Click Bots: The Good, the Bad and the Ugly Truth On a Growing Problem for B2B Marketers

    Last updated: May 15, 2024

    For many B2B marketers, email performance is not just a sales metric anymore.  Today, the results of an email campaign drive marketing programs and automation, targeting deeper content and brand engagement, as well as qualified leads for advertisers.

    While counting leads is a more tangible exercise, when it comes to email display/banner ad stats, advertisers expect accurate and solid click reporting from their Media Partners. These values justify their investment and are important for calculating their return on investment.

    Factoring in email click bots (or link scanners/spam filters), and these calculations become a lot more complicated. The infamous click-rate value that many brands sell ads against and rely on is becoming a point of contention. Which clicks are real? Which ones aren’t? Do we negate too many or maybe not enough? How do we talk to our advertisers about this issue? What can we do to eliminate the problem in the first place?

    Upgrade your privacy game: Watch the webinar with our VP who shares crucial security insights:

    Let’s start with…

    The Good:

    Not all click bots are bad. Many of the clicks seen in email tracking come from legit security products, which are used by many organizations to protect their systems and employees from malware, cyber attacks and spam. Some industries, such as Healthcare, Finance & Government, are more likely to deploy security products on a large scale. Their patterns are often easier to detect because many of these products will click every link in an email before the email even register as delivered on the server.

    Of course, we have to talk about…

    The Bad:

    While link scanners and spam filters might help keep corporate inboxes safe, it causes a nightmare for many media companies because all these clicks register on their email reports.

     Many Email Service Providers (ESPs) are now putting specific rules in place to negate clicks that fall within specific timing/click patterns. Stealth links, hidden links in an email that only a bot would click on, are another solution to be used. Deploying stealth links is easy to implement and scale if your ESP has built-in functionality to track and negate these clicks across their reporting.

    Regardless, none of these measures are a catch-all for bot clicks. Text versions of emails cannot utilize stealth links due to all links being visible, but marketers can split lists and test an HTML only email vs. a multi-part MIME/text only message to measure the impact of bot clicks on text versions.

    That brings us to…

    The Ugly:

    The ugly truth is that combatting even “good” bot traffic is like playing a game of whack-a-mole, even though most of the traffic produced by security products shows more reliable, easier to identify patterns. Alternatively, there is an array of malicious click bots that are mass-entering the email addresses of unsuspecting users and into forms across the Web in an automated, large-scale fashion.

    This behavior creates a two-fold problem. For one, it adds people to your database that have not willingly subscribed –a privacy and compliance issue.  Further, it puts you at risk for being blacklisted, meaning delivery of your emails to legitimate subscribers might be blocked.

    We have  gone over  the Good, the Bad and the Ugly impacts of click bots.  It’s important to take an offensive strategy with them to ensure they don’t impact you business at a larger scale than they should. What can you do to ensure that:

    1. The clicks you are reporting to your advertisers are real?
    2. You keep your email list clean, compliant, and engaged?

    Use a combination of the tactics we have outlined below to protect your email revenue and your advertisers from bots – those that are good and bad:

     Click Bot Mitigation Best Practices:

    1. Educate your Sales and Marketing Teams about the Importance of Engagement – Discuss the impact of Non-human traffic on marketing analytics and reports, especially when these teams heavily rely on click-centric performance benchmarks for their clients. This independent analysis of the Impact of Non-human traffic can be a great tool to distribute to your sales team. The most effective deterrent to attracting Non-human traffic is the use of engaged and “fresh” lists. It is a good practice to only send to subscribers that have been engaging with your emails in a recent timeframe, e.g. have opened or clicked on an email within the last six months, and avoid using third-party or “stale” lists, because they have a higher risk of containing spam traps among other things.
    2. Avoid One-Click Unsubscribe Links – This will prevent recipients from being accidentally unsubscribed by automated security product clicks
    3. Check your Email Click Bot Reports – Do so frequently to stay informed on the security product click exclusions and impact. While these clicks are removed from the default email reporting, they often provide valuable insights into which domains/client groups are affected most.
    4. Use Email Validation and Form Spam Protections – Protect your email data integrity by:
      • Adding a “human-validation” option (e.g. CAPTCHA) to your web-based email signup forms
      • Add a hidden field that will only be populated by bots, but not humans, and reject any records that have this field populated upon submission
      • Use Promo or Source codes to track the origin of your email acquisition
      • Create a new subscriber welcome series that tracks early on if these new subscribers engage
      • Remove long-term unengaged subscribers from your lists to increase your quality scores with spam scanners and ISPs. Spam traps don’t open or click emails, so sending to engaged subscribers decreases your risk of sending to a spam trap
      • Consider using confirmed opt-in (COI) permission standards for new subscribers
      • Add an alert for out-of-pattern spikes in email registrations
      • Use an email validation service, such as Fresh Address, on all of your forms
    5. Consider a Stealth Link in Your Deployments – This will filter out security program clicks if you want to add a layer of detection, but be mindful that some security systems will flag “hidden” links.

    Bettina Lippisch is the Vice President of Privacy & Data Governance at Omeda, an industry leader in managing and monetizing first-party audience data. Their integrated, customer-centric marketing platform incorporates Email, CDP, Subscription Management and Marketing Automation channels into a single customer profile.

    For more information on Omeda’s services or help implementing the best practices for existing Omeda clients, please contact us at

    Photo by Henrik Dønnestad on Unsplash

    Subscribe to our newsletter

    Sign up to get our latest articles sent directly to your inbox.

    What you should do now

    1. Schedule a Demo to see how Omeda can help your team.
    2. Read more Marketing Technology articles in our blog.
    3. If you know someone who’d enjoy this article, share it with them via Facebook, Twitter, LinkedIn, or email.