Website "visits" from bots

Level 4

Website "visits" from bots

Greetings Marketo Community!

I have recently come across a new (to me) issue with tracking website visits initiated by an email send.

Most of us are familiar by now with the "fake clicks" performed by the client's email server to check if the email is malicious or not. 

What I noticed on a recent email send though, is that there were quite a few that were not only are they clicking the email, but also landing on the webpage multiple times (sending multiple "visited web page" log entries) AND clicking other links on the same page! Some instances only visited once or twice and some I saw actually came back multiple times, 15,30,45 min after the email send, making them virtually indistinguishable from actual human activity. 

The reason I knew they were bots, is that I looked up the IP addresses of the log entries, and most of them came from, Microsoft, etc (not the contact's company). They also had patterns of multiple web page visits within the same time stamps. The times did vary though, so they weren't all immediately after the email was sent.

This set off a chain of false scoring, false program tracking, and false MQL's all from this activity.

My thinking on this is that unless Marketo has some sort of solution to determine which visits are bots/ISP's and which are human, we need to implement some sort of server-side solution like to detect whether or not the IP is one of these bots, and then omit the munchkin script or something. Otherwise, the patterns are all over the place so I am not able to accurately and consistently filter these out on the Marketo side. 

Has anyone else noticed this yet? Any proposed solutions?

Level 10

Re: Website "visits" from bots

I wondering is there any information we could take from the User Agent:

Screenshot 2019-09-26 at 22.48.25.png

You said you know it's a bot, what does the User Agent say about this visitor?

Level 10 - Community Moderator

Re: Website "visits" from bots

Nah, the whole idea of a bot that is trying to evade detection (note: this does not necessarily mean it's a malicious bot, far from it!) is to mix up the User-Agent and use known U-As.