Contents x
      Triple Opt-In to solve issue with Microsoft Safelinks
      • 1 Minute to read
      • Print
      • Dark
        Light
      Contents

      Triple Opt-In to solve issue with Microsoft Safelinks

      • 1 Minute to read
      • Print
      • Dark
        Light
      Article summary

      Recipients may encounter errors on one-click Double-Opt-In (DOI) pages when the DOI message is sent to an email address protected by Microsoft Safelinks or other link scanning tools. This occurs because these tools scan the links in the message before the recipient accesses the pages, potentially causing unintended actions and errors.

      What happens

      1. When an email arrives, Microsoft Safelinks converts the original links in the email to Safelinks, which redirect the user to Safelinks rather than the actual target URL.

      2. When the recipient clicks on a Safelinks-protected link, their browser takes them to the Safelinks page, where they wait for it to load. During this time, Safelinks identifies the real target URL.

      3. While the user is waiting, Safelinks submits the target URL for a security scan in the background.

      4. Once the security scan is complete and the page is deemed safe, the user is allowed to continue their navigation.

      5. The user's browser is redirected to the expected link.

      Problem

      The issue arises when the target page, such as a DOI confirmation page, lacks a mechanism to differentiate between the page scan in Step 3 and the legitimate user's page access in Step 5. Both actions appear as legitimate page reads, leading to potential errors. The scan is rapid, with less than a half-second delay between steps 2 and 5.

      Workaround

      The only solution is to convert Double Opt-In (DOI) to Triple Opt-In (TOI). In TOI, a "stop" page is added, requiring users to explicitly click a validation button to execute the page's function. This ensures that the click is from a real user, not a malware scanner.

      To implement the workaround, please contact Mapp's Technical Services team.

      Triple Opt-In (TOI) Logic

      1. Initial Opt-In: The Recipient receives a confirmation email.

      2. Double Opt-In: The recipient clicks the confirmation email link, leading to a confirmation page with a validation button.

      3. Triple Opt-In: The recipient clicks the validation button, confirming their membership.

      DOI Logic

      1. Initial Opt-In: The Recipient receives a confirmation email.

      2. Double Opt-In: The recipient clicks the confirmation email link, and membership is automatically converted to "active."

      To implement TOI, use default subscribe links and add a confirmation button. DOI relies on custom subscribe links and performs the action upon link click, making it vulnerable to scanning.

      Was this article helpful?
      What's Next