Level 5

Question

Bot or Not? – Are you suffering from ‘bot clicks’?

Forum|Forum|7 years ago
September 4, 2018
12 replies
26706 views

If you are a marketer, you probably have heard about the somewhat new and emerging enemy: The Email Security Bots. The war is on and we have been standing clueless for a while, watching from the side while the Bots were messing with our numbers, with no real solution available.
Well, it’s time to fight back!
It all started a couple of years ago when some of our customers noticed a surge in email click metrics and they also pointed out some interesting and strange behaviors in their data:

Seconds after email is delivered, they see a high volume of clicks
They noticed a high volume of clicks from the same account/company
The activity log shows ‘clicked a link in an email’ before the ‘email open’ event and in many cases without visiting the actual page

Our research concluded those behaviors are typical for Bots, and NOT for humans. The bots' role is to click each link in emails, sent to the domain they protect, to prevent harmful clicks that can harm the company by flagging them as a phishing scam.
The implications of those Bots clicks can be devastating for marketing teams worldwide.
All your marketing numbers could be way off. It means you’ve been counting clicks completely wrong in your marketing automation program. Not to mention the impact on your scoring, interesting moments and nurturing campaigns and obviously your reports.
We, at eDigital.Marketing, did an extensive research and came up with a solution that we would like to share with you. We implemented it in our customers' instances and our customers are surprised by the findings and are satisfied with the results.
We started by running a test on an email that was part of a nurturing campaign already built in Marketo.
The test was using a Smart Campaign that was listening to page visits and email delivery.
The program was running for about five days to allow enough time for prospects to actually click on the link in the email.
Five days later we ran a new Smart Campaign just to collect data from Marketo about "clicked the link in the email" without any filters at all.
We downloaded both lists to excel and checked for clicks in Marketo that were NOT in the list we have created. Here are the shocking numbers:
Marketo counted 327 clicks WHILE the Smart Campaign only identified 91 of those clicks as real people who clicked the link and actually visited the page.

So at that point, it was pretty simple to calculate that approximately 72% of those clicks were fake and were made by ‘Bots’, we then identified and created a list of the companies that are using bots as part of their IT security infrastructure.
To make things even more complicated, we then went ahead and made some additional research on the list and found that a third of the remaining ‘humans’ can NOT be counted as clicked anyway since they visited the webpage in the past and NOT by using the email we've tested. The Smart Campaign was flagging them since the email was delivered to them and indeed in the past, they visited the page.
BUT since we compared the Marketo clicks to the Smart Campaign clicks, those ‘humans’ (that didn't click but visited the page) where excluded and therefore no extra calculating was needed.
To make sure the data is correct, we sampled some ‘Bot’ leads and checked their logs in Marketo. All leads from all companies who were suspected to be using ‘bots’ were showing the activity of a ‘bot’ - clicked but no open nor visited page.
In conclusion, out of 327 clicks identified by Marketo, only 91 were Humans.
Now all was left for us to do is to add a few Smart Campaigns to neutralize the Bots and stop them from disrupting the scoring system, the interesting moments and all reporting.
We now have a Bot system running in the background making sure all our numbers are correct and not just making us look good.

Marketo

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.

Show previous replies

Denise_Greenbe7

Level 3

Hi @Sanford Whiteman‌ & All -

I just posted this question but realized I did so to an old thread. Meant to post it here.

I'm wrestling with this issue, too, for my clients. It makes it really hard to evaluate the impact of emails unless they lead to a form. My latest idea is to only change someone's program status to clicked if they have clicked at least twice (or 3 times) on any of the links. E.g.:

Filter 1

Clicks link in email, email is A, link is A

Min number of times = 2

Filter 2

Clicks link in email, email is A, link is B

Min number of times = 2

etc.... a filter for each link (and filter logic is "any"). A bit of a nuisance to build when emails have multiple links. But what do you think? Wouldn't this tactic have a better chance of weeding out link scanners? I'm assuming, of course, that the first click is the link scanner but if there's a 2nd click it's a person.

Chris_Wilcox

Level 8

Hey Denise,

I get what you're going for here with this solution, and it's certainly an option to consider, but now you're docking those first-time REAL clicks. Instead of weeding out bot clicks, you're also weeding out actual, real life engagement.

For example, we've used some raw data from the database along with time stamps on the activity logs to try to identify frequent known-bot-click-domains (we're entirely B2B), and try to weed those out of reporting. We don't NOT send to those people, and we count the bot clicks overall, but we don't adjust lead score using those activities for contacts on those domains. We know we're filtering out some real activity, but we have decided that being confident in our leads being passed to sales is more important than having 100% accurate engagement numbers (so long as we're still driving value for the org as a whole).

Definitely not an easy problem to solve and I don't expect it to ever go away. Best of luck!

Denise_Greenbe7

Level 3

Hi Chris,

Yes, you're right that I'd be docking (or just not crediting) the first-time real clicks. I was thinking of that as interim solution until I've devised a good method of identifying the known-bot-click-domains in our database. Since we mostly target large companies I have the impression just looking though "clicked" lists that most of them employ link scanners so I think I'm okay with erring on the side of under-reporting.

How do you handle clicks in terms of email program success status? That is, does "clicked" count as success?

Thank you for your input!

Best,

Denise

Mike_Mastropaol

Level 3

Thanks all for the great, detailed discussions on this very aggravating topic. I've been trying to read up on all this for several days. I did not find it questioned/answered anywhere if this false clicks from email security software programs can click the same link multiple times. Does anyone know if that happens?

I have 3 clicks to the same link from one person. All clicks are within the first minute of the email being delivered. There is no following VWP activity. Only the 3 clicks. All the links in this email were clicked by this person within the first minute of delivery but this was the only linked they clicked 3 times.

Thanks.

SanfordWhiteman

Level 10

...if this false clicks from email security software programs can click the same link multiple times. Does anyone know if that happens?

Oh, for sure. And not just multiple times in the short period after receiving the email, but when quarantines are rescanned it could happen at any time.

Mike_Mastropaol

Level 3

Wow. This is a tough one. Thanks for the intel.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded