I wrote about how the use of the ping attribute for click tracking in HTML emails can be a more resilient for the email ecosystem.

On 23 January 2026, I received an email from Salesforce about a security issue that impacted click tracking:

Salesforce Security recently became aware of a security issue that affected links in emails sent through Marketing Cloud Engagement, including: Clicks, CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, and View as a Web Page.

Prior to the fix, this issue—if exploited—could have allowed an unauthorized party to view or access data displayed on CloudPages and certain subscriber information, specifically for Forward to a Friend, Profile Center, Subscription Center, and Unsub Center. In addition, an unauthorized party could have potentially viewed emails sent through View as a Web Page.

Salesforce's solution was to expire all affected links (included click tracking links) prior to 21 January 2026:

Out of an abundance of caution, links generated prior to January 21, 2026 at 23:00 UTC were expired at January 23, 2026 at 21:00 UTC: Clicks, CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, and View as a Web Page.

While the ping anchor tag attribute would not have prevented the issue entirely, its adoption for click tracking in the email ecosystem could have reduced complexity, preserved link integrity, protected the recipient experience and limited business impact when failures occurred.

It's the difference between the solution being "all affected links are now expired" to "affected links still work but click tracking is disabled."

Function first. Measure second.