Bots are a well-known scourge on Twitter and Facebook, but they’re also a problem on email lists. Even bots that aren’t explicitly trying to compromise your systems represent a serious risk, as they can inflate performance numbers, muddy targeting efforts, and lead brands to make tactical or strategic changes that serve bots rather than human subscribers.
Let’s explore the 3 forms email click bots come in, with each requiring its own potential remedies:
Beneficial email click bots
There are helpful and positive contributor click bots. For example, some email click bots scan every link for malware before passing the email along to the intended recipient.
Thankfully, most beneficial bots come from security companies like Barracuda and McAfee and clearly announce themselves. This allows the vast majority of email service providers to automatically filter these bot-related clicks so they don’t affect marketer’s results.
Most of the bots that don’t identify themselves fall into one of the two remaining email click bot categories.
Malicious email click bots
Some bots are harmful by design. They’re created to explore, discover, and exploit vulnerabilities. For example, Spamhaus blocklisted many well-known, popular brands in 2016 because malicious bots entered the email addresses of tons of unwilling people into the brands’ open email signup forms. As a result, brands flooded those people’s inboxes with emails.
In a recent Oracle Modern Marketing Blog article, Daniel Deneweth, Head of Email Deliverability Services at Oracle CX Marketing Consulting, recommended that companies do the following to protect themselves from malicious bot attacks:
- Adding CAPTCHA to all web-based email signup forms.
- Adding a hidden form field to all web-based signup forms.
- Adopting a double opt-in permission standard, where appropriate.
- Tracking each subscriber acquisition source closely.
- Implementing an alert system for spikes in the number of signups coming through any one subscriber acquisition source.
- Creating a “new registrant, non-responder” rule.
- Applying segmentation criteria to limit the number of emails you send to unengaged subscribers.
The next email click bots fall into a category that lies between beneficial and malicious.
Exploitive email click bots
These bots can be unintentionally harmful. These email click bots are created by competitive intelligence services and similar businesses that use the bots to collect data that’s then sold.
As mentioned earlier, exploitive email click bots mess up your email performance data and targeting, and lead you to make poor strategic decisions. If you don’t have many bots on your list, shifting your reporting to use unique opens and clicks can reduce the bots’ ability to materially impact content-performance metrics.
However, if bots are affecting even your unique metrics significantly, then you’ll likely need to do more. In addition to the protections listed above, smart brands periodically screen their email database for suspicious behaviors and patterns related to frequency, timing, sequence, source, and more—and then remove those addresses from their reporting, if not from their list entirely.
Since coupon codes are a favorite target of bots, according to DataDome, moving to unique coupon codes tied to individual subscribers will help reduce coupon abuse and discourages bots.
Exploitive email click bots are a growing, under-the-radar problem, said Heather Goff, Strategic Director of Email Deliverability Services at Oracle CX Marketing Consulting, in that same Oracle Modern Marketing Blog article. “In one case, we had a retailer with transactional email behavior from 7,000 recipients that could not have been organic human behavior,” she said. “It’s likely that lots of brands have no idea this is going on if they aren’t looking closely enough.”
For a deeper dive, check out The Next Evolution in Email Click Bots: Exploitive Bots Pretending to Be Engaged Subscribers on Oracle’s Modern Marketing Blog.