Filtering out external bot activity

alertmediainc · ‎10-24-2023

For one of our reoccuring email program sends, we have been seeing a huge spike in metrics, due to bot activity. We implemented a recaptcha form per Marketo's suggestion and we've seen our numbers stabilize for our website opens, clicks, and form fills. However, we are seeing that metrics for clicks to external websites that we link in our emails are still super inflated. Since the recaptcha only applies to our company site/form fills, how can I prevent seeing this bot activity on external links we're promoting? If there's not a solution to prevent external bot activity, what is the best way to exclude it from reports?

SanfordWhiteman · ‎10-24-2023

A few things seem mixed together here.

reCAPTCHA on a Marketo form only discriminates between human and automated form fills.

It doesn’t affect Munchkin-tracked pageviews (that is, document loads) nor Munchkin-tracked page clicks (that is, clicks on <a> tags within a document). Munchkin has its own bot detection algorithm but that’s separate from reCAPTCHA.

Tracked email clicks aren’t logged by Munchkin, nor rated by reCAPTCHA. But the Marketo tracking server (a.k.a. branding domain) can implement 2 types of bot detection.

The email click bot detection doesn’t distinguish between clicks whose final destination (“next hop” after being redirected by the tracking server) is a Marketo LP, a non-Marketo page owned by your company, and a page owned by a 3rd party. It treats all of these the same way. And the initial link is always under the branding domain, so mail scanners will scan regardless of the final destination. So I’m perplexed as to how you could be seeing any discrepancy here.

View solution in original post

SanfordWhiteman · ‎10-24-2023

A few things seem mixed together here.

reCAPTCHA on a Marketo form only discriminates between human and automated form fills.

It doesn’t affect Munchkin-tracked pageviews (that is, document loads) nor Munchkin-tracked page clicks (that is, clicks on <a> tags within a document). Munchkin has its own bot detection algorithm but that’s separate from reCAPTCHA.

Tracked email clicks aren’t logged by Munchkin, nor rated by reCAPTCHA. But the Marketo tracking server (a.k.a. branding domain) can implement 2 types of bot detection.

The email click bot detection doesn’t distinguish between clicks whose final destination (“next hop” after being redirected by the tracking server) is a Marketo LP, a non-Marketo page owned by your company, and a page owned by a 3rd party. It treats all of these the same way. And the initial link is always under the branding domain, so mail scanners will scan regardless of the final destination. So I’m perplexed as to how you could be seeing any discrepancy here.

Christiane_Rode · ‎10-25-2023

Adding on to what's already been said, in the Admin section under Email, have you enabled bot activity filtering (not reCAPTCHA)? And are you filtering out instead of logging? If you're only logging instead of filtering, while you'll still see suspicious activity within your programs, you can use a smart list to see if there is anything in common with the flagged accounts.

Also, is there anything else in common for these links with suspicious activity other than their destination? Are they usually the first two links in the email? While not always the case, I have seen some checkers click the first two links in an email (often a header link and then the first CTA) and then stop once they verify the email is safe. Could that be happening here?

Filtering out external bot activity

Filtering out external bot activity

Re: Filtering out external bot activity

Re: Filtering out external bot activity

Re: Filtering out external bot activity