Nov 15, 2019 11:22 AM
Hi, HubSpot Community. I’m Jake from the HubSpot Product team. In the last year, the marketing industry as a whole has seen a spike in bot clicks in emails, so I wanted to take a moment to discuss what bot activity looks like, who’s most likely to be affected, and what you can do to address it.
What’s bot activity?
Bots are the source of a lot of internet traffic today. It’s estimated that more than half of web traffic originates from a bot, and bots are more sophisticated today than even a few years ago. Not all bots are bad bots, though! Google’s search engine bots, for example, crawl websites and index them; HubSpot’s chatbots help to facilitate conversations with your prospects and customers without requiring a human.
Unfortunately, there are also bots that create fake clicks and false impressions for apps, websites, and emails. With email, bots are designed to click links in emails as a way to explore, identify, and prevent links to malware or phishing attacks from entering a recipient's inbox.
Okay, so what does bot activity in emails look like?
Email bot activity differs from what bot activity may look like on a website. Bot activity in email is typically security software sitting in front of a recipient’s (or contact’s) inbox. That security software will open the email and, typically, engage with some (if not all) of the corresponding links in that email, following them through the redirect. These actions simulate real user engagement potentially causing false opens and clicks data to be recorded.
Every email marketer who has sent an email campaign has probably been affected by bots. And bots are tricky for email marketers because the email engagement events (opens and clicks) they generate can get recorded alongside legitimate ones. This leads to email campaign statistic inflation as well as automation being tripped based on these false events.
Who’s more likely to be impacted?
Bots don’t impact all marketers equally. These security filters are much more common in industries tied to finance or healthcare but aren’t as common in B2C marketing. Generally, regulated industries where contacts use a company email see more bot clicks than personal email addresses on email providers like Gmail or Office365.
So, what can we do about it?
For HubSpot, identifying bots and separating them from legitimate contact engagement has been, frankly, a game of Whac-a-Mole. In the last year, the industry as a whole has seen a spike in phishing emails. This rise in phishing has led to corresponding increases in companies adding security software (i.e., more bot activity).
At HubSpot, we’re doing our best to address this rise. Currently, we’re working on redesigns to email reporting to better separate legitimate contact email engagement from that generated by security software. The entire team at HubSpot, including myself, recognizes this can cause anxiety for a marketer. We will continue to do everything we can to find a solution that best addresses this problem. Until we have a full solution, we’ll be monitoring this thread to answer any relevant questions or concerns and respond to any feedback you have about this.
Solved! Go to Solution.
Feb 10, 2020 9:07 AM
Posting an update to this community thread as we are releasing some new bot detection software for marketing email. We have had a solution to bots in email for a while now. It was an IP based approach that worked fine but had some flaws. As we have dug into this problem it has become clear that increases in bot activity is an issue felt not just by HubSpot, but the entire email industry.
This week we are rolling out new tools for bot detection to HubSpot customers, and here are some notes on it:
It is impossible to capture all events generated from bots. If you believe you are still seeing bot activity feel free to post comments here or open a ticket with our support team. Our engineering team is continuing to monitor bot activity on our email and will take appropriate additional steps if they are needed.
Dec 16, 2019 8:53 AM
Hi @DanFromCF -
Certainly not, we are not blocking individual email accounts, domains or anything that would prevent you from seeing legitimate engagement metrics. We use other signals on the open and click events that we capture to separate and block the bots (IP, UserAgent, etc.).
The new solution will actually be based more on behaviors. For example, if we see an email opened and then a click on every single link on the email within a short time window then that is a good indication that it is a bot. Another could be opens of the same email, at the exact same time across similar domains.
I hope that clarifies some of your concerns! Let me know if you have any more questions.
Nov 20, 2019 2:19 PM
Another way we noticed the large scale extent of this problem (we sell into very large enterprises who probably have extensive security protections) is when the number of clicks at a company equals the number of opens. We try to aggregate engagement at the company-level and found most companies had that occurring.
Dec 2, 2019 10:26 AM
Yes! Absolutely...looking at patterns across like recipient domains is definitely another way to identify companies using security software on their email inboxes.