Pardot is filtering out bot clicks, why won't Marketo?

Pardot is filtering out bot clicks, why won't Marketo?

Pardot recently announced they are putting several things in place to get rid of bot clicks. One of the simplest ones being IP-based filtering. We have asked Marketo if they could forward the IP address with click data so we could do something about it. Marketo already has this information. Why can't they filter clicks based on IP addresses that many of these security appliances publicise?

Rejecting clicks before the email was even delivered, would be helpful too.

There are some obvious patterns Marketo to look for - like clicks on every single link or multiple links in a very short timespan.

Or clicks that didn't result in a web pageview. We don't have a simple mechanism to link the two, since Marketo doesn't send the clickId to the web pageview. But Marketo has that info.

This is becoming a big problem, since we can't do any lead nurturing or other campaigns due to bots clicking.

Thanks.

Swapna

40 Comments
SanfordWhiteman
Level 10 - Community Moderator

Act-On has exactly the same behavior except for a small number of old Barracuda subnets.

This is not something that has been fully solved by any tracking provider, for good reason.

Brent_M
Level 2

I'm not sure what Act-On does differently. We are still using both Act-On and Marketo. When we send an email through Act-On we get almost 0 bots. When we send an email through Marketo to the exact same list we get around 5k bots.

SanfordWhiteman
Level 10 - Community Moderator

No, those are only the clicks you recognize as mail scanners.

All the other mail scanner activity is not detected by Act-On, nor Marketo.

Not sure why it's so hard to get across, but mail scanners do not all run from distinct IP subnets. They run from VMs all over the world, and their activity (of necessity, or else they would serve no purpose) is not routinely distinguishable from that of human end users.

Derek_Vansant1
Level 1

I've noticed that bot clicks tend to occur on the text version of emails. Anyone know whether excluding clicks on the text version of emails is a viable approach? Text version clicks can easily be identified by adding ?text to the urls on the text versions.

SanfordWhiteman
Level 10 - Community Moderator

I've noticed that bot clicks tend to occur on the text version of emails.

There's no such connection to the MIME type. If there were, again, the concept of scanning would be meaningless.

Jake_Keller
Level 1

Sanford Whiteman​ any thoughts on using hidden links to identify bots, and then ignoring all clicks from that lead? You'll never catch them all, and it will deflate your numbers, but at least (hopefully) they'll be more accurate of the remaining people?

Kate_Gibbons
Level 1

I appreciate your feedback; I always see you posting intelligent answers. Your response isn't furthering the conversation, it's combative of the original query. The question still stands: how is Marketo going to fix this issue?

Derek_Vansant1
Level 1

I trust you that there's no direct connection, but there seems to be some correlation. Every time I have tracked text and html links separately and analyzed suspicious clicks they tend to be from the text version. That said, thank you, you've confirmed that this is not a definitive approach for sniffing out bots and it seems there may never be one.

I tend to lean on downstream metrics like web page clicks and form fills to avoid the issues with email click-throughs. I avoid using clicks in scoring and triggers as well.   

Brent_M
Level 2

Not sure why Act-On doesn't recognize them. When I send using Marketo it shows we received 5,760 clicks on our top company logo. When I send with Act-On that number shrinks down to less than 5 on average. Not sure why Act-On doesn't include the bot clicks in their report if they are the same as Marketo.

Showing that 5,760 clicks are from our small logo at the top of the email

screenshot.14.jpg

Justin_Cooperm2
Level 10

If I could like this 1,000 times I would! At Marketo, we try not to build hype features that don't actually work. As Sanford correctly points out, it must be assumed that malicious actors are just as capable as folks building these scanners. They will mix up sending IPs, implement multi-level re-direction in their email links (send scanners to a harmless page but real users to a phishing/spam page), and much more. It is truly a game of cat and mouse.

To keep up and work well, friendly scanners have to mix up user agents & IPs constantly, as well as other masking techniques to prevent malicous actors from identifying them. If Marketo could identify the friendly scanners, they are definitely not very good