Filter Out Bot Clicks - Require Email Open?

cblack
Level 2

Filter Out Bot Clicks - Require Email Open?

We've recently started seeing a high number of clicks generated by bots. We have many smartcampaigns that fire off of clicks link in email. Would requiring clicks link in email AND opened an email in the past day resolve this? At least some of it? What other solutions have people found? Is there an item on the roadmap to automatically filter these out?

18 REPLIES 18
Aseem_Gupta
Level 2

Re: Filter Out Bot Clicks - Require Email Open?

Hi @cblack 

 

In order to track Bot clicks, simply create Bot likelihood Campaigns with clicks counter and visits counter and then based on clicks and visits counting, decide whether the lead is bot or not.

 

For example :

Bot Likelihood is high when someone is clicking CTA multiple times and visiting page is empty (or not recorded in marketo)

Bot Likelihood is low when someone receives future email (email is delivered is recorded into marketo)

 

Thanks!

 

 

Aseem_Gupta
Level 2

Re: Filter Out Bot Clicks - Require Email Open?

In addition to my above post, this may not be the 100% accurate/reliable way and would be great to have more thoughts.

cblack
Level 2

Re: Filter Out Bot Clicks - Require Email Open?

What you are describing makes sense but it also sounds like a manual process to review and clean up. I am looking for something that at least improves the situation and is automated.

SanfordWhiteman
Level 10 - Community Moderator

Re: Filter Out Bot Clicks - Require Email Open?

There's no automated (let alone fully accurate) method. Remember, the whole idea of mail scanning is to seamlessly impersonate a human to see if the payload is malicious. Anything you can do in real-time to detect a scanner, a malicious operator can do as well, making the scanner meaningless.

Denise_Greenb10
Level 2

Re: Filter Out Bot Clicks - Require Email Open?

I've stopped using email clicks as a means of measuring success and have been using page visits instead (as in visited page with utm parameter string indicating the visit came from the email). I know bots an also cause page visits but until recently I hadn't been seeing it. Now that's changed in the Marketo instance of at least one of my clients. Has anyone developed a way to automatically identify page visits from bots?

 

Secondly, back to the issue of clicks, I have a client asking me if it means anything with regard to "bot or not" when the click comes from an "unknown device" - as in this screenshot from the "click email" event in an activity log:

Denise_Greenb10_0-1603476592107.png

 

SanfordWhiteman
Level 10 - Community Moderator

Re: Filter Out Bot Clicks - Require Email Open?


Now that's changed in the Marketo instance of at least one of my clients. Has anyone developed a way to automatically identify page visits from bots?

It's not possible to automatically identify a single pageview, as it's deliberately designed to use a headless browser and look just like an interactive (human) pageview.

 

People don't realize that a scanner that is unable to parse HTML + JavaScript that's found in the initial request (the request to the branding domain) is worthless.  That first request fetches the branding domain page, which in turn does an immediate JavaScript-powered redirect to the original target URL. So if you want to check whether the first content shown to the user is malicious, you must at least follow the JS redirect and load the next page in full.

 


Secondly, back to the issue of clicks, I have a client asking me if it means anything with regard to "bot or not" when the click comes from an "unknown device" - as in this screenshot from the "click email" event in an activity log:


It just means the device (derived from the User-Agent) isn't in the list of known devices; it may be a mail scanner but since correctly functioning mail scanners take care to use known User-Agents, not worth filtering on.

Denise_Greenb10
Level 2

Re: Filter Out Bot Clicks - Require Email Open?

@SanfordWhiteman  Thank you, Sandy! Another question - do link scanners sometimes also go on to click links on the web page linked to by the email? We're wondering if this PDF download is a bot based on the timing.

 

Denise_Greenb10_0-1603497980043.png

If so, wow. Link scanners don't fill out forms, too, do  they?

SanfordWhiteman
Level 10 - Community Moderator

Re: Filter Out Bot Clicks - Require Email Open?


Thank you, Sandy! Another question - do link scanners sometimes also go on to click links on the web page linked to by the email?

Not links that aren't followed (automatically) when a human hits the page. AFAIHave seen thus far.

 

 


If so, wow. Link scanners don't fill out forms, too, do  they?


Not if the form typically requires a button push, that would be a horrible security risk.

 

The idea is to mimic actions that don't require end-user interaction.

Denise_Greenb10
Level 2

Re: Filter Out Bot Clicks - Require Email Open?

Hi @SanfordWhiteman - This is a snippet from an activity log that caused me to ask if a bot could visit a page and then go on to click a link on the page. It's the time stamps that raise suspicion:

 

Denise_Greenb10_0-1604000483617.png

What do you think?