How does MailChannels encode click-tracking URLs?

When you enable click tracking for your outbound emails sent via MailChannels Email API, MailChannels automatically replaces the HTTP and HTTPS links in your message body with custom tracking URLs. This allows you to monitor recipient engagement and track click-events in real time.

MailChannels uses a modern, "stateless" encoding system for click tracking URLs. This method ensures that redirects are lightning-fast, highly reliable, and cryptographically secured against tampering or sabotage.

Here is a breakdown of how these tracking links are created and why they are secure.

Anatomy of a Tracking Link

When an email goes out, your original link is transformed into a URL that looks like this:

https://[BASE_DOMAIN]/[CUSTOMER_HASH]/[SID_HASH]/[ENCODED_TOKEN]?v=2

Here is what each part of the URL represents:

• BASE_DOMAIN: The MailChannels click-tracking service domain (e.g., click.mailchannels.net).
• CUSTOMER_HASH & SID_HASH: Secure, SHA-256 cryptographic hashes of your customer handle and Sender ID. This routes the click data correctly without exposing your plain-text account information in the URL.
• ENCODED_TOKEN: A secure, URL-safe Base64-encoded package that contains the actual destination of the link and security signatures.
• ?v=2: A parameter telling our servers to decode the URL inline.

What is inside the Encoded Token?

Instead of storing your original links in a database - which can slow down redirects or lead to lost links if a database is purged - MailChannels packs all the necessary information directly into the Encoded Token.

When decoded by our servers, this token contains:

• The Message ID associated with the specific email.
• Whether the original link was HTTP or HTTPS.
• The Original Destination URL.
• An HMAC-SHA256 Digital Signature and Key ID to secure the payload.

When a recipient clicks the link, our servers instantly unpack this token, register the click event to your dashboard, and redirect the user to their final destination.

How Links are Secured Against Sabotage

A common concern with tracking links is URL tampering—where a malicious actor attempts to alter the tracking URL to redirect unsuspecting users to a phishing site or spam the tracking system.

MailChannels completely prevents this type of sabotage using HMAC-SHA256 integrity verification.

Here is how our security protects your links:

1. Cryptographic Signing: When the URL is generated, the original destination link and the Message ID are mathematically combined and signed using a secret MailChannels key. This creates a unique "HMAC Digest" (a digital fingerprint) that is embedded into the URL token.
2. Tamper Detection: When a link is clicked, our server recalculates that digital fingerprint. If a malicious actor alters even a single character of the destination URL inside the token, the fingerprint will no longer match.
3. Automatic Rejection: If the signature check fails, the MailChannels server immediately rejects the request and returns a 404 Not Found error. It is computationally impossible for an attacker to forge a valid tracking link for a different destination without possessing our internal cryptographic keys.

Furthermore, the system supports Key Rotation (via the Key ID field). This means MailChannels can regularly update the secret keys used to sign these links, ensuring long-term security without breaking links that have already been sent to your recipients.