Are your emails getting bot clicks?

Introduction

With the growth of email phishing attacks – i.e. emails designed to draw you to malicious sites designed to steal important personal information such as usernames and passwords, security companies have developed software solutions to help protect networks and identify these potentially harmful emails.

The above is a good thing!  We don’t want anyone to fall foul of a phishing attack – that is obvious and these email security companies are doing a great job!

One of the techniques used by these innovative software solutions is to follow each and every link in each and every email received in order to identify any potentially harmful websites before passing non-threatening email on to the recipient.  Any threats will be quarantined.

One of the issues that causes legitimate email marketers a potential issue with this type of solution is “bot clicks”.  It looks like the your email campaign has had a 20% click to open rate when infact a portion of these clicks are automated.  Potentially, a large portion.

This can cause us challenges if we are using automations to follow up with people who have opened and/or clicked on one of our emails either with an email automation or perhaps even a phone call.  Naturally, our reporting will all be wrong too.  In short, we may think we have had 340 clicks when in reality we have only had 212 or depending on the makeup of your list, 12?  And what about remarketing campaigns designed to retarget website visitors?

Research in to the problem

To test how widespread the issue of bot clicks could be we realised that these systems would click on every link, not just certain links within the email.  The only link many won’t click on are the unsubscribe links.  Therefore, we inserted a hidden link in to an email campaign we sent to approximately 263,114 contacts in November 2020.  This particular campaign had no other links in it other than the unsubscribe link.  The email was designed to generate a reply, not a click.  We concealed the link behind a full stop at the end of one of the paragraphs.

In total we tracked 911 clicks on this concealed link.  Of these clicks we identified that 645 were unique.

We could argue that some of the clicks could have been human however it is difficult to identify how many could have been genuine, also, it is important to note that after the security software clicks and identifies the email as safe then it releases the email to the user and the user could have clicked through on it.

However, for the purposes of this test we have disregarded these potentially genuine clicks.

Test Results

After the email campaign had finished and we had downloaded the results – i.e. a list of email addresses that had clicked through on the concealed link we began to research the domains to try and understand what was happening.  The research we carried out on each domain was as follows:

MX Domain Analysis – Who is hosting the email service?  Is it Outlook for instance.  We identified Google, Outlook and Other as the options.  Other contains anything that is not Google or Outlook.  We want to understand what services are creating bot clicks.

The results were as follows:

Actions

From the above results we can determine that a company with email lists containing email addresses managed by email.net and messagelabs.com will be seeing a distortion in their reporting.  The above test also demonstrates that in this case just email.net and messagelabs.com affected 182 addresses.

Should I remove emails from my list that are managed by email.net and/or messagelabs.com?

In short, no however you may want to consider limiting any automation activity from these users as it’s likely not authentic and a waste of resources.

What could this waste look like?

• Sequential Workflows – i.e. if the recipient opens this email and/or clicks on this link then send this email.  They didn’t open and/or click on the email – your flowchart is showing engagement that is wrong which might be why your pipeline looks good but the sales aren’t happening.
• Remarketing – i.e. if the recipient opens this email and clicks through to this landing page then put them in this custom audience on Facebook, LinkedIn and/or Google Ads and run these remarketing campaigns to them.  They didn’t open and/or click on the email so aren’t engaged by your offer so shouldn’t be shown any remarketing ads because they didn’t trigger them in the first place.  Your costs on these ads will begin to increase because Google, Facebook and LinkedIn think your audience aren’t interested, because they aren’t.  Infact, a percentage of the people in those custom/matched audiences aren’t genuine.  Remember what lookalike audiences you may have built of this custom audience.  If the custom audience is wrong then the lookalike audience will also be wrong.
• Reporting – i.e. if the recipient opens this email and clicks through then lets create a profile based on these engaged prospects and target them via the telesales team.  They didn’t open and/or click on the email so aren’t engaged so the call from the telesales team won’t be relevant and your cost per acquisition will increase.

How to combat this?

• Sequential Workflows – identify and then score contacts/companies using messagelabs and email.net lower than others to reduce the focus on them.  The engagement is unlikely to be authentic.  Rely on less data driven strategies with them.
• Remarketing and reporting – blacklist the IP addresses of the email.net and messagelabs.com (messagelabs.com is a domain owned by Broadcom detailing a Symantec Messaging Security solution) to avoid counting these visits as genuine.

IP Ranges used by Symantec Cloud – DO NOT COUNT ANHY TRAFFIC FROM ANY OF THE IP’S IN THE SUBNET IP (i.e. Begin with 216.82.240)

If you are using Google Analytics and want to filter traffic from the above IP ranges from your reports then you will need to create an expression – you can use this tool to help you do that.  To learn how to actual filter you can use this blog post.

email.net which is managed by Mailfence does not publish a list of IP addresses like messagelabs.com however we do know that email.net use mail.h-email.net to check links and a simple look up shows which IP addresses they use – these are as follows – you should filter traffic from these IP addresses.

The expression for the above IP addresses would be as follows: 54.202.112.1|18.237.196.55|54.218.2.65|34.222.93.91|54.187.110.113|54.244.49.115|34.223.6.127|54.149.8.150|18.237.235.220|34.221.122.221|54.200.93.251

To filter multiple IP addresses as above you need to use a Custom filter – you can see how to do this here.Conclusion

In the above blog post we have shown how bot clicks can impact your email campaign.  To resolve this we have shown how to remove these bot clicks from showing in your Google Analytics.

To test the impact on your reports in Google Analytics we ran a test to a small set of data after having created a new view specifically to show traffic excluding visits from the IP addresses above.

Applying the above changes in Google Analytics reduced the total users from 7 to 6 and sessions from 8 to 7.  In addition, the bounce rate dropped from 50% to 42.86% and increased the pages visited per session from 1.25 to 1.29 and increased the average session duration from 11 seconds to 12 seconds.

In conclusion, removing all email addresses associated with bot activity would exclude genuine users that do then receive the email and click through so I don’t recommend this however to make sure reporting is accurate I recommend creating filters that remove bot clicks from campaign reports.

Filtering bots from remarketing and associated follow up campaigns will reduce waste.

Need help?

If your beautiful email marketing campaigns are in a fight against bot clicks and you need help (but don’t want to do all of the above yourself) then we can help.  Simply call us on 0845 226 7181 or use the webform on this page to send us a message or use the live chat to talk to us on line right now.

Let us help you rid your reports of bot clicks, once and for all!