Bots are having a profound effect on how the internet functions and may even outnumber people on some platforms like Twitter. Email marketing is not immune to click bots, with the newest activity being from bots that mimic human subscribers in order to collect information to power data service businesses.
âWeâve been seeing more email click bot activity with some of our clients,â says Heather Goff, Strategic Director of Deliverability Services at Oracle Marketing Cloud Consulting. âIn one case, we had a retailer with transactional email behavior from 7,000 recipients that could not have been organic human behavior. Itâs likely that lots of brands have no idea itâs going on if they arenât looking closely enough.â
The problem with these kinds of email click bots is that they create activity that inflates performance numbers and causes false positives that trigger automated campaigns and muddy targeting efforts. All in all, they simply make it more difficult to see how subscribers are truly responding. That can cause brands to make tactical or strategic changes that serve bots rather than actual subscribers.
Weâll explore these bots in more detail, but letâs do so in the broader context of all email click bots. We think of these bots as falling into three categories, with each one requiring its own potential remedies:
1. Beneficial Email Click Bots
These bots are helpful and positive contributors. For example, some email click bots scan every link for malware before passing the email along to the intended recipient.
âMost beneficial bots clearly announce themselves,â says Kent McGovern, Senior Strategic Consultant of Deliverability Services at Oracle Marketing Cloud Consulting. âThat makes these the easiest to address.â
âThe vast majority of email service providersâincluding Oracle Responsys, Eloqua, and Brontoâhave some processes in place to filter bot-related clicks,â he says, âso brands donât need to take additional action. ESPs can filter by IP after doing a WHOIS lookup to determine the IP network owner and they can also filter by user-agent string.
âWhat makes things hard is that not all bots identify themselves,â says McGovern. âThe rDNS for the signup IP may not point to an obvious filtering company like Barracuda or McAfee. Instead, it may point to a network provider like Microsoft or a security company like Palo Alto Networks.â
Most of the bots that donât identify themselves fall into one of the two remaining email click bot categories.
2. Malicious Email Click Bots
These bots are harmful by design. They are created to explore, discover, and exploit vulnerabilities.
During the second half of 2016, Spamhaus blacklisted many well-known, popular brands because malicious bots entered the email addresses of tons of unwilling people into the brandsâ open email signup forms. As a result, brands flooded those peopleâs inboxes with emails.
In the wake of those bot attacks, Dan Deneweth, Head of Deliverability Services at Oracle Marketing Cloud Consulting, advised brands to protect themselves by…
- Adding CAPTCHA to all web-based email signup forms.
- Adopting a confirmed opt-in (COI) permission standard.
- Adding a hidden form field to all web-based signup forms.
- Tracking the source of signups closely.
- Creating a ânew registant, non-responderâ rule.
- Implementing an alert system for spikes in the number of email registrations.
- Applying segmentation criteria to limit the volume of email you send to unengaged subscribers.
For a full discussion of each of those, read Spamhaus Risk and the Future of Email Acquisition.
The newest email click bots fall into a category that lies between beneficial and malicious.
