Why am I seeing a large uptick in Outlook clicks that appear to be bots?

6 Marketer opinions 4 Expert opinions 3 Technical articles 3 Resources

Summary

An increase in bot-like clicks from Outlook can stem from several sources. It's a common issue, possibly targeted by Microsoft towards specific ESPs. Root causes include security software, link expanders, firewalls, automated Outlook processes, link crawling by email providers, pre-fetching by clients, and link protection services rewriting URLs. Identification involves analyzing click metadata, IP addresses, user agent strings, and leveraging reverse DNS. Mitigation includes implementing honeypots, monitoring traffic patterns, using machine learning-based bot management, and understanding the limitations of the 'Do Not Track' header. Preventing bot interactions upfront is crucial.

Key findings

Common Issue/Targeting: The issue is widespread, and Microsoft might be targeting specific ESPs.
Security Software/Infrastructure: Security software, firewalls, and Outlook's processes can trigger clicks.
Scanning/Pre-fetching: Email providers and clients scan/pre-fetch links for security/speed.
Metadata Analysis: Click metadata, IPs, and user agents are key to identification.
Bot Management: ML-based bot management can mitigate traffic.

Key considerations

Proactive Prevention: Prioritize preventing bot interactions from occurring.
Honeypots: Implement honeypots to identify bots.
Pattern Analysis: Analyze click patterns and segment audiences for anomalies.
Reverse DNS: Use reverse DNS to find the origin of clicks.
Monitoring Tools: Utilize website traffic monitoring and heatmap tools.
DNT Limitations: Be aware that the 'Do Not Track' header is not universally followed.

What email marketers say
6Marketer opinions

Several factors can cause a large uptick in Outlook clicks that appear to be bots. These include security software, link expanders, enterprise firewalls, and automated processes within Outlook's infrastructure that access URLs. Additionally, email providers and clients often crawl links for security, pre-fetch links to improve browsing speed, and use anti-virus software to scan for threats. Link protection services rewrite URLs, leading to skewed click metrics due to pre-scanning. Mitigation strategies include implementing honeypot systems, monitoring IP addresses for inconsistencies, segmenting audiences, and analyzing click patterns to identify unusual engagement.

Key opinions

Security Scans: Security software, link expanders, and firewalls trigger clicks.
Automated Processes: Outlook's internal systems may automatically access links.
Link Crawling: Email providers scan links for security.
Pre-fetching: Email clients pre-fetch links to speed up browsing.
Link Protection: Link protection services rewrite and scan URLs.
Bot Detection: Consider bot detection services to help mitigate the impact.

Key considerations

IP Monitoring: Monitor IP addresses for inconsistent clicking patterns.
Honeypots: Implement honeypot systems to identify bot interactions.
Audience Segmentation: Segment your audience to analyze click patterns.
Heatmap Analysis: Utilize heatmap tools to identify unusual engagement.
Pattern Recognition: Look for patterns like IPs clicking all links quickly.

Marketer view

Email marketer from Reddit explains that you can implement a honeypot system or look for patterns, for example, IPs clicking all the links within a short time frame. Also consider bot detection services.

July 2023 - Reddit

Marketer view

Email marketer from Email Vendor Selection states that some click bots are deployed by security services or email clients to pre-scan links for malware or phishing, which can inflate click rates. They recommend monitoring the IP addresses of the clickers for inconsistencies.

May 2021 - Email Vendor Selection

Marketer view

Email marketer from Email on Acid explains that link protection services rewrite URLs to protect users from malicious content. This can lead to skewed click metrics, as these services often click links to scan them before a real user does.

May 2023 - Email on Acid

Marketer view

Email marketer from Microsoft Support suggests that it could be caused by security software, link expanders, or enterprise firewalls, which may access URLs in email messages, or by automated processes within the Outlook infrastructure itself.

September 2022 - Microsoft Support

Marketer view

Email marketer from Stack Overflow explains that common reasons include link crawling by email providers for security, pre-fetching of links by email clients to speed up browsing, and automated scans by anti-virus software.

February 2022 - Stack Overflow

Marketer view

Email marketer from Litmus shares that it's crucial to segment your audience and analyze click patterns. A sudden spike in clicks from a particular domain (like Outlook) might indicate bot activity. They suggest using heatmap tools to identify unusual engagement patterns.

July 2022 - Litmus

What the experts say
4Expert opinions

The uptick in bot-like clicks from Outlook is not an isolated incident, as similar issues have been reported recently. Experts recommend analyzing click metadata, such as IP addresses and user agent strings, to identify the source. Microsoft may be targeting specific Email Service Providers (ESPs) with this behavior. Reverse DNS lookups can help determine the origin of the clicks, and preventative measures should be prioritized.

Key opinions

Common Issue: Similar issues have been widely reported.
Targeted Behavior: Microsoft may be targeting specific ESPs.
Metadata Analysis: Analyzing click patterns and user agent strings can identify bot clicks.

Key considerations

IP Address Check: Examine IP addresses to identify click sources.
Reverse DNS: Use reverse DNS lookups to find the origin of clicks.
Preventative Measures: Focus on preventing bot interactions in the first place.

Expert view

Expert from Word to the Wise explains that identifying bot clicks often requires analyzing click patterns, IP addresses, and user agent strings. She recommends using reverse DNS lookups to identify the origin of the clicks. Additionally, they suggest that the best way to handle bots is to prevent the interaction from happening in the first place

September 2022 - Word to the Wise

Expert view

Expert from Email Geeks suggests to check metadata about where the clicks come from, such as IP addresses, to investigate the source of the clicks.

March 2022 - Email Geeks

Expert view

Expert from Email Geeks suggests that Microsoft has been exhibiting this behavior for a few months, potentially targeting specific ESPs.

November 2021 - Email Geeks

Expert view

Expert from Email Geeks shares that others have reported similar issues over the past couple of months, suggesting it's not an isolated incident.

August 2024 - Email Geeks

What the documentation says
3Technical articles

The uptick in bot clicks on email links can be addressed using various methods. Cloudflare's bot management tools leverage machine learning to identify and mitigate bot traffic, including sophisticated bots designed to evade detection. Google Search Central recommends monitoring website traffic for unusual patterns and analyzing server logs to identify the source of these clicks. The IETF's 'Do Not Track' header provides a mechanism for users to signal their preference against tracking, although its effectiveness depends on the recipient's compliance.

Key findings

Machine Learning: Cloudflare uses ML to identify and mitigate bot traffic.
Traffic Monitoring: Google recommends monitoring for traffic spikes.
Server Logs: Analyzing server logs can identify click sources.
Do Not Track: The 'Do Not Track' header signals tracking preferences, but relies on compliance.

Key considerations

Bot Management Tools: Implement bot management tools for automated detection.
Anomaly Detection: Continuously monitor traffic for unusual patterns.
DNT Limitations: Be aware that 'Do Not Track' is not universally respected.

Technical article

Documentation from IETF explains the HTTP 'Do Not Track' header that can be used to signal to websites and services that the user does not want to be tracked. However, this is only a signal and relies on the recipient honoring it.

June 2023 - IETF

Technical article

Documentation from Cloudflare explains that their bot management tools use machine learning to identify and mitigate bot traffic, including those that may be generating spurious clicks on email links. It also detects and mitigates sophisticated bots that try to evade detection.

March 2021 - Cloudflare

Technical article

Documentation from Google Search Central recommends monitoring your website's traffic for sudden spikes or unusual patterns, which could indicate bot activity. Analyzing server logs can help identify the source of the bot clicks.

June 2023 - Google Search Central

Solved: HubSpot Community - Are Bots Affecting Your Email ...

Hi, HubSpot Community. I’m Jake from the HubSpot Product team. In the last year, the marketing industry as a whole has seen a spike in bot clicks in emails, so I wanted to take a moment to discuss what bot activity looks like, who’s most likely to be affected, and what you can do to address it. Wh...

community.hubspot.com

Unexpected Click Email Events Caused by Non-Human Interactions ...

Statement About Increase in Non-Human Interactions Since June 2023: In June 2023 Click identified an increase in Total Clicks being recorded when emailing Office 365 hosted accounts. We opened an i...

Click Support