Live Direct Marketing logo
Inbox Placement Test
Metrics8 min read

Tracking wrappers break on every email client update

Tracking URLs look robust until a client update silently changes URL encoding, pre-fetch rules, or security wrapping. Here is a running list of what has broken in the last 18 months.

Click tracking is a brittle system balanced on assumptions that email clients and mailbox providers do not actively want to honour. Every year or two a major client ships an update and you lose between 2% and 15% of your click fidelity overnight. Nobody tells you. The chart just dips and marketing assumes a content problem.

This article is a catalogue of breakages we have observed between late 2025 and early 2027, and a lightweight process to detect new ones before your quarterly QBR.

Outlook on Windows: the long-dash breakage

In the March 2026 update, Outlook for Windows began normalising some punctuation in displayed links when the HTML used— or en-dash characters near query params. The displayed link still worked, but the underlying click event lost the utm_term token for a subset of users because of how Outlook handled Unicode in the clipboard path. Share-button click tracking on emails with long copy was affected.

Mitigation: encode all query-string characters strictly, avoid non-ASCII punctuation inside URL parameters, and never rely on shared clipboard tracking from within Outlook.

Apple Mail 16.4: extra pre-fetch on swipe

Apple Mail gained a swipe-to-preview gesture on iOS 17 and carried it into macOS Ventura updates. When the user swipes to preview a message, Mail Privacy Protection pre-fetches remote content including, in some configurations, link preview metadata. Several senders reported a 6% to 12% bump in recorded clicks that did not correspond to conversions.

  • Signal: clicks per user increased in Apple Mail segment but CTR-to-conversion ratio dropped.
  • IP: Apple relay ranges, often 17.0.0.0/8.
  • Fix: filter Apple relay IPs from CTR, keep them only in delivery confirmation.

Gmail Android: TLS fallback failures

Gmail Android 2026.09 added stricter TLS validation for link destinations. If your tracking domain served a cert with a mid-chain that was missing from the Android trust store (notably some Let's Encrypt R10 chains during the summer 2026 transition), the click silently failed. No error shown to user. No click recorded in ESP.

This was invisible in dashboards — the drop in Android clicks looked like normal variance until a few senders compared before/after OS deploys.

Monitor your tracking domain cert chain

Set up an external monitor that checks your tracking domain for TLS chain completeness on every major mobile OS. Services likessllabs.com flag incomplete chains. Fix them before your ESP does.

Thunderbird 115+: referer stripping

Thunderbird 115 and later strip the HTTP Referer header by default on email-originated clicks. If your analytics depends ondocument.referrer for attribution, you will see a growing "direct" bucket for Thunderbird users. Not huge volume in B2C, but meaningful in developer and OSS newsletters.

Spark and Superhuman: link preview hydration

Modern power-user clients (Spark, Superhuman, Shortwave, HEY) hydrate link previews on open or hover. Each hydration is a GET to your tracking URL. In Superhuman's case, hovering over a link fires a HEAD request. Spark fetches on message focus.

Most of these requests are semi-human — a user is looking at the email — but they distort the engagement model. A link "clicked" 5 times in 3 seconds is not 5 conversion events.

A small compatibility matrix

Client              | Version  | Breaking change                         | CTR impact
--------------------+----------+-----------------------------------------+-----------
Outlook Windows     | 2026.03  | Unicode in query strings                | -2% to -4%
Outlook 365 Web     | 2026.11  | SafeLinks v3 stricter rewrites          | +5% to +15% noise
Apple Mail iOS 17   | 17.4     | Swipe-preview pre-fetch                 | +6% to +12% noise
Gmail Android       | 2026.09  | TLS chain validation                    | -4% to -8%
Gmail Web           | 2026.12  | Link pre-fetch for heuristic-flagged    | +1% noise
Thunderbird         | 115+     | Referer stripping                       | attribution loss
Spark iOS           | 2026     | Hydration on focus                      | +2% clicks per user
Superhuman          | 2026     | HEAD on hover                           | +1% noise
Yahoo Mail Android  | 2025.11  | Empty UA on some fetches                | invisible clicks
ProtonMail Web      | 2026     | Image/link strip in high-security mode  | CTR drops

How to detect new breakages

  1. Stable seed list — maintain a test mailbox per major client. Run a canary email weekly with a known link set and diff the recorded events.
  2. Client-segment dashboards — split CTR, open rate, and conversion rate by User-Agent family. Sudden steps in a single family within a week usually mean a client update.
  3. Follow release notes — Outlook, Apple Mail, Gmail, Thunderbird all publish. Skim the ones that mention networking, TLS, HTML rendering, or tracking.
  4. Subscribe to deliverability forums — when a wrapper breaks, someone on EmailGeeks Slack notices within hours. Be that person or at least listen to them.
Sanity check with real inboxes

If a dashboard metric moves and you cannot tell whether it is a client update or a real deliverability change, run an inbox placement test. Inbox Check sends your exact HTML to 20+ real mailboxes and shows you where it lands — free, no signup. Any diff between placement stability and metric shift isolates the cause.

Practical advice for builders

  • Keep tracking URLs short, ASCII-only, and served over TLS 1.2 with a complete chain.
  • Prefer first-party tracking domains over shared ESP domains. When a shared domain breaks, you are at the end of a long queue to be fixed.
  • Version your tracker. Include atracker=v5 param so you can A/B test new tracker code without guessing which version fired.
  • Write integration tests for URL generation. Fuzz the template with every Unicode punctuation character you use in copy.

FAQ

Isn't this what ESP vendors are supposed to handle?

Yes, and they do, slowly. ESPs fix breakages weeks after they become visible. If you're running lifecycle programs where every point of CTR matters, you cannot wait.

Can I just stop using tracking wrappers?

You can, and for some segments (transactional, high-trust subscribers) it's a clean choice. For marketing, some form of URL rewrite is needed for click attribution — just own the fragility.

Does using AMP for Email fix any of this?

AMP handles its own engagement events differently and is less affected by traditional tracking breakages, but AMP adoption is narrow (mostly Gmail Web). Not a general solution.

How often should I audit the compatibility matrix?

Quarterly at minimum, monthly if you ship product releases tied to email campaigns. A 30-minute script run against your client-segmented events catches most surprises.
Related reading

Check your deliverability across 20+ providers

Gmail, Outlook, Yahoo, Mail.ru, Yandex, GMX, ProtonMail and more. Real inbox screenshots, SPF/DKIM/DMARC, spam engine verdicts. Free, no signup.

Run Free Test →

Unlimited tests · 20+ seed mailboxes · Live results · No account required