Safe tracking - Identifying automated email scanners

Reasoning

Have you ever noticed that immediately after sending your newsletter you see multiple clicks from the same subscriber recorded at the same second or by a couple of seconds difference?

Obviously these are not a result of human activity. A real person cannot click multiple different links within a second or two.

These are automated clicks and they are not necessarily illegitimate. Large organizations and ESPs use email scanners (also called bots or robots) that follow all hyperlinks in a newsletter for security and spam detection purposes.

The problem

Such activity creates a problem with campaign metrics and triggering follow-ups based on subscriber engagement.
Clicks appear overinflated and you cannot know if the recipient actually clicked or opened your newsletter. This further complicates segmentation activities.
Another potential problem is unintentional opt-outs by following one-click-unsubscribe links. You can read below for a solution to this.

Identifying automated clicks

Safe tracking in nuevoMailer includes a number of mechanisms to help you identify and filter such activity.
You have an IP exclusion list which records pairs of IPs and User agents.
A User agent, simply put, reveals the email app that is used to read an email or in a case of click the OS and browser used to open a page.
There are 3 key mechanisms that determine if an IP is added to the exclusion list.

  1. Honeypot hidden link
    You can add a hidden link invisible to humans. A click to this link will add this IP & User agent in the exclusion list and flag all clicks and views related to it.
    This link is added at the top of the email after the preheader.
  2. Clicks frequency analysis
    This involves counting the number of clicks within a time frame. You define both the clicks threshold and the time frame. For example, 4 clicks in 1 second from the same subscriber (email id) will flag this IP and the User agents involved.
    Observation has shown that email scanners can usually do up to 5 clicks on the same second.
  3. Time to first open
    This measures the time from when the email is dispatched to when it is first opened. A rapid open within a second or two may indicate bot/scanner activity.
    Although the first two methods are quite robust and reliable, this last method should be used more conservatively. For example, a recipient may be looking at his emails and opens immediately your newsletter that just popped-up.

Precautions taken

nuevoMailer approach takes into consideration the following issues.

  • Bots or scanners may display various User agents and may mimic common user agents used by humans. Therefore clicks and opens are not deleted but are being flagged.
  • In larger organizations users usually have the same email apps (thus same user agent) or share the same IP.
  • You have total control of the IP exclusion list along with utilities to manually add / delete, flag / un-flag entries.
  • You have 3 options for filtering your reports:
    In real time, which will hide flagged clicks & opens.
    Delete flagged records.
    Or simply take no action.

What about one-click-unsubscribe links?

There is also a risk that an email scanner may also click the Global (or list) opt-out links you (should) have in your newsletters. These are essentially instant one-click-unsubscribe links.
The solution to this problem is to ask for an opt-out reason. Only a human can complete this process.
In addition, this gives you valuable insights as to why your subscribers are leaving you.

Alternatives to using one-click-unsubscribe may be:
- Redirect the subscriber to the "Subscriber portal" (for a full profile update).
- Redirect the subscriber to the "Update list preferences" special built-in page.
Learn more about the different opt-out links you have in nuevoMailer.

https://www.nuevomailer.com/safe-tracking-protection

See also,

Top of page