If you are a marketer, you probably have heard about the somewhat new and emerging enemy: The Email Security Bots. The war is on and we have been standing clueless for a while, watching from the side while the Bots were messing with our numbers, with no real solution available.
Well, it’s time to fight back!
It all started a couple of years ago when some of our customers noticed a surge in email click metrics and they also pointed out some interesting and strange behaviors in their data:
- Seconds after email is delivered, they see a high volume of clicks
- They noticed a high volume of clicks from the same account/company
- The activity log shows ‘clicked a link in an email’ before the ‘email open’ event and in many cases without visiting the actual page
Our research concluded those behaviors are typical for Bots, and NOT for humans. The bots' role is to click each link in emails, sent to the domain they protect, to prevent harmful clicks that can harm the company by flagging them as a phishing scam.
The implications of those Bots clicks can be devastating for marketing teams worldwide.
All your marketing numbers could be way off. It means you’ve been counting clicks completely wrong in your marketing automation program. Not to mention the impact on your scoring, interesting moments and nurturing campaigns and obviously your reports.
We, at eDigital.Marketing, did an extensive research and came up with a solution that we would like to share with you. We implemented it in our customers' instances and our customers are surprised by the findings and are satisfied with the results.
We started by running a test on an email that was part of a nurturing campaign already built in Marketo.
The test was using a Smart Campaign that was listening to page visits and email delivery.
The program was running for about five days to allow enough time for prospects to actually click on the link in the email.
Five days later we ran a new Smart Campaign just to collect data from Marketo about "clicked the link in the email" without any filters at all.
We downloaded both lists to excel and checked for clicks in Marketo that were NOT in the list we have created. Here are the shocking numbers:
Marketo counted 327 clicks WHILE the Smart Campaign only identified 91 of those clicks as real people who clicked the link and actually visited the page.
So at that point, it was pretty simple to calculate that approximately 72% of those clicks were fake and were made by ‘Bots’, we then identified and created a list of the companies that are using bots as part of their IT security infrastructure.
To make things even more complicated, we then went ahead and made some additional research on the list and found that a third of the remaining ‘humans’ can NOT be counted as clicked anyway since they visited the webpage in the past and NOT by using the email we've tested. The Smart Campaign was flagging them since the email was delivered to them and indeed in the past, they visited the page.
BUT since we compared the Marketo clicks to the Smart Campaign clicks, those ‘humans’ (that didn't click but visited the page) where excluded and therefore no extra calculating was needed.
To make sure the data is correct, we sampled some ‘Bot’ leads and checked their logs in Marketo. All leads from all companies who were suspected to be using ‘bots’ were showing the activity of a ‘bot’ - clicked but no open nor visited page.
In conclusion, out of 327 clicks identified by Marketo, only 91 were Humans.
Now all was left for us to do is to add a few Smart Campaigns to neutralize the Bots and stop them from disrupting the scoring system, the interesting moments and all reporting.
We now have a Bot system running in the background making sure all our numbers are correct and not just making us look good.
Hey Denise,
Depending on the program and audience (we see large pockets of auto-clicks with specific audience segments), we may use the person's web visit as the benchmark for program success. Many in this thread have shared that they see bots triggering web page views as well, but I've done a ton of testing with our audience and Marketo data, and I do not experience that within our instance at this time.
The way I do this on a program-by-program basis is by using a Visits Web Page trigger program using the querystring of page visits to the website. Since we tag all of our emails with Google Analytics tracking params, we basically just put that program's campaign ID into the querystring constraint, then any page visited to the site with that in the querystring triggers the program to set success. This way if you have 3 links in your email to different pages, the trigger is just looking for anyone landing on the site with your GA tags in place for that program. I'm also playing around with tokenizing by appending program.id to all links, then dynamically searching for that in my trigger but haven't built that out fully as of yet.
Couple things to note: 1) You will see less page visits than clicks. Every time. Just natural drop off of users quick bouncing combined with the bot click problem, that's normal. 2) Your experience with bots also triggering this page view may differ from mine. I've done lots of testing, and it appears to be fairly clean for the small group I use this approach with in our database as far as I can tell.
Good luck!
We have seen a similar situation to this thread creeping in on our metrics.
Recently, I decided to break down our email traffic by Browser and Browser version, in accordance with some helpful tips from this article.
Specifically, this part:
The most common fingerprint of a bot visit (within Google Analytics) is very low quality traffic – indicated by 100% New Sessions, 100% Bounce Rate, 1.00 Pages/Session, 00.00.00 Avg Session Duration, or all of the above.
The Criteria:
Looking at traffic using the criteria above (slight deviation in sessions vs new sessions OK), also checking out if they hit a goal completion or not. Traffic is from Q1'19
The Findings:
Of the 70K users/sessions, about 2K of them appear to have actual activity attached to them.
This would indicate about 2.85% of my email clicks were from email traffic. Put another way 97% of our email traffic was likely from these email scanners.
Image Snippet from GA report:
Conclusion:
We're still tackling exactly how to approach reporting of true email traffic, but one thing is for sure: all is not what it seems!
I'm sure this has been asked and answered, but I can't find it explicitly, so here goes:
Why can we not add a wait step? So the functionality would look like this:
Smart List: Email is Delivered
Flow:
- Wait 10 Seconds
- Request Campaign (Your normal email processing campaign)
This way you're not monitoring activity on the email until 10 seconds after delivery, which should exclude the majority of bot activity (but I understand not 100% of it).
Either way, if you deliver an email, track link clicks 10 seconds later. then lead them to a page with either an active form or a hyperlinked path, your stats should be relatively clean.
That's my (very top-level) hypothesis at least. Rather than taking the amount of time it would to test though, I figured I'd come to the experts and see if it's even worth my time. 
Another side question I had was the function of the "Clicks Link." Is this an active tracker? OR will it pick up the bot click in retrospect? (rendering the 10 second wait step nearly useless, as everything above can be accomplished without it)
Thanks in advance!!!
Justin
.png)
- Copyright © 2025 Adobe. All rights reserved.
- Privacy
- Community Guidelines
- Terms of use
- Do not sell my personal information
Adchoices