Are your email metrics suffering from surges in email clicks from bots?

Email security bots are known as a marketer’s worst enemy. These pesky bots like to click on our emails and confuse email marketing teams left right and centre. While many email marketing platforms try to filter out bot clicks from your reporting, it’s difficult to remove all of these clicks from reports.

The problem isn’t new. WttW flagged the issue of phantom clicks back in 2013, and Demandlab posted a detailed analysis of the different approaches to filtering out these clicks in 2018, in response to it becoming a growing problem. Read on to learn how you can quickly identify and remove bot data from your reporting.

How do you know it’s happening to you?

You might be looking at your data and thinking to yourself, wow, look at these leads who are engaging with every single piece of content we send them. When you drill down into the data beyond the click you may find that these super engaged contacts are clicking within the same minute of every single email delivered to them, while this all sounds great and could be feasible, you might well be dealing with email security bots.

Tell-tale signs you might be dealing with bot clickers:

  • There are high numbers of clicks seconds after email is delivered
  • You are noticing email clicks before email opens
  • You notice particular contacts clicking on every link in the email (including home pages, social media platforms and everything in between)
  • It is happening to the same few contacts or accounts

Why do they do it?

These bots might not be a marketer’s best friend, but we must remember that they are just doing their job. A security bot’s role is to protect their domain by preventing harmful links reaching the recipient and flagging anything that could be harmful such as viruses and other spam. It’s not possible to just look at the links in the email, as links often redirect. In fact your marketing automation system uses these redirections to count the clicks for each of the links in your email. So, to find out if the links in your email are harmful they must follow all links, which triggers your marketing automation system to count a click as the link is redirected to the final URL. Because the filtering occurs before the email reaches the inbox, these bot clicks will occur before the prospect has opened the email.

It’s important to remember that bots are not trying to work against you, even though you might think they are! In fact, they are removing the spam from the recipients’ inboxes, making it a little more likely that your email will be read.

How can you solve this?

Your solution will depend on what you want to achieve, whether this is the visibility of how many bots are regularly clicking on your emails, or if you are looking to remove the contacts from reporting altogether. You’ll also find that your marketing automation system is probably not counting clicks from IP addresses known to be security scanners, as Pardot highlighted a year or so ago.

One tell-tale sign that I mentioned earlier is that you can identify a bot as they will click on every single link in the email, they do this to check that all links are safe. Whereas, human clickers won’t tend to click on every link, every time. So you can filter out anyone who clicked on all the links. Demandlab’s suggestion of ensuring that a visit to a web page was registered, as well as the link, is another approach, but with the increasing sophistication of IT security, some bots might check Javascript on your landing page. Ultimately there is no perfect way of knowing precisely how many humans clicked on your links: any of these approaches, or simply having a list of recipients you know have security that causes this problem and sending to them separately all give pretty accurate statistics.

Don’t get caught out – Napier’s top tip

There is one thing that you really must do: avoid using one-click unsubscribe links. If a bot clicks on these links, it will accidentally unsubscribe your contacts from your database. Using a two-step unsubscribe process will ensure that any unsubscribe has been made by a real person.


Still have questions on how you can quickly identify and remove bot activity from your campaigns? Reach out to the Napier team and we can work with you to prevent bot data clouding your email reporting.