Several years back, I installed some form of ad blocker on my Mac. Basically what this blocker does is prevent me accessing (almost) all links directly from received emails.
Below is a copy of the type of message I get when attempting to click on an email link
I feel like a complete idiot as I am unable to even recall the name of this adblocker. I can’t even remember where I got the instructions to do this from!? Whatever, it is becoming tedious when I get a genuine email and need to type in my browser bar to get to a website referred to in an email. Searches using HoudahSpot, for numerous keywords including for ublock, adblocker, adguard, etc reveal nothing.
I would greatly appreciate some (any) advice on how to proceed.
At one time, there was a popular ad-blocking technique that wasn’t a program. Instead, you were given a text file to paste into the file at /etc/hosts on your machine. If that’s what you did, it would explain why you don’t remember the name of an adblocker and cannot find it by searching.
See, for example:
If you copy the URL that gives the error and paste it into a different browser and it still doesn’t work, that might be what’s going on.
If you have a text editor, you can look at /etc/hosts. It shouldn’t have much in it. If there is a long list of IP addresses like 127.0.0.1 or 0.0.0.0 followed by domain names like klclick.com, then that’s what’s going on. If so, ask if you need help deleting the extraneous hosts entries.
Ron , thanks! I do recall that during the process of installation, I had an extremely long list of IP addresses/names like klclick, klclick1, etc - in a .txt file. However, my /etc/hosts is completely empty.
Also, to answer your question, if I copy the link/image/whatever in the email and paste it into a different browser, it still doesn’t work. So, for example, if I get an email from Goruck.com and click on it, I get the error message as shown in my first post. If I copy that link into a different browser, I get the same error message. However, I have zero problems if I type Goruck.com into any of my browsers
Check to see if your browser has a PAC file configured. If it does, try removing it or view/edit the PAC to remove the lines that are giving you problems.
Man, I thought for sure @ron hit it. Maybe those hosts you recall living in a .txt file found their way into another file in macOS that is considered along with /etc/hosts (pure speculation–I don’t really know whether such files exist)? What do you get if you run the following command in Terminal (lists the current hosts & their IPs in the DNS cache):
Hmmm. So I guess we can infer from that that those addresses (klclick, etc.) are not being cached, which would imply they’re not being read from some other /etc/hosts-like file.
I doubt this will directly lead to a solution to your problem, but it does seem odd that your /etc/hosts file is completely empty. Below are the default contents, which mostly have to do with ensuring that localhost resolves appropriately. You might try adding this to your /etc/hosts file and re-running the dscacheutil command and see if it at least then reports cache entries for localhost and broadcasthost.
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
This is the most interesting part of your message. If it was a hosts file configuration it would block it in any app trying to access the site. But you show that it fails if you copy the URL – but it succeeds if you type it manually.
Just out of curiosity, what is the result if you type the following:
ls -l /etc/hosts*
It should show the hosts, hosts.allow, hosts.deny and possibly some default files along with their sizes and dates.
Something on router between Mac and the Internet (probably not due to test results)
ISP shenanigans
Mail extension
Browser extension
Browser settings
Firewall
Anti-virus, for example Sophos monitors network connections from browsers
Certificate issues
Which web browsers do you have installed, besides Safari? I’d suggest changing the default web browser in System Settings, and then try your email test again. If it works, then you’ve narrowed it down to Safari-related.
Also, what do you mean exactly by:
Are you manually entering a different URL than the URL that you’re cutting/pasting?
I’m getting a feeling this is related to URLs being upgraded to https. There’s a policy related to this in Safari or Firefox; I ran into weird problems with this long ago.
This feels like a browser extension issue to me, but as @mschmitt and others have suggested, there are other possibilities.
If you installed an ad blocker, the ad blocker may have installed its extension in multiple browsers. Definitely double-check your browser extensions.
In Safari, go to “Settings” and click on the “Extensions” button.
In Chromium-based browsers (e.g., Chrome, Opera, Edge, a few others), look for an Extensions menu item or button, or type chrome://extensions/ in the address bar.
In Firefox, go to “Add-ons and Themes” in the Tool menu.
Once you see the Extensions, you can disable any that might be guilty.
The link to kclick in the photo in your first post is a tracking link that goes to a GoRuck.com product page. I gather that you are comfortable typing on the command line. Try typing ping ctrk.klclick.com on the command line in Terminal.app. You will either get a successful response quickly or a delayed error message. If you get a successful response, you can rule out DNS configuration as the cause. If you get an error message, then the plot has thickened.
Since you remember seeing a text file somewhere with a long list of domain names, take a look at the /etc/resolv.conf file or any files which may be in the /etc/resolver directory. This is where additional DNS configuration files are stored. Note: you may not have an /etc/resolver directory.
I’m getting an ever expanding list (still going). I’ve copied the initial part of it. It starts like this and is stll adding more lines in the same format:
PING cloudflare.klaviyodns.com.cdn.cloudflare.net (104.17.94.1): 56 data bytes
64 bytes from 104.17.94.1: icmp_seq=0 ttl=56 time=3.496 ms
64 bytes from 104.17.94.1: icmp_seq=1 ttl=56 time=3.391 ms
64 bytes from 104.17.94.1: icmp_seq=2 ttl=56 time=4.045 ms
64 bytes from 104.17.94.1: icmp_seq=3 ttl=56 time=3.697 ms
64 bytes from 104.17.94.1: icmp_seq=4 ttl=56 time=3.547 ms
64 bytes from 104.17.94.1: icmp_seq=5 ttl=56 time=4.283 ms
and so on …
Thanks, Jeff - I’m lost here. I “know” what you want me to do, but am clueless as to how to actually do. Please will you hand-hold me through the steps … thanks!
Thanks. That means that DNS is working as it should. If you haven’t already done so, you can close the terminal window or cancel the ping command by typing ctrl-c, i.e., holding down the “control” key while typing the “c” key.
I also think we can eliminate mail extensions, since the link to klclick is being sent correctly to your browser.
Most likely, the issue is a browser extension or perhaps a buried browser setting. Hopefully, it is an extension, as that will be easier to track down.
Edite to add: It is possible that your ISP or something else has blacklisted certain domains, though. Also, do you still run into trouble if someone sends you a link that shouldn’t reasonably be blocked? Like google.com or wikipedia, etc.?
Yes, I am manually entering a different URL. If I cut and paste it from say a Goruck email it is in the format https://ctrk.klick.com/long alphanumeric string. To get to Goruck manually after seeing an email from them I type in Goruck.com
This tells me that the /etc/hosts file is empty and does not have numerous entries to block domains. On the other hand, it should not have a size of zero. There should be a minimum of a few entries. The file /etc/hosts~orig probably contains the original entries.
In any case, I think we can eliminate the hosts files as the cause of the problem.
Thanks. I asked about the other links because sometimes email providers will add things to URLs that might cause problems. For example, the Outlook web interface will add a safelinks link to the beginning of links in inbound emails. Although I haven’t had problems with that specific Outlook practice, I wanted to try to rule out that category of problem. Since some links work, we probably can rule that out.
A couple of other basic questions:
What version of macOS are you using?
Are you able to duplicate the behavior using a different user account on your Mac, i.e., logging in to the Mac as a different user?
Are you able to duplicate the behavior using a different computer on your network?
I ask those questions to narrow down if the issue is in your Mac account, your Mac generally, or something between you and the rest of the Internet (your router or your ISP).
PS. I’m signing off for the night, so I won’t reply to any new info for at least eight hours or so.
