Many corporations do have systems that click every link in inbound emails to check them, I assume against huge lists or heuristics of suspicious domains. Not to different from “endpoint security” solutions that check every link you click in a browser.