Re: Fake clicks from SPAM filters - is there an end in sight?

ChristinaZuniga · ‎01-30-2019

It looks like other systems are solving the issue of fake clicks, specifically ones that come occur because SPAM filters click every link to make sure none are malicious.

There is already an idea asking for this functionality: https://nation.marketo.com/ideas/7095#comment-35229

There are a few discussions that can help you identify if a click is real or fake: Bot or Not? – Are you suffering from ‘bot clicks’? Fake clicks followed by fake web visits Spam filters registering clicks?

This discussion is to generate ideas for how we (or engineers!!) can identify fake clicks to remove them from reporting. Things like...if you get an open or a click (or multiple clicks) before the email is delivered...it implies something!

Amy Connor recommended all links clicked in the same minute be excluded - no human does that. Or excluding certain links like the header. (Christina here - why do we link the header if no one clicks it?!)

Brooke Bartos pointed out that clicking every social link never happens IRL. Too true.

Do you have a suggestion? Jump in!

John_Horton · ‎06-10-2019

It's unbelievable to me that Marketo hasn't found a way to fix this yet. It's been a known issue for well over a year now. These fake clicks make the analytics useless. You'd think it would be a top priority to find a real solution other than end-user workarounds.

Casey_Grimes · ‎02-11-2019

So, I just want to quickly note here that we've discovered a new type of anti-spam checking behavior over the past several days that conventional methods have a hard time capturing. Rather than fire around the time of delivery, it fires on a recurring basis, presumably until the recipient actually opens the emails and clicks on any links. From an antispam point of view, this makes sense--you can't bait and switch the URL contents after delivery--but it's massively annoying to find. I'm trying to come up with a predictable way of catching this outside of IP traffic so it can be managed via Marketo, but it may be a bit until there's a bulletproof way to catch this.

SanfordWhiteman · ‎02-12-2019

There won't be a way to catch this. Whole idea is it's indistinguishable from normal HTTP traffic.

You have to mandate a human-only type of interaction (like waiting until somebody has clicked a button, then retroactively noting that they clicked the email link that led to the page with the button). Any unattended interaction can be forged.

Anne_Angele1 · ‎02-12-2019

Thank you for sharing this. I'm going to poke around and see if any of our clients are experiencing that.

SanfordWhiteman · ‎02-12-2019

I'm going to poke around and see if any of our clients are experiencing that.

Periodic rescanning isn't a brand-new thing, btw. Services have been doing this for 10 years or more, just not in conjunction with the headless browser environments that now enable the scanning to be more accurate.

Debbie_Marguli2 · ‎02-01-2019

We have a hidden link at the top of our templates and if that is clicked we know it is a bot and use a smart campaign to remove from flow.

</tr>

SanfordWhiteman · ‎02-01-2019

This is the same thing David is mentioning, and again you shouldn't be hitting your actual homepage. That could cause a self-DoS.

Frank_Elley · ‎02-07-2019

So would Debbie's solution work better if the href were a bogus url? It would be terrific if we could get an drop-in example that avoids the potential drawbacks. Thanks!

(And just BTW: it's not just spam filters doing this. Increasingly, AI-based email solutions are reading content in order to tag and organize it recipients. Not pertinent to the solution here, but there might eventually be an avenue to understand how email content can play nicely with these as well.)

SanfordWhiteman · ‎02-07-2019

So would Debbie's solution work better if the href were a bogus url?

Yes, although it's not an all-around solution, more a way to throw some more babies out with the bathwater.

Anne_Angele1 · ‎02-01-2019

I'm currently testing a bandaid for reporting and scoring. I created a smart campaign triggered off of an email click OR email delivered with filters saying the click and delivered happened in the last minute with the flow adding them to a static list called "suspected false clicks". I'm going to review the list over the next few weeks and see how accurate what we captured is. I'm debating adding a min of 2-3 clicks as well. If I can narrow it down enough, we can use it to exclude from reporting and scoring.

SanfordWhiteman · ‎02-01-2019

But how will you be testing the accuracy?

Problem with a lot (though not all) of these approaches is that you'll have false positives + false negatives but will never know it, by definition.

Anne_Angele1 · ‎02-01-2019

Manually reviewing activity logs to check for red flags (click before delivery, similar behavior from all leads at the same company, clicks but no open, etc.) and making a judgment call. There's not a perfect system, of course, but doing nothing is also unreliable. So my goal is just to get it narrowed down to a point where it's at least more reliable than with no intervention.

Frankly, I haven't heard a solution that I'm thrilled with and am all ears if you've got other ideas.

David_Gallaghe2 · ‎02-01-2019

There are numerous ways to resolve this. I decided to rely on program statuses and did the following:

I updated my email templates to include 2 linked pixels. one at the very top and one at the very bottom of said email template.
each of those pixels were hard linked to our homage with utm tokens added
I updated the utm_term to read ...&utm_term=clicked-top--{{my.utm_term}} and ...&utm_term=clicked-bottom--{{my.utm_term}} respectively.
updated smart campaign filter: I made sure to exclude anyone who clicked a link containing utm_term=clicked-top or utm_term=clicked-bottom in the past 1 minute .

Additionally, I also added anyone who clicked those links to a global list for safe keeping -- this was mainly as a sanity check to know who's email clients were click-happy.

Whether right wrong or indifferent it worked for me...

SanfordWhiteman · ‎02-01-2019

Linked to your... home page? That means the mail scanner needs to do more work and every send puts more load on your webserver (50,000 emails could == 50,000 hits).

The effectiveness of this method aside, you don't need to link to an extant page to test it. The Clicked Email activity is registered for URLs that do not exist in any publicly-accessible way.

David_Gallaghe2 · ‎02-01-2019

Keep in mind this was my solution almost a year ago with a small db. One thing I did notice is that the link click was tracked in Marketo, but I never saw anyone actually hit the page with that link -- then again that was in Marketo "viewed page" and not GA. Good point Mr. Sanford Whiteman . #badidea

SanfordWhiteman · ‎02-01-2019

Right, even if the hit wasn't logged to GA or Marketo, i.e. not via JS, it's placing load on your webserver (not necessarily fetching secondary assets but fetching the main document). Reminiscent of this: https://blog.teknkl.com/flop-timized-marketo-lps-and-the-case-of-the-350kb-favicon/. In any case, for this particular approach there's no need for a real fetchable URL.

PS. Why not use the link ID instead of UTMs? Same outcome.

Nithish_Bhat · ‎02-01-2019

We implemented a simple solution for SPAM Clicks. If there are more than 3 clicks in the same email. We dont consider it. We built a smart campaign around it.

Rachit_Puri2 · ‎01-30-2019

Here's an helpful article that explains how email clicks are fake - https://www.demandlab.com/insights/blog/want-believe-email-link-clicks-arent-real/

Dan_Stevens_ · ‎01-30-2019

There was an active discussion last February regarding Courtney Grimes’s blog post: Re: [Shared Blog]: I Want to Believe, But: Your Email Link Clicks Aren’t Real

Chris_Wilcox · ‎01-31-2019

To piggy back off of that other discussion and Courtney Grimesarticle, we've also used filter constraints using querystring parameters to identify true clicks as well. In the article/discussion it's pretty well agreed to use web page views as a 'true' indicator of clicking, but if a campaign includes multiple web pages you need to add those every time to every trigger. Since we're already tagging URLs for GA, we can use any web page visit that includes the correct source/medium combination for our GA tracking to know if any given page view was directed via an internally distributed marketing email. This allows a 'catch all' to score those engagements.

In practice, we have different scoring rules based on the content that was engaged with, so we have multiple of these 'catch all' filters running for each of the groups of content and their relative score values, but we've had decent success with this setup. Obviously all depends on your instance and use case!