Please improve magic link login: some corporate emails click on all incoming links

Wanted to report the following issue: Some users systematically encounter expired login links.

I believe this happens because some corporate email systems systematically click on all links in incoming emails (a spam defence mechanism). (And so by the time a magic link reaches the user, it has already been clicked).

This is why I notice that other apps with magic link (like Notion) rely on a number sequence, rather than a link (or offer both alternatives). ie they send you a number you can input.

Another advantage of requiring user to input a number is that it allows for better UI. Consider this flow:

  1. user lands on a paywalled article they want to read
  2. they subscribe
  3. they click on link
  4. link opens a new tab that results in going to some page that is not the original article the user intended to read

If the login was based on entering a number sequence, this problem would be solved.

Finally, does the link have to expire after 1 use or even after 24 hours? Ghost is an app that protects articles, not vital banking or medical information. It seems to me that these rules can be relaxed.


Thank you for bringing this to my attention, Joseph (via the Slack chat) as I missed your post on the forum. I wonder if the Ghost staff are aware of this issue?

1 Like

Got to forum early so I can try to get some attention from the many Brits in the Ghost community…any chance you can please shed some light @Kevin?

In summary, has the team thought of email systems that systematically click on incoming links in email as a spam defence…and how it might expire the single-use magic link?