I get this question often, so I thought it would be a good thing to write up and share here, for future reference. Let's break it down. The concern raised here is that a sender could be sending from domain A, probably fully authenticated with SPF and DKIM, but links in the body of the email message reference domain B. Domain B could be example.com, it could be click.example.com/cl.example.com, it could be yahoo.com, or something else. The good news is, that's okay. It is expected. ISPs don't look at a comparison of the click tracking domain to the sending domain and make a determination that an email must be bad or questionable simply because those two domains don't match. If ISPs did immediately jump to conclusions about that sort of thing, I'd have trouble using my Gmail account to email a friend a link to a news article I just read on CNN.com. The from address would be me at gmail dot com, but the link(s) in the message body would say cnn.com.
Short answer: There's not much to worry about there. Longer answer, there can be two different caveats to be aware of.
- Domain reputation matters, even in the body of the message. Some ISPs block mail referencing or linking to domains that they consider to be excessively spammy. That means even if you're a good sender, if the body of your email contains a link to a spammy domain, the ISP could block that message. Does it specifically damage your sending reputation? Probably not, but it definitely means that the affected messages aren't going to get through. It'd be a bit glib to just say "don't do business with shady characters," because you don't always know what else a company may be up to or if they could have a negative domain reputation. This isn't always easily avoidable, if you send out emails containing links to other sites, but it's something to be aware of. When you start to get weird content-related blocks from just one or two ISPs, it's something you'll want to test for, isolating content and doing iterative testing to narrow down which bit of content -- which domain -- could be the culprit. These aren't always caused by Spamhaus listings, but it can't hurt to check the Spamhaus DBL to make sure your vendor, partner, or advertiser's domain(s) aren't listed there.
- Be careful with link wrapping. Microsoft, in particular, used to be pretty fussy about writing out one domain in a link that leads to a different domain. Meaning, don't write out www.yahoo.com in the hyperlinked part of a link, when it doesn't directly go to www.yahoo.com, without any layer or redirect or click tracking in-between. If the message source shows that the link goes to click.example.com (perhaps for click tracking), but the text between the A tags in your HTML say "www.yahoo.com," that's a potential red flag and some ISPs probably will perceive the message to be a phishing attempt. Be careful to avoid this, as the only fix for this is to stop doing it. Instead of writing out your domain name in the text as "www.example.com," Try writing it out as your company name or use some wording like "visit our website" instead.