Your Achievements
Level 1
0% to
Level 2
Next /
to gain points, level up, and earn exciting badges like the new Applaud 5 BadgeLearn more!
View All BadgesSign in to view all badges
Open Alert Bar
SOLVED

Should we be concerned about bots clicking links in email with regard to double opt-in consent?

Go to solution
Keith_Nyberg2
Level 9 - Champion Alumni
Level 9 - Champion Alumni
‎01-16-2018 03:34 PM
‎01-16-2018 03:34 PM

Should we be concerned about bots clicking links in email with regard to double opt-in consent?

I was reading through this discussion: Bot-checks in emails that highlights an issue were security software clicks all the links in an email to verify none are malicious. All of these clicks are logged in Marketo so this discussion was focused on filtering out bot clicks to get better reporting.

Today, this topic led me to ask the question, Should we as marketers be concerned about this issue with regard to capturing double opt-in consent?

The purpose of Double Opt-In is to gain consent from the individual that asked to receive your emails by having them confirm their selection via email, however the issue outlined above leaves room for false positive consent.

Imagine the unideal scenario where a prospect takes legal action as they did not consent to receive email becasue "they" did not click the link in the email to confirm, but their security bot did.... would really suck....

Is anyone else concerned about this? Thoughts from others? Should we need to ask Marketo to put a solution for bot clicks in place before GDPR is in place? Am I over thinking this?

2,900
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎01-16-2018 04:03 PM
‎01-16-2018 04:03 PM

Re: Should we be concerned about bots clicking links in email with regard to double opt-in consent?

I would not trust a clicked link as an opt-in, just as I wouldn't use an "instant unsubscribe" link, for exactly this reason. Require a button click on an LP instead.

View solution in original post

0 Likes
2,059
Reply
5 REPLIES 5
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎01-16-2018 04:03 PM
‎01-16-2018 04:03 PM

Re: Should we be concerned about bots clicking links in email with regard to double opt-in consent?

I would not trust a clicked link as an opt-in, just as I wouldn't use an "instant unsubscribe" link, for exactly this reason. Require a button click on an LP instead.

0 Likes
2,060
Reply
Keith_Nyberg2
Level 9 - Champion Alumni
Level 9 - Champion Alumni
‎01-16-2018 04:16 PM
‎01-16-2018 04:16 PM

Re: Should we be concerned about bots clicking links in email with regard to double opt-in consent?

So they fill a general subscribe form and check the box to receive email, then send them the "confirm consent" email that directs them to a consent confirmation form, correct? That would make the process more bulletproof but does require the user to take some extra actions. I guess the secondary confirmation form could be minimal and only require email, but how do I ensure a bot doesn't get to my  consent confirmation form page URL? No index/nofollow is an obvious first step, but can anything else be done to only make the page accessible via the "confirm consent" email?

0 Likes
2,059
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎01-16-2018 04:27 PM
‎01-16-2018 04:27 PM

Re: Should we be concerned about bots clicking links in email with regard to double opt-in consent?

If a bot (search engine or spambot in this case, not mail scanner) finds your confirmation page, (a) the search engine isn't going to submit the form, and (b) the spambot isn't going to submit in the context of the specific lead. The confirmation form doesn't even require that email be a field on the form.

0 Likes
2,059
Reply
Keith_Nyberg2
Level 9 - Champion Alumni
Level 9 - Champion Alumni
‎01-16-2018 04:56 PM
‎01-16-2018 04:56 PM

Re: Should we be concerned about bots clicking links in email with regard to double opt-in consent?

So you literally provide no fields on the form and based on them being cookied marketo will capture the form submit, correct? Never used a form with no fields which is why I ask....

0 Likes
2,059
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎01-16-2018 08:31 PM
‎01-16-2018 08:31 PM

Re: Should we be concerned about bots clicking links in email with regard to double opt-in consent?

Right, the mkt_tok (included in every tracked link if you don't turn it off) will associate the session without the email address.

2,059
Reply
Home