Unknown 3rd party auto-scans emails for EDU recipients

After a newsletter email campaign we are observing spike in return traffic to our Frontends. Unusual, as we don&#x27;t see campaigns going viral immediately. We have a good open rate, but what we see is an order of magnitude.<p>Turns out after a quick investigation, that an unknown 3rd party scans the content and opens the links which generate request to our site.<p>It turns out all recipient domains that are involved in this traffic pattern, are from the Education industry, as they have &quot;school&quot; and other similar words in the domains.<p>- Have you noticed unsusual return traffic generated by auto scans?<p>- Especially&#x2F;only for EDU industry recipients?<p>With the recent cyber attacs to EDU systems last week, could be a spamfilter&#x2F;antivirus, or load balancing armor, that does this content analyses? All IPs that made this traffic pattern are from AWS, somebody pays the bills. Could be a module just turned on recently for email industry either by antispam&#x2F;antivirus, whatever?<p>What&#x27;s your take on this.