Brave Browser Flags Email Links (url3074) as Unsafe
complete
M
Monique Bottger
When sending emails through the platform, links are sometimes routed through a subdomain like url3074._______my domain___.com. In Brave, this triggers a scary warning:
“Attackers might be trying to steal your information...”
I was able to manually bypass it for myself, but if I were a customer, I likely wouldn't click through.
Is there anything you can do on the backend to prevent this warning (SSL, subdomain config, etc.)?
J
Jacky Zhu
complete
J
Jacky Zhu
Monique Bottger: Hi there,
Thanks so much for reaching out to Beacons — we’re really sorry to hear about the trouble you've been having.
After taking a closer look, it appears that certain links in your email automations need to be re-uploaded or updated.
It’s also important to note that for tracking and security purposes, links in email broadcasts are automatically redirected through our system, which may result in a different-looking URL (e.g., something like url8942.yourdomain.com). This is completely normal and should still direct users to the correct content — as long as the destination is properly set.
Again, to provide some proper context: the urlxxxx.yourdomain.com link you're seeing is a tracking link automatically generated by our email service provider. It helps track clicks and engagement for each email you send. These subdomains are configured under your connected custom domain and are part of how we support branded sending and analytics.
The error message you're encountering (such as “Your connection is not private” or “Attackers might be trying to steal your information”) also strongly suggests that this may be tied to local device settings, browser behavior (like Brave’s aggressive privacy filters), or your network configuration, rather than an issue with Beacons’ systems or security.
That said, we know perception matters — and we definitely don’t want these warnings hurting your click-through rates. We're actively reviewing options on our end to reduce the chances of this happening, such as refining how those tracking links are generated or improving SSL propagation for subdomains.
In the meantime, you might try re-adding the link from another browser or device to confirm whether it's being blocked universally or just in specific environments.
Thanks again for bringing this to our attention — we’ll keep you posted if we make improvements here.
Jacob Choi-Durham
Hiya Monique Bottger, thanks for this post! I have a few more questions for you:
- Can you provide examples of the specific URLs that trigger the warning in Brave?
- Have you experienced this issue with any other browsers besides Brave?
- Is there a specific action or type of email that consistently triggers this warning?