We use Mailchimp to send email alerts to journalists.
Recipients from 3 specific news organisations are being automatically unsubscribed. We have confirmed that they are not clicking unsubscribe, nor have they forwarded an email to someone who might have clicked. It is not affecting subscribers in other news organisations.
Nothing is happening at our end except having Mailchimp respond to unsubscribe requests, which we are legally obliged to do.
investigations seem to have narrowed down the issue to Office 365 advanced security features.
According to https://blogs.office.com/en-us/2017/01/25/evolving-office-365-advanced-threat-protection-with-url-detonation-and-dynamic-delivery/, O365 Advanced Threat Protection "now goes further and analyses the web address for any signs of malicious content".
It seems that ATP is following the unsubscribe link to check the site, thereby activating the link.
Is there a solution I can pass on to the sysadmins of the affected organisations?