Level 2

Delivered

Pardot is filtering out bot clicks, why won't Marketo?

Forum|Forum|7 years ago
March 10, 2019
11 replies
34906 views

Pardot recently announced they are putting several things in place to get rid of bot clicks. One of the simplest ones being IP-based filtering. We have asked Marketo if they could forward the IP address with click data so we could do something about it. Marketo already has this information. Why can't they filter clicks based on IP addresses that many of these security appliances publicise?

Rejecting clicks before the email was even delivered, would be helpful too.

There are some obvious patterns Marketo to look for - like clicks on every single link or multiple links in a very short timespan.

Or clicks that didn't result in a web pageview. We don't have a simple mechanism to link the two, since Marketo doesn't send the clickId to the web pageview. But Marketo has that info.

This is becoming a big problem, since we can't do any lead nurturing or other campaigns due to bots clicking.

Thanks.

Swapna

Marketo

SanfordWhiteman

Level 10

"announced" != "successfully implemented"

Nothing is obvious. What you're referring to as "security appliances" are in fact VMs on cloud and private infrastructure whose IPs are shared by human users. That is the whole idea, to not be able to tell the mail scanners apart from humans. If your infrastructure can distinguish machines from humans, that means the malicious actors can do the same thing, rendering the security layer useless.

Or clicks that didn't result in a web pageview.

Correctly operating scanners do result in a pageview.

Swapna_GAuthor

Level 2

Sanford,

I understand not all bot clicks will ever be caught. We have verified manually in our log files that there are several page views from IP addresses that are Barracuda Email Security Service IP Ranges or for Proofpoint etc. The corresponding clicks were still in Marketo. From the appliance's perspective, it doesn't really hurt them if you recognize their IP addresses, as their job is done, once they inspect your links. But the harm is done from our perspective, as it inflates the click numbers, not to mention the nurture campaigns are rendered useless.

Can Marketo either do something to remove these, or provide us the tools like the IP address in click information, or clickID in web view. How is this not a huge concern for anyone trying to do any type of lead nurture or scoring?

I get your point that "announced is not the same as successfully implemented", but at least Pardot is doing something to address this big problem for the marketers!

Swapna

Swapna Gupta

SanfordWhiteman

Level 10

From the appliance's perspective, it doesn't really hurt them if you recognize their IP addresses, as their job is done, once they inspect your links.

This is 100% not true.

If I am a malicious actor and I can tell whether a mail scanner is checking my phishing links, I can return safe content to the scanner, then return malicious content to the unsuspecting end user whose links were deemed safe.

Lauren_Temmler1

Level 2

@Swapna G To remove bot clicks our awesome admins were able to run some smart lists around timing. Bots click and open within seconds of delivery or at the same time. Humans not as quickly. A lot more when into their fix and it still isn't 100% but the data is much cleaner. Good luck!

Amy_Goldfine

Level 9

Can you elaborate on what you guys have set up?

Amy GoldfineMarketo Champion & Adobe Community Advisor

Swapna_GAuthor

Level 2

Amy, we have been downloading click data and cleaning up the clicks based on a few rules. The challenge is that it's a lot of work that we need to do and at the end of all this, the partially cleaned data is not in Marketo. So running lead nurture campaigns or scoring logic is of not much use.

I have read at least 10 -12 really long chains of discussions just on Marketo forums about users complaining of bot clicks issue. What's surprising to me is that its still not a priority!

Swapna Gupta

Gunjan_Batra1

Level 4

We built a Talend processor (with spam identification logic) to tag people with Bot activity in Marketo. Suppressing entire IP is not a great option because it also removes genuine clicks from that person (if any).

Also, not every link in email is .html, some of them are PDF and Doc too. View webpage does not work there.

Brent_M

Level 2

We just switched from Act-On to Marketo and are getting around 5k bot clicks. We ended up suppressing the 5k bot clicks from future sends. This is not ideal as we assume a lot of those 5k bot clicks are valid emails. We would rather have clean data without a bunch of fake clicks. This was never an issue in Act-On. Come on Marketo!

SanfordWhiteman

Level 10

Act-On has exactly the same behavior except for a small number of old Barracuda subnets.

This is not something that has been fully solved by any tracking provider, for good reason.

Brent_M

Level 2

I'm not sure what Act-On does differently. We are still using both Act-On and Marketo. When we send an email through Act-On we get almost 0 bots. When we send an email through Marketo to the exact same list we get around 5k bots.

Derek_Vansant1

Level 1

I've noticed that bot clicks tend to occur on the text version of emails. Anyone know whether excluding clicks on the text version of emails is a viable approach? Text version clicks can easily be identified by adding ?text to the urls on the text versions.

SanfordWhiteman

Level 10

I've noticed that bot clicks tend to occur on the text version of emails.

There's no such connection to the MIME type. If there were, again, the concept of scanning would be meaningless.

Derek_Vansant1

Level 1

I trust you that there's no direct connection, but there seems to be some correlation. Every time I have tracked text and html links separately and analyzed suspicious clicks they tend to be from the text version. That said, thank you, you've confirmed that this is not a definitive approach for sniffing out bots and it seems there may never be one.

I tend to lean on downstream metrics like web page clicks and form fills to avoid the issues with email click-throughs. I avoid using clicks in scoring and triggers as well.

Jake_Keller

Level 2

@Sanford Whiteman any thoughts on using hidden links to identify bots, and then ignoring all clicks from that lead? You'll never catch them all, and it will deflate your numbers, but at least (hopefully) they'll be more accurate of the remaining people?

Justin_Cooperm2

Level 10

The issue with this is:

What if the scanners stop clicking hidden links. It's fairly straightforward to identify what a "hidden" link is in the HTML and there is no guarantee they would keep clicking them (especially if clicking something like that helps malicious actors identify scanners more easily...see convo above in this thread).
Even if scanners do click the hidden link, the human recipient may click links in that email at a later time. You would not want to throw away all the clicks ever...
Which leads me to another point...the scanners are also getting more advanced where they will not click all the links at once or even within an identifiable timeframe. Similar to point #1 this helps malicious actors identify the behavior as from a scanner. So, the more sophisticated ones will mix up the # of links that are being clicked, as well as when.

Swapna_GAuthor

Level 2

Thanks Justin, Sanford and everyone else for chiming in.

I really appreciate the discussion and I understand that this is not a simple problem to solve. No wonder this similar discussion have come up across multiple threads since earlier than 2015. But then, where does it leave us? I'd think most of us who signed up to buy Marketo or other automation softwares had lead scoring and nurturing on their list of things they wanted to use the tool for. But with bot clicks, that whole paradigm is rendered useless. What's the point of scoring a lead when you can't be sure that the activity is even valid? A big reason why marketers choose email marketing, is because you can measure results. You can't even look at the trend line or compare to see if one email performed better or worse than the other campaign. Worse than having no results is to have inaccurate results. The answer cannot be that email marketing is dead, thanks to the scanners. Or is it?

Swapna Gupta

John_Horton

Level 2

I still haven't seen an adequate response from Marketo about why Pardot is actively addressing this but Marketo is not. That's not acceptable. A "best-in-class" marketing automation platform should be trying to fix this instead of having customers rely on a bunch of end-user workarounds.

Justin_Cooperm2

Level 10

Hi John,

Did you see some of my comments above? Do you oppose our point-of-view to not implement anything that does not truly work?

I actually just had a meeting this week with a large team of data scientists that we now get to benefit from as part of Adobe. But, this issue is not simple and Pardot is not "solving" this issue. We are members of many email deliverability consortiums and have even engaged with the email security vendors themselves.

@Kiersti Esparza‌ - any data points to share here to add some color for our customer base?

Justin

John_Horton

Level 2

There are documented workarounds in this community that end users themselves have implemented to get much more accurate reporting on email clicks. Why can't those be incorporated into the platform itself? Why should the end users have to do these workarounds themselves just to get accurate email click tracking? Why does Marketo's analytics even bother reporting the email click-thru rate anymore since it's wildly inaccurate? It seems like Marketo's position is "we'd rather do nothing because it's complicated and there's no one thing that will give completely accurate click tracking". I would take mostly accurate tracking or even somewhat accurate tracking over ridiculously inaccurate tracking. I know your claim is that Pardot's fix doesn't fix a lot of issues. But at least it seems like they're doing SOMETHING to improve the situation.

Swapna_GAuthor

Level 2

Just came across this article and couldn't help but posting here -

https://invadosolutions.com/marketing-automation-news/pardot-feature-ignore-bots-clicking-email-links/

I was hopeful this channel is something, Marketo product team would take into consideration, for input on new feature enhancements....why wouldn't you want to stay competitive on a critical front that impacts the usability of the system for all of your clients?

I would really like to hear from the product team if anything is being done about this issue. Thanks.

Swapna

Swapna Gupta

SanfordWhiteman

Level 10

A claim to be able to do something isn't the same as actually doing it. 1000% more so in enterprise software.

Brent_M

Level 2

Sanford, so what is it you think they are doing? I'm not disagreeing with you, but I doubt a company as big as Pardot is just making up a warning about click rates shrinking, bots being filtered, etc. I assume they won't' completely fix the problem but it sounds like they are putting at least some type of fix.

K

kh-lschutte

No text available

Show more replies

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded