Very interesting. Our company has noticed strange email open/click behavior in the past. Most notably, we had some unusual spikes in direct traffic from recipients only clicking the first link in every email we sent (the link happened to be from our company logo and led to our website's home page, which may have caused it to trigger as Direct?)

Essentially, we were seeing dozens of clicks from each email but with absolutely no engagement otherwise. It was really bizarre, and it did seem like some strange bot activity. Even this year, sometimes our emails consistently get the same number of clicks from the same people (give or take 20-23 clicks), while other emails receive nothing at all. Strange...

Thank you for sharing. A lot of that does sound like bot activity. Two common patterns are: 

1. Opens or Clicks almost immediately after the email was delivered. You can see this by clicking into the 'Recipients' tab on the individual emails. Then expanding the contact's timeline of events. If the timestamp for the delivered and the open or click are very close together (less than a minute or two). That is a strong indication it is a bot. 
2. If every single link in the email is clicked. That is another strong indication it is a bot. We will see the same emails delivered to the same domain, and all come out with exactly 15 clicks. Again most likely a bot. 

Another way we noticed the large scale extent of this problem (we sell into very large enterprises who probably have extensive security protections) is when the number of clicks at a company equals the number of opens.  We try to aggregate engagement at the company-level and found most companies had that occurring. 

Yes! Absolutely...looking at patterns across like recipient domains is definitely another way to identify companies using security software on their email inboxes. 

Oh wow, this totally lines up with what we've been seeing! Most notably, a contact clicks a link multiple times as well, and it's almost always as soon as the email is delivered to them. Is there anything we can do to avoid this or prevent it from continuing? Last month it completely skewed our metrics since we had way more Email traffic than we normally would. Now, we seem to be having a lot less. 

Hi @Phil_DM2 - Thanks for sharing. That is unfortunate that it skewed your metrics the previous month. We have been doing some interim work to identify some of the worst offenders and make sure those open & clicks aren't recorded. This may be why you are seeing less now. 

In terms of what you can do - nothing at the moment. We are in the midst of rolling out a new solution for bots on email. So you should continue to see your metrics get more and more accurate over the coming months.

Thanks for posting this. I notice that in my emails, 14% clicked on the logo which kind of makes no sense. If there is a beta or something, I would be interested!

Hi @mrspabs - eeeekkkk. Yea that doesn't sound right, sorry you are running into that. Unfortunately, we are not doing any formal Beta, rather we are doing a generalized slow-roll out of the solution. 

This was also posted to the ideas forum.

One thing we've been doing and it's partially working (i.e. - need to send more email and this solution will never be a 100% answer as spam systems are always changing the way they work and no two are exactly alike), but add an invisible link to a page on your site in your emails.  For example, in the below screenshot, "Communication" had a link to an old blog about "Communication", but it looks like all the rest of the text so unless you got lucky and moused over it, you'd never know it was a link.  Then we segmented the people (aka bots) that were sent the email and clicked on the link and sure enough, by looking at the details of the clicks it's very clear it's a bot clicking (screenshot below - this is a monthly newsletter so has a ton of links in it).  The next step which is still a work in progress is to add a specific list of domains that have suspicious / bot clicks and then segment these out of any automated follow up that is based on activity.  One thing to mention is that some bots / spam systems will not click on every link in an email, but by doing this on every email you send, you can start to identify / weed out the domains that have aggressive spam systems in place that adversely affect reporting and other automated tasks.  You can also segment your sends so that one email goes to suspicious domains and the other goes to people that don't have the suspicious activity.  Then you can manually review the suspicious activity to determine next steps.  Not a perfect solution and I'll share more on some things we're working on.