Users are getting blocked from opening email links - branded link tracking

Application Security SSL / TLS
1

What is the name of the domain?

What is the error number?

Blocked Message

What is the error message?

Sorry, you have been blocked. You are unable to access essentialoilvet.com

What is the issue you’re encountering

We keep getting more complaints about this issue - Some people are blocked from clicking links in our emails. It seems to effect to all of our email links (even the ones going to external websites - they all have the branded link tracking). Here is an example: Click here to find the webinar time in your local time zone. Notice the link it sent through https://url8250.essentialoilvet.com/ls/click?… for the purpose of click tracking. Is there any way to exclude all blocking from all email click tracking links?

What steps have you taken to resolve the issue?

We have no Firewall rules. We have no location blocking. No one should be getting blocked.

Was the site working with SSL prior to adding it to Cloudflare?

Yes

What is the current SSL/TLS setting?

Full

What are the steps to reproduce the issue?

We are not able to reproduce the issue be receive emails daily from email recipients being blocked. It seems random who is blocked and when but it is always email links with branded tracking…not our actual website.

Screenshot of the error

Cloudflare blocked 1.png
Cloudflare blocked 1.png828×1792 153 KB

2

Oops, the example link did not come through correctly. Here is an example of a link to an external site that goes through the branded click tracking…

Click here to find the webinar time in your local time zone.

3

You can check the reason why the request is blocked in your security event log, then adjust your rules accordingly…
https://dash.cloudflare.com/?to=/:account/:zone/security/events

Normally such a subdomain for a mail campaign provider (url8250 looks like a Sendgrid DNS record) needs to be set to “DNS only” and not “Proxied” so it can be verified and should be left that way as it’s pointing at their infrastructure anyway.

[add]
Your default._domainkey DNS record should also be “DNS only”…
https://cf.sjr.dev/tools/check?7de19f0ca2c94ed6b957855fddc7e96d#dns-mail

1 Like
5

Unfortunately, if we set it to “DNS only” the users are told the email link is not secure. The only reason we use Cloudflare is to have the https on our branded link tracking with Sendgrid. Thank you for any help you can offer!

6

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.