed by google.

Questions:

  • Has anyone else seen this behavior?
  • What triggers this behavior? (we have other applications that do similar operations with links and don't see extra GETs or POSTs when clicking through from gmail)
  • What are some other ways to debug the situation?
gmail


Solution 1:[1]

It can be due to the preview functionality of the gmail application. If your users are long-clicking the link in the email, a preview window will pop which navigates to the url (at least on ios) I assume this preview window doesn't navigates directly to the url but rather through a reverse proxy that google provides, then things gets complicated after this point when your users try to submit a form inside this preview window.

I'm not sure of it but you can easily try/test the case to see if this is the problem or not.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 mow

Related Questions

The server response was: 5.7.0 Must issue a STARTTLS command first. i16sm1806350pag.18 - gsmtp

Contact Form 7 mails are being marked like spam

How to buy a free registered gmail of someone?

Javamail Could not convert socket to TLS GMail

Unable to connect with TLS encryption with Laravel 5.5 Swiftmailer

Unable to connect with TLS encryption with Laravel 5.5 Swiftmailer

OpenSSL::SSL::SSLError: hostname "smtp.gmail.com" does not match the server certificate

Gmail's new image caching is breaking image links in newsletter

Autoresponder in Gmail without "Vacation Responder"?

Non Receipt of the email sent by XAMPP Mercury Server with Gmail SMTP Settings at Local Host

Delete multiple emails from INBOX in gmail using GMAIL API

How to to send mail using gmail in Laravel?

GMail is blocking login via Automation (Selenium)

Google keeps deleting app password (Rails)

How to forward a Gmail email and add to the message body using GmailApp in Google Apps Script?