I've experienced something similar myself, while trying to figure out why one-time login links were expiring for random outlook.com email addresses. Digging into the server logs I saw a Microsoft IP address send a HEAD request of the login link included in the email, which was invalidating the one-time link.

I solved it by having my app ignore HEAD login requests and only process GET requests, as my robots.txt file disallows indexing.

Still really rubbed me the wrong way. I figured it was some kind of anti-phishing gimmick, but the fact that they're just using it to populate their spider is an egregious violation of user trust.

@hbenjamin There are many reasons for systems to automatically visit links contained in emails. Some feel pretty evil (see OP's link) but others are definitely good (inspection for safety).

So the conclusion about not sending magic links is probably a good one.

Microsoft outlook has also a link protection feature that "scan" links in order to prevent the user to go to a malicious website.

That is the ad.

When the user clicks on the link in outlook email, microsoft is notified and will also make a visit to the link. However this visit will happen a few seconds after the user reaches the link endpoint so he could already be trapped....
This is done to avoid a long delay on link clicks I guess but it defeats the security argument.