I was reading through this discussion: Bot-checks in emails that highlights an issue were security software clicks all the links in an email to verify none are malicious. All of these clicks are logged in Marketo so this discussion was focused on filtering out bot clicks to get better reporting.
Today, this topic led me to ask the question, Should we as marketers be concerned about this issue with regard to capturing double opt-in consent?
The purpose of Double Opt-In is to gain consent from the individual that asked to receive your emails by having them confirm their selection via email, however the issue outlined above leaves room for false positive consent.
Imagine the unideal scenario where a prospect takes legal action as they did not consent to receive email becasue "they" did not click the link in the email to confirm, but their security bot did.... would really suck....
Is anyone else concerned about this? Thoughts from others? Should we need to ask Marketo to put a solution for bot clicks in place before GDPR is in place? Am I over thinking this?
Solved! Go to Solution.
So they fill a general subscribe form and check the box to receive email, then send them the "confirm consent" email that directs them to a consent confirmation form, correct? That would make the process more bulletproof but does require the user to take some extra actions. I guess the secondary confirmation form could be minimal and only require email, but how do I ensure a bot doesn't get to my consent confirmation form page URL? No index/nofollow is an obvious first step, but can anything else be done to only make the page accessible via the "confirm consent" email?
If a bot (search engine or spambot in this case, not mail scanner) finds your confirmation page, (a) the search engine isn't going to submit the form, and (b) the spambot isn't going to submit in the context of the specific lead. The confirmation form doesn't even require that email be a field on the form.
So you literally provide no fields on the form and based on them being cookied marketo will capture the form submit, correct? Never used a form with no fields which is why I ask....
Right, the mkt_tok (included in every tracked link if you don't turn it off) will associate the session without the email address.