Email is one of the highest-value channels for re-engaging mobile app users. A well-timed campaign can pull a dormant user back into your app, straight to the product page, cart, or content they care about. Universal Links make that seamless handoff possible — but only when they survive the journey from your email service provider (ESP) to the user's inbox intact. More often than not, they don't.
If you are new to Universal Links, start with our complete guide to Universal Links for the fundamentals before diving into email-specific issues.
This guide covers exactly what breaks Universal Links in email, why it happens, and how to fix it for the major ESPs.
Why Universal Links Break in Email
To understand the problem, you need to know how Universal Links work at a basic level. When iOS encounters a link that matches a domain listed in an app's Associated Domains entitlement, it checks that domain's Apple App Site Association (AASA) file at /.well-known/apple-app-site-association. If the path matches a rule in that file, iOS opens the app directly instead of Safari. The entire mechanism is tied to the original domain of the URL.
Email service providers break this by design.
When you send a campaign through Mailchimp, SendGrid, Klaviyo, Salesforce Marketing Cloud, HubSpot, or virtually any modern ESP, those platforms wrap your links. Every link in your email gets rewritten to point at the ESP's own tracking domain — something like click.sendgrid.net/ls/click or mailchi.mp/track/click. The user's click goes to the ESP's server first, which logs the click and then redirects to your original URL.
From a click-tracking perspective, this works perfectly. From a Universal Links perspective, it is fatal. The domain in the email is now click.sendgrid.net, not your domain. iOS sees that domain, checks if an AASA file exists there, finds nothing matching your app, and falls through to Safari. Your user ends up in the browser instead of your app.
This is not a bug in Universal Links. It is the expected behavior. Universal Links are deliberately strict about domain ownership as a security measure — Apple documents this in the Supporting Associated Domains section of the developer documentation. Any redirect through a third-party domain breaks the chain. For a deeper explanation of how redirects interact with Universal Links, see our article on Universal Links and redirects.
The Three Approaches to Fixing It
There is no single universal fix. The right solution depends on which ESP you use, how much control you have over its configuration, and whether you need click tracking at all.
Option 1: Custom Tracking Domain on Your Subdomain
Most ESPs allow you to configure a custom tracking domain. Instead of wrapping links with click.sendgrid.net, the platform wraps them with a subdomain you control, like email.yourdomain.com or track.yourdomain.com.
Once you own the tracking domain, you can host an AASA file on it. Your AASA just needs to include a path entry that matches the wrapped link patterns the ESP generates. Typically these look like /ls/click* or /wf/click* depending on the platform.
Here is an example AASA entry for a SendGrid custom tracking domain:
{
"applinks": {
"details": [
{
"appIDs": ["TEAMID.com.yourapp.ios"],
"components": [
{ "/": "/ls/click*", "comment": "SendGrid click tracking" }
]
}
]
}
}
With this in place, iOS intercepts the ESP's tracking URL, opens your app, and your app receives the click URL. You then need to parse the original destination URL from the tracking URL's query parameters, which varies by ESP.
The drawback: hosting an AASA on a subdomain requires that subdomain to serve the file over HTTPS with the correct Content-Type: application/json header. See our AASA file setup guide for the full hosting requirements. Apple's CDN caches AASA files aggressively. Changes can take 24-48 hours to propagate to devices. Plan for this lag when setting up or updating configurations.
Option 2: Disable Link Wrapping Per-Link or Per-Campaign
Several ESPs let you opt individual links out of click tracking. This preserves your original domain, which means Universal Links work exactly as intended.
In Mailchimp, you can disable click tracking for individual links by setting the data-mc-disable-tracking="true" attribute on anchor tags in the HTML editor.
In SendGrid, you can use the clicktrack substitution tag or disable tracking at the campaign level for specific links via the API using "click_tracking": { "enable": false } in the mail settings.
In HubSpot, there is no per-link tracking opt-out in the drag-and-drop editor. You need to use the HTML editor and add rel="noopener noreferrer" combined with specific HubSpot directives to disable wrapping.
In Klaviyo, link tracking is on by default and cannot be disabled per-link through the visual editor. You need to use template tags in the HTML editor or disable tracking at the account level.
The obvious downside to disabling click tracking is that you lose click data for those links. If email attribution is important to your team, this tradeoff may not be acceptable. You can compensate partially by appending UTM parameters to the link before sending it — you lose the ESP's click count, but you retain attribution data in your analytics platform.
Option 3: Redirect Chain Through Your Own Domain
A middle-ground approach is to insert your own redirect before the ESP's tracking URL. Instead of putting https://yourdomain.com/products/123 directly in the email, you put https://go.yourdomain.com/r?target=... — a short-link or redirect endpoint on a domain you control. The ESP wraps that, so the chain is:
ESP tracking URL → go.yourdomain.com/r?... → yourdomain.com/products/123
This does not actually solve the Universal Links problem for the first click, because the ESP's tracking domain is still first. But if you configure your custom ESP tracking domain (Option 1) AND serve an AASA on it, the ESP URL gets intercepted by iOS, your app opens, and you can decode the destination from the tracking URL's parameters. The intermediate redirect becomes unnecessary in that case.
Where this approach becomes useful is when you cannot configure a custom tracking domain on the ESP but you still want some control. You can set your own redirect domain to return a 302 and include your app's custom URI scheme as a fallback, though custom URI schemes are less reliable than Universal Links and not recommended as a primary strategy.
Apple Mail vs Gmail vs Outlook
The email client matters, and the behavior differences are significant.
Apple Mail on iOS respects Universal Links well when the link domain is correct. If you have solved the domain problem (via custom tracking domain plus AASA), tapping a link in Apple Mail will open your app reliably. Apple Mail also does link prefetching for security analysis, which means your AASA file gets fetched proactively when an email is opened — this can help with caching but also means malformed AASA files will show errors faster.
Gmail on iOS is more complex. Gmail's mobile app renders emails in a sandboxed WebView rather than using iOS's native link handling. Universal Links do not fire from within Gmail's WebView reliably. This is a known limitation that Google has not addressed. Links tapped inside Gmail typically open in Gmail's in-app browser (Chrome Custom Tabs equivalent), not in your app.
One workaround for Gmail: use a link that triggers a custom URI scheme as a fallback, wrapped in a script-based redirect. This is fragile and inconsistent. A more practical approach is to accept that Gmail users will land in the browser and ensure your web fallback page includes a smart banner or prompt to open the app.
Outlook on iOS has its own link-processing layer. Outlook rewraps links through Microsoft's safelinks.protection.outlook.com domain for security scanning, on top of whatever your ESP does. This means even with a custom tracking domain on your ESP, Outlook may add another domain hop. There is no reliable way to prevent Microsoft's SafeLinks from running on recipient-side Outlook accounts managed by an organization's IT policy. Consumer Outlook accounts are less affected.
Samsung Mail and other Android clients do not support Universal Links at all — Universal Links are an Apple specification. On Android, the equivalent is Android App Links. The same ESP wrapping problem applies there, with the same AASA-equivalent fix using the Digital Asset Links JSON file at /.well-known/assetlinks.json.
Testing Email Deep Links
Testing email Universal Links is genuinely annoying because the standard developer flow (tapping a link in Safari) does not simulate what happens in an email client.
The most reliable test method is to send a real email to a test address and open it on a physical device. Simulators do not support Universal Links. TestFlight builds support Universal Links and are a good testing target without needing to go through App Store review.
Steps for a complete test:
- Send the email through your actual ESP (not a preview). Link wrapping only happens in real sends.
- Open the email on a physical iPhone running the TestFlight or production build.
- Test in Apple Mail first (the baseline case). Then test in Gmail and Outlook separately.
- If the link opens Safari instead of your app, use
curl -Ito trace the redirect chain and identify exactly which domain broke the Universal Link.
curl -I -L "https://click.sendgrid.net/ls/click?..."
Follow the redirects and look at each domain in the chain. The first domain that is not in your app's Associated Domains entitlement is where things fall apart.
Apple also provides a CDN status tool at https://app-site-association.cdn-apple.com/a/v1/yourdomain.com where you can check what version of your AASA Apple has cached. If your AASA changes are not taking effect, this is the first place to look.
Link Preview Considerations
When users forward emails or paste links into iMessage, WhatsApp, or Slack, those apps generate link previews by fetching the URL server-side. This server-side fetch hits the ESP's tracking URL, which counts as a click in your ESP's analytics. You may see inflated click counts in campaigns with high forward rates or where links are shared in chat.
More relevant to Universal Links: link previews are generated server-side, which means they are not subject to the Universal Links mechanism at all. The preview shows web content. Only the actual user tap triggers Universal Links. This is worth knowing when debugging unexpected click counts that do not correspond to app opens.
Platform-Specific ESP Notes
SendGrid / Twilio: Custom tracking domains are available on all paid plans. Use the click_tracking.enable_text setting carefully — text emails also get link wrapping by default.
Mailchimp: Custom domains for link tracking require a paid plan. The setup is under Account Settings > Domains. Mailchimp's tracking paths follow a consistent pattern (/track/click/*) which makes the AASA rule straightforward to write.
Klaviyo: Custom tracking domains are available and required for this approach. Klaviyo wraps links with paths like /link/c/*, so your AASA component should cover /link/*.
Salesforce Marketing Cloud: SFMC uses click.your-domain.com as the default and supports custom subdomains. The tracking path format is */l.aspx*. SFMC also has a SAP (Sender Authentication Package) feature that ties together custom tracking domains, from addresses, and reply-to domains.
HubSpot: HubSpot's tracking domain can be customized under Settings > Tracking and Analytics > Tracking URLs. Path patterns are */e3t/* or */f/* depending on the email type.
Putting It Together with Tolinku
If you are managing deep link routing across multiple channels, including email, push, and paid campaigns, Tolinku's deep linking features handle the AASA configuration and redirect logic centrally. Instead of maintaining AASA rules per-ESP per-subdomain, you configure your routes once and Tolinku serves the correct association file content for each domain you register.
This matters most when you have multiple ESPs across different teams or when your AASA needs to cover several apps under the same domain. Keeping that configuration in one place reduces the surface area for mistakes.
The Short Version
Universal Links break in email because ESPs wrap links through their own tracking domains. The fix is either to host an AASA file on a custom ESP tracking domain you control, or to disable link wrapping for specific links and accept the loss of click tracking. Apple Mail handles Universal Links correctly when the domain is right. Gmail on iOS does not, due to its WebView architecture. Outlook adds Microsoft SafeLinks on top of everything else.
Test on real devices with real sends. Use curl -I -L to trace redirect chains. Check Apple's CDN cache when AASA changes are not propagating. And account for link preview fetches inflating your click counts.
For e-commerce teams, the stakes are even higher. Our guide on deep links in e-commerce email campaigns covers cart recovery, product recommendation, and transactional email flows in detail.
The email channel is worth the setup complexity. Users who click through from email have already shown intent. Getting them into the app instead of the browser increases conversion rates on virtually every metric that matters.
Get deep linking tips in your inbox
One email per week. No spam.
