Avatar

Correct answer by
Employee Advisor

Given there are virtually unlimited number of domains and email addresses attached to them, bots  are engineered to crawl email links in an attempt to find malicious links, there are virtually limitless number of bots with different kind of configuration on all email platforms which makes any attempt at detecting bots worthless.

 

You could perform a small scale research by doing the following.

 

  1. Create set of addresses on major email providers (outlook, yahoo, gmail) they will be unmonitored (noone to check inbound email)
  2. Send a daily/weekly email at different intervals of the day
  3. Monitor tracking on these emails through nms:trackingLogRcp schema
  4. Collect browser agent details which contains (uuid, browser version, broser key)
  5. After x number of weeks/months you have enough data collected on your honeypot to at least exclude these uuids from your tracking reports.

 

I performed a small test, sent my self a couple of emails to different addresses without opening them and gathered the following data, only the two highlighted belong to my opens & clicks, the rest were bots which crawled my email, you need to bear in mind that, bots can change and use any kind of user agent configuration, but at least this aims at narrowing it down to at least try to estimate which are bots browser agents/uuids

 

David__Garcia_0-1639430625282.png

 

View solution in original post