Live Direct Marketing logo
Inbox Placement Test
Content9 min read

Links in email: how many is too many for spam filters

There is no magic link count. What matters is the reputation of every domain you link to, whether shorteners or trackers obscure the destination, and whether anchor text matches where the link goes. The 5-link rule of thumb is fine. The reasoning behind it is more important.

"Don't put more than 3 links in your email" is repeated everywhere. Like most rules of thumb, it's directionally useful and mechanistically wrong. Filters don't penalise the count. They evaluate every single link independently — domain reputation, redirect chain, anchor text honesty, link/text density. A message with 8 links to clean domains can inbox better than one with 2 links to fresh domains on bad IP space.

TL;DR

Every link in your email is scored. Domain reputation per link (URIBL, SURBL, Spamhaus DBL), redirect chains, link shorteners, and anchor-text-vs-target mismatch all matter more than raw count. 5 clean links beats 2 dirty ones.

Per-link domain reputation

Filters check every URL in the message body against multiple domain blocklists:

  • SURBL (Spam URI Real-time Blocklists) — domains observed in spam payloads.
  • URIBL (URI Blocklist) — multi-zone blocklist for URLs.
  • Spamhaus DBL — Domain Block List for known abuse domains.
  • Provider-internal lists — Gmail, Outlook and Yahoo maintain their own URL reputation databases that aren't public.

A single hit on any of these for any link in your email can send the entire message to spam. Filters lookup the registered domain (eTLD+1) and the full hostname. New domains, domains on IP space associated with abuse, and domains hosting open-redirects all score badly.

Redirect chains

A link that redirects through multiple hops before landing on the real destination scores worse than a direct link. Spammers commonly chain redirects to obscure the real URL — through shorteners, through compromised intermediate sites, through their own redirect domain.

Modern filters at Gmail and Outlook follow redirect chains and score the final destination, not just the first link. They also score the chain itself — more hops = more suspicious. Practical consequences:

  • A direct link to your domain: best.
  • A link through your own click-tracker (e.g., track.example.com) to your destination: fine, if the tracker domain has reputation.
  • A link through a third-party shortener to your destination: inherits the shortener's reputation (poor).
  • A link through 2+ external services before reaching the destination: heavily suspicious.

Click trackers and the reputation problem

Every email service that tracks clicks rewrites links to point through a tracking domain. The mechanism is sound — the domain you use to track is the issue.

Shared tracking domains (the default at most ESPs) accumulate reputation across all customers. One spammer using the same tracking domain as you can drag down placement for everyone sharing it. This is why dedicated tracking domains (a custom subdomain of your sending domain pointing to the tracker) are increasingly recommended:

  • Reputation builds with your domain only.
  • Aligns with DKIM/DMARC for the parent domain.
  • Most major ESPs support custom tracking domains.
Shared trackers are quietly costing you placement

If you're on a default shared tracking domain (r.tracking-esp.com, etc.) you're sharing reputation with every other customer of that ESP. For high-volume senders this is fine — abuse is moderated. For new senders on small-tier plans, the shared pool can be poor. Custom tracking domain is one of the cheapest deliverability wins available.

Shorteners are flagged on sight

bit.ly, tinyurl, t.co, goo.gl (deprecated but lingering), ow.ly — every major link shortener has been abused at scale by spammers. Filter behaviour:

  • bit.ly: minor penalty by default; can be amplified if the target domain is flagged.
  • tinyurl: heavier penalty — long association with spam.
  • Custom-branded short links (your-brand.ly): minimal penalty; treated as your domain's reputation.

For cold email and B2B outreach, never use generic shorteners. Either link directly or use a custom-branded shortener with your domain. The handful of saved characters is not worth the reputation cost.

Anchor text vs target mismatch

A link displayed as "https://chase.com/login" that actually points to https://chasebank-login.suspicious-domain.tkis a phishing pattern. Filters detect this.

Mismatch is scored when the displayed text contains a URL or hostname that differs from the actual href. It is also scored, more weakly, when the displayed text strongly implies a destination that the link doesn't match — e.g., "Click to download invoice" pointing to a marketing landing page.

Practical rule: if the visible link text contains a URL, that URL must match (or be a clean rewrite of) the actual href. For descriptive anchor text, the destination should reasonably match the description.

Link-to-text ratio

Beyond the count, the ratio of link characters to body text matters. A 50-word email with 10 links reads as a link farm. The same 10 links inside a 500-word email read as a normal newsletter.

Rough guidelines from real testing:

  1. 1-3 links in cold outreach: ideal.
  2. 4-7 links in a transactional email: fine if domain is clean.
  3. 8-15 links in a newsletter: acceptable for Promotions placement.
  4. 20+ links: penalty starts to stack regardless of domain.

Unsubscribe link is required, not optional

For commercial / bulk email, the unsubscribe link is required by CAN-SPAM (US), GDPR (EU) and CASL (Canada). Filters positively weight its presence:

  • List-Unsubscribe header (one-click): the modern standard, required by Gmail/Yahoo for high-volume senders since 2024.
  • Visible unsubscribe link in body: required for legal compliance and for the small percentage of users who go looking.
  • Unsubscribe link domain reputation: yes, this is checked too. A clean unsubscribe domain is a positive signal.

Practical link rules for 2026

  • Audit every link in every campaign against URIBL/SURBL before sending. Several free tools do this.
  • Use a custom tracking domain if you have any volume.
  • Never use bit.ly or tinyurl in business email.
  • Anchor text should honestly describe the destination.
  • For cold outreach: 1 link, max 2. The point of cold email is to start a conversation, not to drive traffic.
  • Newsletter: keep below 15 distinct destination domains.
  • Test placement after any new link is introduced.

Frequently asked questions

Is one link in a cold email better than zero?

Generally yes — zero links from a cold sender can be slightly suspicious (looks like a one-pixel email). One link to your own clean domain (your website, a calendar booking page) is the sweet spot. Zero is fine if the email is clearly conversational and asking a question.

What about social-media icon links in the footer?

They count. Five social icons = five links. The destinations (linkedin.com, twitter.com, etc.) have strong reputation so the score impact is minimal, but they do contribute to the per-link evaluation total.

How do I check if a domain is on URIBL or SURBL?

Use mxtoolbox.com/blacklists or surbl.org/lookup. Spamhaus DBL is checkable at spamhaus.org. Many email-validation services also check link reputation as part of their reports.

Does adding nofollow to email links affect spam scoring?

No — nofollow is an HTML hint to search engines, ignored by mail clients and filters. Don't bother adding it for spam-scoring reasons (it's also unnecessary for SEO purposes in email).
Related reading

Check your deliverability across 20+ providers

Gmail, Outlook, Yahoo, Mail.ru, Yandex, GMX, ProtonMail and more. Real inbox screenshots, SPF/DKIM/DMARC, spam engine verdicts. Free, no signup.

Run Free Test →

Unlimited tests · 20+ seed mailboxes · Live results · No account required