DEV Community

Karl L. Hughes
Karl L. Hughes

Posted on

Debugging Gmail's "Suspicious link" Warnings

I've been sending a weekly newsletter for CFP Land for over a year now, but in the past few months, I started to encounter a problem. Gmail was suddenly marking links in my email as "Suspicious":

Suspicious link<br>
This link leads to an untrusted site. Are you sure you want to proceed to url3607.cfpland.com?

What could I be doing wrong?

First, I went over what I knew:

  • I have never sent spam from this domain. Everyone in the list is double-opted in and my open rates are close to 50%, so it's a clean list.
  • I was pretty certain I had set up my MX records correctly. I double checked to be sure though.
  • I was using SSL via Sendgrid and my own custom domain. At first I was just using http, but after a reader suggested this, I got Sendgrid to help me switch to https. It still didn't help.
  • The emails worked fine for months before they suddenly started showing this warning.
  • The warning was intermittent - it didn't show up every week, but it was over 50% of the time.

I ran across a few people with similar problems on the internet that suggested checking my domains and Sendgird's IP addresses against several blacklists, but that wasn't the issue. I was pretty lost at this point, but I started to have a hunch.

It must be the content

Technically everything seemed good, so I started to see if for some reason my content was triggering this warning. I imagine that Google's algorithm is complex, and I was probably doing some combination of things that it found problematic. Now, I just had to figure out what it was.

How I generate my weekly email newsletter

CFP Land is a weekly newsletter for technology conference speakers. I started off compiling the list manually each week, but as it's grown in popularity, I've started automating large swaths of the process.

  • First, I collect all the CFPs in one big central Airtable.
  • When users subscribe, they are added to a Mailchimp list. They can optionally edit their preferences in Mailchimp.
  • Next, I use a NodeJS app to generate a custom email for each subscriber each week.
  • The NodeJS app uses MJML and Handlebars to generate HTML emails.
  • Finally, each custom-built email is sent to each user using Sendgrid.

I actually send a couple regular email newsletters, so while this process sounds complicated, it's completely automated. I just add new CFPs to Airtable as I find them and the newsletter goes out like clockwork every Friday morning.

How Google decides an email's links are "suspicious"

I don't work for Google and I don't have any inside line there, but I've been in the email sending industry long enough to have some idea how it works.

So, if I were going to try to identify "suspicious" links, here are some of the factors I'd use:

  • The reputation of the domains being linked to in the email
  • The words in the email (some phrases like, "Nigerian Prince" might immediately set off alarms)
  • Any "tricks" to hide text or links deceptively in the email
  • Has the user opened and clicked emails from this sender before?

I figured I would look through my email and see if there's something I might be doing to set off any of these alarms. Next, I'd start testing some updates to see if I could get the warning to go away.

Tracking down the issue

Step 1: Replication

First, I had to replicate the "Suspicious link" warning consistently. Because it had appeared on the latest email I sent, I started there and set up my local environment to send me one email just like the one that went out to all my subscribers this morning.

The latest email newsletter I sent

When I sent the email to myself, Gmail did not mark the links suspicious even though the exact same email sent this morning was marked suspicious...what the heck? 🤷‍♂️

Because the two emails had the exact same subject line they had been grouped into a single conversation. My first hunch was that Gmail might consider the second email safe because I had clicked a previous email in the same conversation.

I confirmed this by sending the exact same email content with a variation of the subject line. It was flagged suspicious, so now I knew the following:

First email

Subject: Upcoming Conference CFPs for DATE
Time: 3:01 am
Result: Suspicious

Second email - sent locally with the same subject line

Subject: Upcoming Conference CFPs for DATE
Time: 1:22 pm
Result: Safe

Third email - sent locally with a new subject line

Subject: Upcoming CFPs for DATE
Time: 1:28 pm
Result: Suspicious

Fourth email - another new subject line just to confirm

Subject: New CFPs for DATE
Time: 1:33 pm
Result: Suspicious

Now I could consistently reproduce the "Suspicious link" warning, so I could start to test parts of the email that were triggering it.

Step 2: Turning off tracking

Email tracking is a double-edged sword. It allows you to see when an email is opened or link clicked, but you can't track anything without affecting the outcome (this is known as the Observer Effect). Tracking links and open trackers are sometimes marked suspicious by email clients, so I tried disabling each one individually, then both together.

Removing open tracking and click tracking did nothing for me - the message persisted, so I went on to try another tack.

Step 3: Eliminating content until it works

Another debugging method I use when I'm completely stuck is to remove code until the issue is fixed, then slowly add it back to figure out which line is causing the issue.

This method is complicated by the knowledge that my email could have multiple reasons that links were flagged "Suspicious" but I figured it was worth trying.

First, I tried removing the sponsored link. I figured maybe Google didn't like being left out of the ad revenue on email so maybe they're penalizing my newsletter for having sponsors.

No good.

Next, I removed the footer. I thought maybe the text was too small or the contrast not high enough so Google might be wary of it.

Still no good.

Removing one section at a time and then removing each combination of sections was going to take a while, so I decided to go the other direction.

Step 4: Starting with a known "good" state

Next I would start with a working email - no matter how simple - and add pieces back to it until it was flagged "Suspicious" again. So, I stripped the email down to just a text headline, one line of text, and the footer:

My minimalist email with just text

It worked! My 11th email an hour after starting this process was not flagged as suspicious by Gmail.

Unfortunately, this email wouldn't work as a newsletter, so I started adding pieces back to figure out what was causing the "Suspicious link" flag.

Step 5: Adding the header back

I started by putting the header into the email. Immediately, it was flagged!

Just adding the header caused the email to be flagged

This gave me a new idea. Maybe Gmail was concerned about my images, and not the content of my email?

Step 6: Replacing email images

After trying a couple of combinations of content and images, I realized that Gmail was in fact flagging my emails because of images I had hosted on Imgur.

I use Imgur to host a lot of images because it's free, simple to use, and fast. The blog post, sponsor image, and header all used Imgur as their host, but by replacing the images on Imgur with images hosted in Google Drive, the "Suspicious link" warnings immediately went away.

Final analysis

Before:

Before

After:

After

I learned a lot about email delivery during this process, but it also confirmed a common complaint about working with Google. They're often not very transparent about their rules, and sometimes - as in this case - the rules don't even seem to be consistent or logical. Imgur is a perfectly reasonable choice for hosting images, so it seems strange that Google would enforce a rule that penalizes it.

I'd love to hear your thoughts. Is there something else I could do to get my emails delivered in Gmail without this warning? Hit me up in the comments or on Twitter.

Discussion (1)

Collapse
tvld profile image
Tom

Also struggling with the same. It seems that the email links to services that compete to Google's, you are more likely to see suspicious warnings. Using Google's own alternatives will solve the "problem".