%0d%0a in query string causing corrupt analytics cookie

Hi,

We're send our emails through a company that uses Campaign Monitor. Very recently, we started seeing this code added into the Google Analytics query string:

http://oursite.com/?utm_source=CampaignCompany&utm_content=0&utm_campaign=our_campaign_name+_+kdzf&utm_term=%0d%0a

Visiting this link creates a corrupted analytics cookie in Safari on OS X 10.4 (Firefox and OS X 10.5 work without issue). Anytime a user visits the site after clicking on the link, they'll see this message, until the cookies are cleared:

Bad Request

Your browser sent a request that this server could not understand.
Request header field is missing ':' separator.

|utmcct=0; __utma=94567066.344575884443755500.1251399331.1251399331.1251399331.1

I believe the problem is the presence of %0d%0a
(line feed and carriage return) characters in the URL, that is somehow triggering an issue with Safari correctly parsing cookies.

I've spoken to our agency about the problem, and we're unsure as to why this has started to occur suddenly, and only with particular links in our emailer. Our agency has already submitted a support ticket about the issue, but I'm curious enough about the problem to post here as well.

Thanks.

Join 200,000 companies around the world that use Campaign Monitor to run email marketing campaigns that deliver results for their business.

Get started for free
1-888-533-8098