SOLVED

Should we be concerned about bots clicking links in email with regard to double opt-in consent?

Go to solution
Keith_Nyberg2
Level 9 - Champion Alumni

Should we be concerned about bots clicking links in email with regard to double opt-in consent?

I was reading through this discussion: Bot-checks in emails that highlights an issue were security software clicks all the links in an email to verify none are malicious. All of these clicks are logged in Marketo so this discussion was focused on filtering out bot clicks to get better reporting.

Today, this topic led me to ask the question, Should we as marketers be concerned about this issue with regard to capturing double opt-in consent?

The purpose of Double Opt-In is to gain consent from the individual that asked to receive your emails by having them confirm their selection via email, however the issue outlined above leaves room for false positive consent.

Imagine the unideal scenario where a prospect takes legal action as they did not consent to receive email becasue "they" did not click the link in the email to confirm, but their security bot did.... would really suck....

Is anyone else concerned about this? Thoughts from others? Should we need to ask Marketo to put a solution for bot clicks in place before GDPR is in place? Am I over thinking this?

1 ACCEPTED SOLUTION

Accepted Solutions
SanfordWhiteman
Level 10 - Community Moderator

Re: Should we be concerned about bots clicking links in email with regard to double opt-in consent?

I would not trust a clicked link as an opt-in, just as I wouldn't use an "instant unsubscribe" link, for exactly this reason. Require a button click on an LP instead.

View solution in original post

5 REPLIES 5
SanfordWhiteman
Level 10 - Community Moderator

Re: Should we be concerned about bots clicking links in email with regard to double opt-in consent?

I would not trust a clicked link as an opt-in, just as I wouldn't use an "instant unsubscribe" link, for exactly this reason. Require a button click on an LP instead.

Keith_Nyberg2
Level 9 - Champion Alumni

Re: Should we be concerned about bots clicking links in email with regard to double opt-in consent?

So they fill a general subscribe form and check the box to receive email, then send them the "confirm consent" email that directs them to a consent confirmation form, correct? That would make the process more bulletproof but does require the user to take some extra actions. I guess the secondary confirmation form could be minimal and only require email, but how do I ensure a bot doesn't get to my  consent confirmation form page URL? No index/nofollow is an obvious first step, but can anything else be done to only make the page accessible via the "confirm consent" email?

SanfordWhiteman
Level 10 - Community Moderator

Re: Should we be concerned about bots clicking links in email with regard to double opt-in consent?

If a bot (search engine or spambot in this case, not mail scanner) finds your confirmation page, (a) the search engine isn't going to submit the form, and (b) the spambot isn't going to submit in the context of the specific lead. The confirmation form doesn't even require that email be a field on the form.

Keith_Nyberg2
Level 9 - Champion Alumni

Re: Should we be concerned about bots clicking links in email with regard to double opt-in consent?

So you literally provide no fields on the form and based on them being cookied marketo will capture the form submit, correct? Never used a form with no fields which is why I ask....

SanfordWhiteman
Level 10 - Community Moderator

Re: Should we be concerned about bots clicking links in email with regard to double opt-in consent?

Right, the mkt_tok (included in every tracked link if you don't turn it off) will associate the session without the email address.