Are Bots Affecting Your Email?

HubSpot Product Team

Hi, HubSpot Community. I’m Jake from the HubSpot Product team. In the last year, the marketing industry as a whole has seen a spike in bot clicks in emails, so I wanted to take a moment to discuss what bot activity looks like, who’s most likely to be affected, and what you can do to address it.


What’s bot activity?

Bots are the source of a lot of internet traffic today. It’s estimated that more than half of web traffic originates from a bot, and bots are more sophisticated today than even a few years ago. Not all bots are bad bots, though! Google’s search engine bots, for example, crawl websites and index them; HubSpot’s chatbots help to facilitate conversations with your prospects and customers without requiring a human. 


Unfortunately, there are also bots that create fake clicks and false impressions for apps, websites, and emails. With email, bots are designed to click links in emails as a way to explore, identify, and prevent links to malware or phishing attacks from entering a recipient's inbox.


Okay, so what does bot activity in emails look like?

Email bot activity differs from what bot activity may look like on a website. Bot activity in email is typically security software sitting in front of a recipient’s (or contact’s) inbox. That security software will open the email and, typically, engage with some (if not all) of the corresponding links in that email, following them through the redirect. These actions simulate real user engagement potentially causing false opens and clicks data to be recorded.


Every email marketer who has sent an email campaign has probably been affected by bots. And bots are tricky for email marketers because the email engagement events (opens and clicks) they generate can get recorded alongside legitimate ones. This leads to email campaign statistic inflation as well as automation being tripped based on these false events.


Who’s more likely to be impacted? 

Bots don’t impact all marketers equally. These security filters are much more common in industries tied to finance or healthcare but aren’t as common in B2C marketing. Generally, regulated industries where contacts use a company email see more bot clicks than personal email addresses on email providers like Gmail or Office365.


So, what can we do about it?

For HubSpot, identifying bots and separating them from legitimate contact engagement has been, frankly, a game of Whac-a-Mole. In the last year, the industry as a whole has seen a spike in phishing emails. This rise in phishing has led to corresponding increases in companies adding security software (i.e., more bot activity). 


At HubSpot, we’re doing our best to address this rise. Currently, we’re working on redesigns to email reporting to better separate legitimate contact email engagement from that generated by security software. The entire team at HubSpot, including myself, recognizes this can cause anxiety for a marketer. We will continue to do everything we can to find a solution that best addresses this problem. Until we have a full solution, we’ll be monitoring this thread to answer any relevant questions or concerns and respond to any feedback you have about this.

40 Replies 40

Hi @jaleonard19 ,


We're suffering from the same issue, clicks are becoming unreliable metric to count on for qualifying & scoring leads.


Something in particular we noticed that wasn't mentioned here before is Plain text clicks.


Our logo link (1st link usually in our emails) is recording more clicks than all other links combined which obviously doesn't make sense, so upon checking we noticed that HTML clicks are normal (a bit on logo then majority on the rest, banners, CTAs...etc.) However, when checking Plain text clicks, we noticed that in most cases there's only our logo in that section with significant amount of clicks. Our bot filtering feature is activated yet we still see that.


For example: one email recorded 411 clicks on our logo link, 390 of those are under Plain text. Another emial recorded 375 clicks on our logo link, 359 under Plain text. The more recent we check, the worse the trend gets.


Across 2020, plain text clicks made almost 50% of our total clicks on average. Last half of 2020 the average got over 60%.


Do you think this is also an indicator of bot clicks? If so, is there any way we can build a Workflow that only qualifies leads who clicked on any link except our logo (which we can use as a ghost link, thanks @Mike_Donnelly !) after 5 or more minutes of receiving the email. (assuming most bots are clicking immediately upon receving)


Do you think this would help us reduce the amount of leads that gain false score?






Hi Maen, 

I have dealt with this on several occasions now. It has been tied to schools and business email addresses in my case. As I dug into this, I connected the culprit email addresses to the use of Microsoft Azure & AWS. This is extraneous but interesting information, in my opinion.


As I've been brushing up on this topic and trying to get more answers, I came across these two articles that I felt were good resources to help explain the issue to my superiors. 





Unfortunately, even with all of the research I have currently done, I still do not feel confident in explaining the behavior. Like you, I, too, have seen the inflation of clicks centered around the first URL presented in the plain text version of the email, but I have not found any blogs or whitepapers that call out the plain text version specifically. 


Now, I have found a solution to cut down on both the inflated clicks and the subsequent inflated sessions, but that doesn't explain why this started or what action I should take regarding the culprit's email account. I have assumed that security bots cause this behavior. Therefore I shouldn't remove the contacts as the end-user will have an opportunity to see the email after internal firewalls complete the spam checks, but is this an accurate assumption? Is continuing to email these contacts detrimental to deliverability and list health? Why does an issue like this all of a sudden occur? Also, why is the behavior not 100% consistent from one campaign send to the next? I would think that all email addresses associated with a domain that has shown this behavior would display the same behavior, but that has not appeared to be the case for us. Lots of puzzling questions, but here is one for you. Have you been able to gather any more details about your scenario? 


On a different note, my solution to combat this issue has been to make the first clickable link a "View email in browser" URL. Now, I use an alternate ESP and do not know if this will be a viable solution for you on Hubspot, but I figured it was worth sharing. The ESP I am on doesn't count clicks associated with "View email in browser" URLs; therefore, the reporting and list segmentation issues have cleared up. Additionally, since the first URL is no longer a page on our eCommerce website, the inflated GA session counts we were experiencing have significantly reduced volume (I've only implemented the above solution in blast/batch emails). 


Look forward to hearing from you or anyone else that may have more insight. 


- Inga

Hey Inga,

Thank you so much for such a detailed reply, this is helpful and I feel
your frustration.

We actually moved to Marketo and now I'm just looking at the numbers as we
send out our first few emails using our dedicated IP. It seems like things
are going well, I would assume the dedicate IP would help a bit from a
sender reputation standpoint. I don't see super high open rate or click
rate so hopefully problem solved.

The ESP "open in email browser" trick is really smart though, I'll keep it
in mind for future.

Thanks again,

I'm getting a little concerned for HubSpot here. They do a fantastic job at making email engagement analysis very easy and powerful, with great reporting layout and tools to make performance comparision. However, the currency that makes this machine run is the engagement data itself and it's becoming increasingly unreliable.


On a call with multiple HubSpot employees we were not able to find a single email metric: opens, clicks, web page views, even email read time that was reliable enough for us to base behavioural triggers or reporting on. Our stats are so inflated we have little idea of how we are really performing and so instead of being enabled, we are really flying data blind - our instruments are giving us false readings. As a marketer that's a scary thing, we may think that our email content is really hitting home, where in fact there's been little real engagement at all. We may pass on 'hot' leads onto Sales for them to lose confidence in what we are sending their way as all this 'engagement' amounts to 0 new conversations'.


A good example of how this fake data erodes HubSpot's platform is the Email Health tool. A real value add that allows you to review your entire email marketing operation with a few clicks. However, it's completely useless for us because as all the building blocks (engagement data) going into it are inflated, the results we pull out cannot be trusted. 


As we work in B2B financial services we are facing the highest email security, so others in the post may not have the issue to the same degree, but given HubSpot as a platform is built on identifying engagement and enabling smarter marketing, if this fundamental issue isn't tackled the value of the platform as a whole will diminish, making it harder to justify the invesment in it. Even for those who are real fans.  


Any updates on this? I just put in a support ticket for this as we're seeing an increase in bot activity that opens and clicks on our emails rendering our emails stats suspect.




Make sure that you work on your email marketing, your social media marketing, and your content marketing.. With a little effort on your part, you can quickly gain a strong customer base and grow your business to the point where you generate more sales than you are able to carry. 


Has anyone been able to come up with an all encompassing way, through either a list or a workflow, to even identify the folks and/or companies this consistently happens with? Something to the extent of if every link in Email A is clicked flagged this contact engagement as potential bot activity?

The only way I can see to do that at the moment would be to take every single email and say if opened and clicked on this AND this AND this... which obviously is not feasible to do for dozens of emails. 

Curious if there is a better way or even a condition that could be added by Hubspot in the list builder to say if All Links clicked in Email or if Links clicked at the same time email was sent... 

Would love to hear if anyone has come up with a creative workaround! 



Hi @MMunroe , not something I've implemented myself but saw this and think it mught work:


It's for marketo but can't see why adding a hidden link to catch bot emails engagement and using a workflow to update a checkbox wouldn't work in HubSpot. You'd then need to use a smart list to find the 'true' engagement for each email. Sadly any of HubSpot's out the box reporting like Email Health would still be useless


We've been noticing issues with HubSpot tracking for a while now and when I submit a support ticket I just get the run around with no answers or solutions. Wasn't until today that I was finally told about the bot activity issues. But with us it's not just affecting our marketing emails, it's also an issue with one-to-one sales emails and landing pages. We're getting false notifications for email opens, clicks, page visits, and form submissions. 


Anyone else having the same issues when using pretty much any tool within HubSpot Marketing? I'm having a hard time justifying user costs given the data and analytics is a complete joke. 


Bot filtering setting is not helping.


Another data point is corporate email servers will open the same email for all its recipients at the same time. For example, if you send to 3 people at the same domain, we see all 3 people open the email in the same minute. It may be well after HubSpot sent the email…but the opens and clicks are all done at once.


From my understanding, HubSpot groups Bot activity into Account and Behavioral-based activity. HubSpot is aware of Accounts where Bot activity is prevalent and behaviors where the timestamp of the email and the corresponding bot activity happen at nearly the same time. My interest is in the latter and we are hopeful that this type of behavior can be removed from our email results.