Spam filters registering clicks?

Anonymous · ‎05-20-2014

Has there been any problems with spam filters scanning emails and registering clicks as they follow the links in the email? We are getting false positives on our email clicks.

Anonymous · ‎01-22-2016

There are several posts here on Marketo about this issue, and my firm has been digging into it a lot over the last few days. The short answer is that yes, this does indeed happen - spam filters (like Barracuda) / bots / junk mail algorithms do indeed click on links in emails (see this interesting blog post from 2013 regarding the issue - Barracuda calls this "multilevel intent analysis"). The spam filter is looking for redirection or malware or something like that. There isn't a whole ton that we marketers can do about it, though. Here is what we've done and found:

First thing we did was download the entire Marketo activity log using the API, put it in a database, and started dissecting the "Click Email" event types. We also sat down with the system administrator here to review some of this data. In short: there is nothing in the User Agent, Platform, Device, etc. that will help spot these.
Then we started looking at the timing: what about people who click before they open? What about people who click really quickly after the "Send Email" activity is logged? Well...the "Send Email" event isn't indicative of when, exactly, the email leaves Marketo's servers, so that's not really accurate - you can't spot bots based on that.
The best way we've found right now is to include a one-pixel picture / link on the email - invisible to just about everyone (as suggested here). Anything that clicks on such a tiny little pixel you can consider a bot. True; someone might not load images and see a box, but most people won't see it at all.
Another possibility: see if you have a bunch of clicks that all happen at the same time (or people clicking every link in an email, every week - would a real person really need to read your Privacy Policy week-in and week-out?). Those are probably bots...but I personally would want to download the data into a real database before attempting this kind of query.
One more (really complex) possibility: when we went to our sysadmin (the guy who runs our own company's Barracuda machine) about a lot of these issues, he started to "ping" some of the IP addresses included in the suspicious "Click Link In Email" activities. One or more of them shot back a response indicating that it was a Barracuda box. If you are really, super-duper concerned with this problem, it should be possible to download all Marketo activities via the API and write some custom script / code to extract the IP addresses from the Marketo "Click Email" events and then to periodically ping all these servers to see if you can get them to self-identify as a spam filter (parse the text-strings of the responses for incriminating evidence).

We have not done this last thing, as our "one-pixel" solution has indicated (at least over the last two weeks) that it's likely not a major issue. Perhaps some day, when our organization has unlimited resources (heh), we will pursue this last option, but the reality is that we have a lot going on and better things to do to add more value to our marketing efforts.

I would also like the data to exist in a perfect world - one where our Users validate our TRON Data Discs and we can take down the evil Master Control Programs while we're on our light-cycles on the grid - but that gleaming world of perfect, neon data does not exist. For most of us, I would guess this statistical aberration will not significantly affect our analysis of content effectiveness.

Hope this helps.

View solution in original post

Benjamin_Ortiz1 · ‎09-26-2017

I see what you're saying - I guess my question should be, is using the above filter/trigger combo the most reliable solution known today to attempt to filter out bot clicks? and are there any known issues with tracking marketo hosted pages where I would miss out on real clicks by using this filter/trigger combo?

SanfordWhiteman · ‎09-26-2017

If you only use this for links that run Munchkin (i.e. direct binary downloads won't have a Visited Web Page) then you will only miss people who use tracking protection plugins/features.

I don't consider there to be any reliable detection method for mail scanner clicks, for good reason.

Robb_Barrett · ‎07-20-2017

Not an official person, but if you see a "Clicks Link" without a "Visits Web Page" you've got yourself a spambot.

Robb Barrett

SanfordWhiteman · ‎07-20-2017

(Unless you're offering direct download links.)

Benjamin_Ortiz1 · ‎09-26-2017

So we have our CTA buttons link out to a Marketo hosted landing page - is it safe to say the "IF clicks link: 'MKTO landing page'" + "Visited web page: 'MKTO landing page'" combination will catch 100% of the human clicks and exclude the bots?

I ran a test during our last email and the exact flow I had set up is:

TRIGGER: 'Clicks Link in email; link is: pages.xyz.com....' FLOW: 'Wait 5 minutes, Request Campaign' >

CAMPAIGN IS REQUESTED: Marketo Flow action' VISITED WEB PAGE is pages.xyz.com > Send Alert

Looking at the statistic we had 47 run through this campaign and 217 log a click on that link with no web page visit. It is hard to believe that we had 217 bot clicks...this leads me to believe the Marketo tracking on the landing page is not accurate?

I apologize if I have repeated any issues already in the comments, I am trying to follow all of the threads on this topic.

Thanks,

SanfordWhiteman · ‎09-26-2017

So we have our CTA buttons link out to a Marketo hosted landing page - is it safe to say the "IF clicks link: 'MKTO landing page'" + "Visited web page: 'MKTO landing page'" combination will catch 100% of the human clicks and exclude the bots?

No, because mail scanners that are most accurate/robust will load the next page with JS enabled.

(If they didn't do this, how would they know if the page would be redirected to a phishing site?)

Lucho_Soto · ‎04-27-2018

We place utm tags in all of our emails, so we use this:

Smart List:

Visited Web Page Trigger: any

Querystring contains: [unique utm tags minus the question mark at the beginning]

Flow:

Change program status to clicked

We've been using this for over a year now and I have yet to see a fake click with this method.

SanfordWhiteman · ‎04-27-2018

We've been using this for over a year now and I have yet to see a fake click with this method.

You would have no way of knowing if you had. That's the idea.

Dan_Stevens_ · ‎07-21-2017

Which you should always try to avoid - and instead, use this fantastic technique: http://blog.teknkl.com/stop-using-direct-download-links-unless-you-like-losing-tracking/

Dan_Stevens_ · ‎07-20-2017

Just a quick note - we've been emailing pretty aggressively with Marketo support regarding this issue. We also found out that MANY other ESPs provide this "click filtering" as part of their service because it happens so often to folks. We recently spoke with about 8-10 other ESPs that automatically (and very easily) filter these clicks for their clients. Marketo deliverability team assured that their are now working with the product side to try to implement this ASAP, especially because so many people are asking about it - KEEP ASKING!

It's been about 16 months since the post was made. Can anyone from the Marketo product team chime in and let us know if an enhancement to more accurately track valid email clicks?

Robb_Barrett · ‎12-29-2016

Sanford Whiteman - just had a thought I'd like to bounce off of you:

Somewhere near the bottom, create a link with style="display: none;" so no one would see it or find it without reading the code. This would mean any click on the link or visit to the page would be a machine.

Robb Barrett

SanfordWhiteman · ‎12-29-2016

Unfortunately, that'll have the same problem as every similar approach, such as an <A> wrapping a 1x1 image or an <A> with no contents at all -- or for that matter an <A> that says, "Don't click this under any circumstances, it's a virus."

Yes, if it's the first link clicked by a mail scanner (it won't necessarily be, since they can click in any order) then a click within the next, say, 10 seconds is probably (again, not necessarily) that same scanner.

But Marketo's granularity (Filter: Not Clicked Link in Email, Link: {your-scanner-lure-URL}, Date: In past 10 seconds) won't catch this.

The problem has never been building a link that could only be clicked by a non-human. It's how to action that activity in the context of other activities. Like I say every time... until Marketo actually changes their tracking logic so that closely contiguous activities for the same lead are scanned as a batch before committing them to the activity database, there's no way to situate the probably-automated traffic in context.

And bear in mind that anything Marketo might try to do, an attacker hosting malware can do as well (read: if it looks like a mail scanner, send back innocent results). So even though link scanning is half-measure anyway, it is not supposed to be trivially avoidable, since the bad actors have anything but trivial skillz.

Anonymous · ‎12-29-2016

That's a really cool idea! I thought the link has to be on top of the page though?
I can give it a try and see what the result's like.

Thanks!

Julia

Robb_Barrett · ‎12-29-2016

Yeah, upon second thought it should be at the top so it's the first thing clicked or one of the First.

Robb Barrett

Anonymous · ‎12-29-2016

Awesome! Thank you so much!

Julia

Anonymous · ‎12-28-2016

Hi Matt,

Thanks for the solution! I wasn't able to find the url link for the 1 pixel picture. Is there a specific link that needs to be added or can it be any link we set?

Thanks,
Julia

Anonymous · ‎01-03-2017

We host our own 1x1 pixel image on ourselves as part of our content - but Sanford is right, it doesn't matter what URL / image you use. You just need to embed it within the email somewhere unobtrusive so that human beings won't notice it and wouldn't think to click on it. The proper term for this sort of thing is a "web beacon."

Anonymous · ‎01-04-2017

We used this 'web beacon' approach on an email this morning and beacon helped identify about 80% of the bot clicks. A few still came through from 2 companies for clicking a different link, but were easily identifiable. A sort-of workaround until Marketo addresses the bigger issue.

SanfordWhiteman · ‎12-28-2016

Choose any link you want. The URL doesn't even have to exist for Marketo to track the click. It just has to be identifiable.

However, this won't actually solve the issue. All it means is that other click events directly contiguous to the "lure" click are spurious. A click one minute later is probably the human lead her/himself. Marketo doesn't have enough granularity for this approach to work (if you pull all activity data out into your own DB, you can action it more successfully, but that is not on the table for most users).

Anonymous · ‎12-29-2016

Do you need to add the link in the text version?

Another thing I noticed is that the bot clicks don't have any inferred information on the lead. Anyone else notice that?