Suped

Why am I seeing inflated clicks in my ESP reporting due to bot activity?

12 Marketer opinions5 Expert opinions5 Technical articles4 Resources

Summary

Inflated click rates in email marketing reports are commonly attributed to bot activity, including security scanners, click fraud, and increased testing by services like Outlook. A surge was observed around May-June, largely from Microsoft. Detecting and mitigating this requires a multi-faceted approach. Bot traffic is sometimes good as its spam filters checking your links.

Various methods are recommended, including identifying patterns (rapid clicks, known datacenter IPs), implementing honeypot techniques, leveraging pre-flight testing, analyzing user agents/click times, using bot detection software (Cloudflare, Akamai, DataDome, Imperva), and utilizing features in Google Analytics. Segmenting audiences, filtering by location/device, and upgrading infrastructure (instead of throttling) are also advised. Scanner clicks are identifiable by their speed and source and should be considered when interpreting engagement metrics.

Key findings

  • Bot Activity Surge: Increased bot activity, particularly from Microsoft and security scanners, contributes significantly to inflated click rates.
  • Detection Methods Abound: Numerous strategies exist for identifying bot traffic, from analyzing click patterns to employing honeypot techniques.
  • Proactive Measures: Pre-flight testing and robust bot detection software are crucial for mitigating inflated metrics.
  • Analytics Tools Integration: Tools like Google Analytics, Cloudflare, Akamai, DataDome, and Imperva provide features to filter and manage bot traffic.
  • Scanner Clicks: Scanners clicking the links are often the cause of the traffic but is a good sign for deliverability.

Key considerations

  • Strategic Segmentation: Segment your audience to exclude bot traffic, focusing on click patterns, IP addresses, and location/device anomalies.
  • Infrastructure: Upgrade infrastructure to handle query rates, avoiding throttling, which can hinder spam filters. Invest in a good delivery tool.
  • Data Interpretation: When analyzing metrics, account for scanner clicks and adjust interpretations of user engagement accordingly.
  • Filter Selection: Implement robust bot filtering solutions, adapting configurations to address evolving bot tactics.
  • Holistic Testing: Emphasize thorough pre-flight testing to catch email design issues contributing to unintended clicks.

What email marketers say
12Marketer opinions

Inflated click rates in email marketing reports are frequently attributed to bot activity, including security scanners and click fraud. These bots skew data by rapidly clicking links, often immediately after delivery. While a wave of bot activity was noted around May-June, primarily from Microsoft, this is an ongoing issue requiring mitigation strategies. Solutions involve identifying and excluding bot traffic through segmentation, implementing honeypot techniques, pre-flight testing, analyzing click patterns and user agents, and using dedicated bot detection software.

Key opinions

  • Bot Traffic Surge: A surge in bot activity was observed in May-June, primarily attributed to Microsoft scanners, skewing email click metrics.
  • Persistent Issue: Bot activity is an ongoing challenge, necessitating continuous mitigation efforts by ESPs and marketers.
  • Diverse Detection Methods: Various methods exist to identify bot traffic, including analyzing click speed, IP addresses, user agents, and implementing honeypot links.
  • Proactive Testing: Pre-flight testing can reveal issues like broken links or rendering problems that contribute to unintentional clicks, falsely inflating metrics.
  • Software Solutions: Dedicated bot detection software offers advanced capabilities for identifying and blocking malicious bot traffic, enhancing data accuracy.

Key considerations

  • Segmentation Strategies: Segmenting audiences based on click patterns and IP addresses can help exclude bot traffic, providing a more accurate view of human engagement.
  • Honeypot Implementation: Implementing honeypot links can effectively trap bots, enabling their exclusion from overall click metrics.
  • Thorough Analysis: Analyze click times, user agents, and other data points to diagnose false clicks, particularly focusing on patterns indicative of bot activity (e.g., clicks faster than humanly possible).
  • Software Investment: Investing in bot detection software can provide robust solutions for identifying and blocking malicious bots, ensuring more reliable analytics.
  • Pre-Deployment Checks: Routinely conduct pre-flight tests to identify and rectify any email design flaws that might lead to accidental clicks and inflated reporting.
Marketer view

Email marketer from MarketingProfs shares that click fraud, often caused by bots, can inflate click rates. They recommend using click fraud detection software and monitoring IP addresses to identify and block suspicious activity.

January 2025 - MarketingProfs
Marketer view

Email marketer from Email Geeks shares that it’s one of those things that is here to stay, so the sooner ESPs invest in mitigation the better. Since in our space data is key.

May 2022 - Email Geeks
Marketer view

Email marketer from Email Geeks shares that Klaviyo and other ESPs saw increased bot activity from May 15th and drop off on June 20th and confirmed this with other ESPs.

January 2025 - Email Geeks
Marketer view

Email marketer from Stack Overflow suggests implementing a honeypot technique, which involves adding a hidden link in your email that is only visible to bots. Clicks on this link indicate bot activity and can be used to filter out the bot's other clicks.

February 2023 - Stack Overflow
Marketer view

Email marketer from Reddit shares a strategy of looking for patterns such as rapid clicks from the same IP address, clicks that occur immediately after email delivery, and clicks from known datacenter IPs to identify bot traffic.

August 2024 - Reddit
Marketer view

Email marketer from Quora suggests that analyzing click patterns for common indicators can help identify bot activity. Patterns include multiple clicks in quick succession or clicks from a single IP address across numerous emails, which indicate non-human interaction.

September 2023 - Quora
Marketer view

Email marketer from Litmus shares that pre-flight testing can help you identify issues with your email design that may be causing inflated click rates, such as incorrect links or rendering problems that lead to accidental clicks.

January 2022 - Litmus
Marketer view

Email marketer from Neil Patel Blog explains that inflated clicks can be due to bots and crawlers, and suggests segmenting your audience to identify and exclude bot traffic based on unusual click patterns or IP addresses.

July 2023 - Neil Patel Blog
Marketer view

Email marketer from G2 recommends using bot detection software that specializes in identifying and blocking malicious bot traffic on websites, which helps maintain accurate click metrics and prevent skewed analytics.

October 2021 - G2
Marketer view

Email marketer from Email on Acid advises diagnosing false clicks by analyzing click times, user agents, and other data points. Often this includes checking if clicks are happening faster than humanly possible, which is a strong indicator of bot activity.

October 2023 - Email on Acid
Marketer view

Email marketer from LinkedIn explains that filtering by location and device can help in identifying bot traffic by noting oddities like clicks from strange countries, or specific device details that are typically associated with bots.

March 2023 - LinkedIn
Marketer view

Email marketer from Email Geeks says that this wave seemed to be primarily from Microsoft.

February 2024 - Email Geeks

What the experts say
5Expert opinions

Inflated click rates are often due to automated scanners checking email links for safety. Recent increases in Outlook domain activity have been observed, along with widespread scanner clicks. While some see this as a positive sign (content being scanned), solutions include filtering scanner clicks (as Klaviyo implemented) and massaging reporting numbers. Throttling traffic is discouraged, as it hinders spam filters; instead, infrastructure upgrades are recommended for handling query rates. These scanner clicks happen quickly after delivery and lack genuine engagement.

Key opinions

  • Outlook Activity: Increased activity from Outlook domains testing email links contributes to inflated click metrics.
  • Scanner Clicks: Automated security scanners clicking links for safety are a primary cause of inflated click rates.
  • Detection Methods: Scanner clicks are identifiable by their speed (shortly after delivery) and source (security services).
  • Filter Implementation: Solutions like filtering scanner clicks (as seen in Klaviyo) help refine engagement metrics.
  • Bot Traffic Benefits: Bot traffic and spam filter checks are a good sign.

Key considerations

  • Infrastructure Upgrades: If query rates are problematic, prioritize upgrading infrastructure over throttling traffic.
  • Data Interpretation: Massage reporting numbers to provide accurate and meaningful data, considering scanner clicks.
  • Client Review: Review across multiple clients to see if Outlook or other increased scanner activity is also observed on other infrastructures.
  • Engagement Assessment: Recognize that scanner clicks don't represent genuine user engagement; adjust marketing strategies accordingly.
  • Filtering Adoption: Explore implementing filters to exclude scanner clicks from overall response metrics, similar to strategies employed by Klaviyo.
Expert view

Expert from Email Geeks explains that multiple Klaviyo customers have suggested this is a new thing at Microsoft and they implemented a switch to allow users to filter those clicks out of responses.

March 2021 - Email Geeks
Expert view

Expert from Email Geeks shares that others have noticed an increase in Outlook domains testing links and suggests reviewing across multiple clients to see if others are seeing it on your infra too.

January 2025 - Email Geeks
Expert view

Expert from Email Geeks explains that bot traffic is mostly spam filters checking out your content, which is something you want. He advises against throttling traffic and suggests massaging reporting numbers to make customers happy. He clarifies that throttling clicks would likely deny content to spam filters, and upgrading infrastructure is the solution if query rates are a concern.

December 2021 - Email Geeks
Expert view

Expert from Word to the Wise shares that scanner clicks are detectable by their speed (occurring very shortly after delivery) and source (originating from security services). These clicks don't represent genuine engagement but are part of the automated scanning process.

February 2023 - Word to the Wise
Expert view

Expert from Word to the Wise explains that scanner clicks are often the cause of inflated click metrics, as security systems check links for safety. This is increasing, and will likely become a standard element of email marketing.

April 2024 - Word to the Wise

What the documentation says
5Technical articles

Inflated click rates due to bot activity can be mitigated using various tools and techniques. Google Analytics offers a bot filtering option based on a list of known bots. Cloudflare's Bot Management uses behavioral analysis and machine learning. Akamai employs header analysis, JavaScript challenges, and behavioral analysis. DataDome utilizes advanced bot detection technologies like machine learning and browser fingerprinting. Imperva's approach includes behavioral analysis, reputation analysis, and challenge-response techniques. These solutions aim to distinguish between legitimate users and bots to improve the accuracy of analytics reports.

Key findings

  • Google Analytics Filtering: Google Analytics provides built-in bot filtering based on a maintained list of known bots.
  • Cloudflare Bot Management: Cloudflare employs behavioral analysis and machine learning to identify and mitigate bot traffic.
  • Akamai Bot Detection: Akamai utilizes header analysis, JavaScript challenges, and behavioral analysis for bot detection.
  • DataDome Advanced Techniques: DataDome uses machine learning and browser fingerprinting for advanced bot detection and blocking.
  • Imperva Traffic Management: Imperva manages bot traffic using behavioral analysis, reputation analysis, and challenge-response techniques.

Key considerations

  • Tool Selection: Choose the appropriate bot management tool based on your specific needs and technical capabilities.
  • Integration Requirements: Consider the integration requirements of each solution with your existing infrastructure and analytics platforms.
  • False Positive Management: Implement strategies to minimize false positives and ensure legitimate users are not blocked or filtered out.
  • Ongoing Maintenance: Regularly review and update bot detection rules and configurations to adapt to evolving bot tactics.
  • Behavioral Analysis: Focus on behavioral analysis to detect sophisticated bots that can evade simpler detection methods.
Technical article

Documentation from DataDome details how advanced bot detection technologies use machine learning to analyze user behavior patterns, browser fingerprints, and other data points to identify and block sophisticated bots that can evade simpler detection methods.

August 2022 - DataDome
Technical article

Documentation from Imperva explains their bot traffic management approach, involving behavioral analysis, reputation analysis, and advanced challenge-response techniques, to discern and manage bot traffic to ensure accurate website analytics.

January 2025 - Imperva
Technical article

Documentation from Cloudflare Docs explains that Cloudflare's Bot Management feature uses behavioral analysis and machine learning to identify and mitigate bot traffic, which can help reduce inflated click rates and improve the accuracy of analytics reports.

July 2022 - Cloudflare Docs
Technical article

Documentation from Akamai Resource Hub describes several methods of bot detection including header analysis, JavaScript challenges, and behavioral analysis to distinguish between legitimate users and bots, helping to prevent inflated click rates.

October 2023 - Akamai Resource Hub
Technical article

Documentation from Google Analytics Help explains how to exclude bot and spider traffic from your Google Analytics reports by using the bot filtering option in the view settings, which relies on a list of known bots maintained by Google.

July 2022 - Google Analytics Help

Related resources
4Resources

Why Your Click Rates Might Be Inflated By Bot Clicks | Inbox Collective
Why Your Click Rates Might Be Inflated By Bot Clicks | Inbox Collective

These bots are there to keep inboxes safe — but they might have a big effect on your metrics and ad strategy.

Inbox Collective
Email Click Bot Challenge: Protecting Your Email Metrics - MailSoar
Email Click Bot Challenge: Protecting Your Email Metrics - MailSoar

Tackle the email click bot challenge and protect your email metrics. Everything you need to know about server clicks & how they can affect your emails

MailSoar
Email Bot Clicks: Are They Hurting Your Newsletter? - Paved Blog
Email Bot Clicks: Are They Hurting Your Newsletter? - Paved Blog

Email bot clicks got you down? Luckily, the majority of bots come from security software, which aims to protect recipients from bad links.

Paved Blog
How to Filter Bot Clicks in Email Marketing Reports: What Each ESP ...
How to Filter Bot Clicks in Email Marketing Reports: What Each ESP ...

Learn how bot clicks in email marketing skew campaign metrics. Find out how platforms like HubSpot & ActiveCampaign filter out bot activity for reports.

EmailTooltester.com

Related questions