Your Achievements
Level 1
0% to
Level 2
Next /
to gain points, level up, and earn exciting badges like the new Applaud 5 BadgeLearn more!
View All BadgesSign in to view all badges
Open Alert Bar
SOLVED

Re: Spam filters registering clicks?

Go to solution
Anonymous
Not applicable
‎05-20-2014 08:02 AM
‎05-20-2014 08:02 AM
Has there been any problems with spam filters scanning emails and registering clicks as they follow the links in the email?  We are getting false positives on our email clicks.
Labels:
Tags (1)
30,592
Reply
1 ACCEPTED SOLUTION
Anonymous
Not applicable
‎01-22-2016 12:14 PM
‎01-22-2016 12:14 PM

There are several posts here on Marketo about this issue, and my firm has been digging into it a lot over the last few days. The short answer is that yes, this does indeed happen - spam filters (like Barracuda) / bots / junk mail algorithms do indeed click on links in emails (see this interesting blog post from 2013 regarding the issue - Barracuda calls this "multilevel intent analysis"). The spam filter is looking for redirection or malware or something like that. There isn't a whole ton that we marketers can do about it, though. Here is what we've done and found:

  • First thing we did was download the entire Marketo activity log using the API, put it in a database, and started dissecting the "Click Email" event types. We also sat down with the system administrator here to review some of this data. In short: there is nothing in the User Agent, Platform, Device, etc. that will help spot these.
  • Then we started looking at the timing: what about people who click before they open? What about people who click really quickly after the "Send Email" activity is logged? Well...the "Send Email" event isn't indicative of when, exactly, the email leaves Marketo's servers, so that's not really accurate - you can't spot bots based on that.
  • The best way we've found right now is to include a one-pixel picture / link on the email - invisible to just about everyone (as suggested here). Anything that clicks on such a tiny little pixel you can consider a bot. True; someone might not load images and see a box, but most people won't see it at all.
  • Another possibility: see if you have a bunch of clicks that all happen at the same time (or people clicking every link in an email, every week - would a real person really need to read your Privacy Policy week-in and week-out?). Those are probably bots...but I personally would want to download the data into a real database before attempting this kind of query.
  • One more (really complex) possibility: when we went to our sysadmin (the guy who runs our own company's Barracuda machine) about a lot of these issues, he started to "ping" some of the IP addresses included in the suspicious "Click Link In Email" activities. One or more of them shot back a response indicating that it was a Barracuda box. If you are really, super-duper concerned with this problem, it should be possible to download all Marketo activities via the API and write some custom script / code to extract the IP addresses from the Marketo "Click Email" events and then to periodically ping all these servers to see if you can get them to self-identify as a spam filter (parse the text-strings of the responses for incriminating evidence).

We have not done this last thing, as our "one-pixel" solution has indicated (at least over the last two weeks) that it's likely not a major issue. Perhaps some day, when our organization has unlimited resources (heh), we will pursue this last option, but the reality is that we have a lot going on and better things to do to add more value to our marketing efforts.

I would also like the data to exist in a perfect world - one where our Users validate our TRON Data Discs and we can take down the evil Master Control Programs while we're on our light-cycles on the grid - but that gleaming world of perfect, neon data does not exist. For most of us, I would guess this statistical aberration will not significantly affect our analysis of content effectiveness.

Hope this helps.

View solution in original post

17,497
Reply
76 REPLIES 76
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎01-26-2016 02:08 PM
‎01-26-2016 02:08 PM

I think Venus Wills​ is on to something very promising here. If it can be established that the anti-spam logic never prefetches deep/long enough to log the Munchkin Visit Web Page activity -- and there have to be limits to how much it will fetch/redirect/render or it's vulnerable to an attack comparable to the old "ZIP of death" attack against anti-virus software -- if it doesn't go that deep then all we need to do is make sure the tracking server depends on some async JS calls to complete before logging the Click Link.

I can write a simple tracking server wrapper to do this, provided you all can verify that all (or a commanding share) of the link-prefetching approaches don't get around to running Munchkin.

14,178
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎01-26-2016 10:12 PM
‎01-26-2016 10:12 PM

BTW tests just now with our own MessageLabs account suggests my idea above holds real promise.

The scanner didn't even attempt to download a simple (and in fact nonexistent) script on my test page.  If that holds for other services all we need is a JS shim in-between the scanner and the tracking server and there will never be false clicks.

I must say if these jokers don't even replay a JS redirect they're pretty much vaporware.  But so be it.

14,178
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎01-28-2016 12:44 AM
‎01-28-2016 12:44 AM

Courtney GrimesMatt RobertsDan Stevens​ (and anyone else) if you can confirm what Venus discovered please do so I can get the workaround out... this stuff is difficult to test independently as I eventually got blacklisted by MessageLabs -- and whitelisting skips the test entirely. Of course I have other addresses to test with but more input is better.

4,798
Reply
Anonymous
Not applicable
‎02-04-2016 12:41 PM
‎02-04-2016 12:41 PM

Have a lot going on at present - it will take me some time to get around to this, likely not for another month or so. But I'll try to look at this when I can.

4,798
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎02-04-2016 12:48 PM
‎02-04-2016 12:48 PM

Cool, I know everyone's busy... just need enough people to be interested because frankly I can't get my own team worked up about this (though they should be).

4,798
Reply
Casey_Grimes
Level 10
Level 10
‎01-28-2016 10:56 AM
‎01-28-2016 10:56 AM

This is actually a pretty ingenious concept, but I'm probably going to have to wait a little bit in terms of testing (don't have any nurtures doing numbers large enough for a sample size right now and none of my clients have a blast going in the next few days.) I'll definitely try this and report back in the next week or two, though.

4,798
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎01-28-2016 01:07 PM
‎01-28-2016 01:07 PM

OK!

4,798
Reply
Conor_Fitzpatri
Level 6
Level 6
‎01-28-2016 01:29 PM
‎01-28-2016 01:29 PM

While I don't have a high volume of examples, I've observed this behavior in my instance. In fact, we have some "hand raise" links that say click here to be contacted and I added a visited webage constraint to the smart campaign that triggers the alert to our reps. Before adding the constraint, I had reps complaining that some people they were calling stated they never clicked the link despite the click being recorded in their activity log.

4,798
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎01-28-2016 03:49 PM
‎01-28-2016 03:49 PM

That supports the concept. Thanks! 

4,798
Reply
Dan_Stevens_
Level 10 - Champion Alumni
Level 10 - Champion Alumni
‎01-28-2016 09:21 AM
‎01-28-2016 09:21 AM

I'd be happy to provide insight here.  Can you just summarize what the specific ask is?

4,798
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎01-28-2016 01:07 PM
‎01-28-2016 01:07 PM

We need to establish that the link-prefetching scanners don't execute JS. 

So: do you see a pattern of Clicked Email activities that would usually be followed by a Visit Web Page activity (that is, the link in the email goes to a page that runs Munchkin) but don't have a subsequent Visit Web Page?

I was able to observe this with MessageLabs (Symantec).

4,798
Reply
Venus_Wills
Level 4
Level 4
‎01-27-2016 02:47 PM
‎01-27-2016 02:47 PM

Hi Sanford, what does this mean for the JS-impaired? Do you think the simple logic of using a Smart List to to filter out the clicks that should result in a webpage visit but did not will work?

14,178
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎01-27-2016 04:54 PM
‎01-27-2016 04:54 PM

You wouldn't need to write any JS at all -- you'd just need to point your tracking domain to a smarter server that knows how to deal with these non-human clicks.  The rest is taken care of automatically.

I think your method might be okay in controlled environments (i.e. where you never use a direct download link to a PDF and never link to pages that don't run Munchkin) but even there would be really hard to maintain.  It would basically mean that Clicked Email activities themselves are pretty useless as used in reports.  You also can't trigger on "Clicked Link in Email that is not followed in the future by a Visit Web Page" because the chronology is backward.

14,178
Reply
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎01-25-2016 06:55 PM
‎01-25-2016 06:55 PM

Yes, it would be an acceptable approach for links that result in ​VWP ​activities in normal operation.

14,178
Reply
Home