TL;DR
Clicking robots (antivirus, firewalls, spam filters) generate false clicks and opens in your email campaigns, artificially inflating your statistics. In B2B, this phenomenon has a particular impact because volumes are smaller. Since 2021, Apple Mail Privacy Protection has amplified the problem on the open side. To find reliable metrics, Ediware offers an optional filter combining a temporal rule and an IP database of identified robots.
Introduction
You’re analyzing the performance of your latest email campaign and notice an unusually high click-through rate. Good news? Not so fast. These clicks don’t necessarily come from your recipients.
For several years now, email marketing professionals have been dealing with a little-publicized phenomenon with very real consequences: bot-generated interactions. These automated programs, integrated into corporate security solutions, click on links in your messages to verify their legitimacy. The result: your statistics are artificially inflated, and no longer reflect the real engagement of your contacts.
In September 2021, Apple launched a feature that turned the measurement of email opens on its head: Mail Privacy Protection, integrated into iOS 15, iPadOS 15 and macOS Monterey.
The principle is simple. When a user activates this option, Apple automatically downloads the email content, including images and tracking pixels, to its own proxy servers. This download takes place in the background, whether or not the recipient actually opens the email.
In concrete terms, for the sender, this means that virtually all emails sent to Apple Mail users with MPP enabled appear as “opened”. According to an Omeda study of 2 billion emails, unique open rates rose from 15% to 29% in the six months following the launch of MPP, almost doubling.
And the phenomenon is not limited to iCloud addresses. MPP affects all email accounts (Gmail, Yahoo, business addresses) as soon as they are accessed via the Apple Mail application. With around 50% of emails opened on Apple clients, according to Litmus, the impact on global statistics is considerable.
1.3 WHY B2B IS PARTICULARLY AFFECTED
If you’re sending out B2B campaigns, you’re on the front line of this problem. And for two main reasons.
The first is volume. In B2C, a campaign can reach tens of thousands of recipients, most of them on mass-market mailboxes like Gmail or Outlook. However, the algorithms of these e-mail providers are advanced enough that it is not necessary to click on links: they have other sources of information to assess the legitimacy of a message.
In B2B, volumes are much smaller. Your campaigns target a few hundred or even a few thousand contacts, spread across a multitude of different domains. And these different domains, these companies, use email security solutions on a massive scale, which check the links every time.
The second reason is mathematical. Two false clicks out of 100 emails sent is a far more aberrant statistic than 10 false clicks out of 10,000 emails. In B2B, every robot interaction has a much greater impact on your KPIs.
As a result, where a B2C marketer might think that bots don’t have that much impact on his overall stats, a B2B marketer might think that his stats are bound to be impacted, and not just a little. And so are the decisions they make on the basis of this data.
2. Practical implications for your marketing strategy
2.1 METRICS THAT HAVE BECOME UNRELIABLE
The open rate has long been the flagship indicator of email marketing. Easy to understand, simple to track, it was used to judge the attractiveness of a subject line or to measure the commitment of a contact base. Since the arrival of Mail Privacy Protection and the appearance of click bots, this indicator has lost much of its value.
When Apple becomes Mail Privacy Protection, we’ll never know who really opened an e-mail, or who won’t care, by automating the process of preloading images from incoming e-mails. When anti-spam software forces all the links in an e-mail to ensure that there is no risk, the e-mail sender’s click rate will no longer reflect the recipients’ real interest in the content he has sent.
It’s not just that the figures are inflated. The reliability of your behavioral data can be called into question. A contact may be considered “active” when he never takes part in a conversation. Another may seem very involved when only a bot has clicked on their behalf.
2.2 DISTORTED MARKETING DECISIONS
Inaccurate statistics inevitably lead to bad decisions. And the problem is multi-faceted.
Your segmentation first. If you segment your contacts by degree of engagement: active, lukewarm, inactive, fraudulent clicks tend to blur the boundaries between these different segments. Truly disinterested contacts end up in your “engaged” segments, but you keep sending them emails they never open.
Your automation scenarios, too. A workflow that is triggered by clicking on a specific link can sometimes be launched when it doesn’t need to be. Your prospect receives a follow-up email or even a phone call, even though he hasn’t shown the slightest interest in your offer. This doesn’t waste your teams’ time, but it doesn’t do you any favors either…
Last but not least, the measurement of your campaigns is skewed. How do you know if a new email subject is more effective than another when some of the “open” emails are fictitious? How can you identify content that really creates engagement when robots click on all your links indiscriminately?
2.3 IMPACT ON BASIC MANAGEMENT
Beyond these day-to-day marketing decisions, click bots also impact the management of your contact base over the long term.
One of the most frequently cited best practices in email marketing is to regularly clean up your database by removing inactive contacts (those who haven’t opened or clicked on your emails for several months). This has several virtues: firstly, it improves your deliverability, and secondly, it concentrates your mailings on genuinely interested contacts.
But how do you define true inactives if robots are clicking in their place? A contact who should have been removed from your database is still considered active and continues to receive your campaigns. Your database ends up being populated by phantom contacts, your real engagement rates are diluted, and your deliverability can take a hit.
Unsubscribing is another example. Some mailing platforms offered one-click unsubscription, with no confirmation step. Useful for the user, but problematic if a robot clicked on the link by mistake. Recipients could find themselves unsubscribed without having wanted to be. This is also why many routers now include a confirmation step to ensure that the recipient really wants to unsubscribe.
3. How to detect non-human interactions
3.1 TELLTALE SIGNS
Whatever their degree of sophistication, robots leave traces. Some of their behaviors betray the fact that they are automated and not human. Detecting them allows you to identify false clicks and opens in your statistics.
The first clue is speed. Most of the time, a human being won’t click on a link within a minute of receiving a newsletter. First, the e-mail has to arrive, the notification has to appear, we have to find the message in question, take a look at the subject, decide to open it, scroll down or even hover over it to enter its content, and then finally click. In the vast majority of cases, this would take a minimum of several seconds, or even several minutes or hours. A click that occurs just a few milliseconds after the newsletter has been delivered is undoubtedly the work of a robot.
The second clue lies in the way clicks are made. A real newsletter reader generally clicks on one or two links that interest him, and never on all the links in the same e-mail. They click on what interests them, often the most visible/impactful call-to-action button. A robot, on the other hand, may click on all the links, often in the order in which they appear in the HTML code of the e-mail. This exhaustive sequential behavior is a very good indication of automation.
Third clue: a click without opening before the click. Logically, to click on a link in a newsletter, you must first receive and open it. If your tool tells you that there has been a click but no associated open, this is dubious, to say the least. However, you should bear in mind that this third clue isn’t always 100% reliable, as some messaging systems may block the loading of images (including those used for tracking) while still allowing links to be clicked.
3.2 TECHNICAL FOOTPRINTS
Beyond the way they consume email campaigns, bots leave technical traces that your favorite emailing platforms can exploit to try and identify them.
The first fingerprint is the user-agent fingerprint. This is a character string that identifies the browser or application used to get from point A (on the Internet) to point B (a url to visit). Security solutions such as Barracuda, Proofpoint or Cisco sometimes use specific user-agents to identify them. When these specific user-agents can be identified, they can be filtered to exclude the resulting clicks.
The second fingerprint is the IP address. Security bots often use the same servers, and therefore the same IPs or IP ranges. By identifying these sources over time, it becomes possible to have a repository and filter interactions originating from these IPs.
The problem is that bots evolve. Anti-spam editors have realized that their bots are being identified and circumvented, even by malicious actors. So they have tightened up their methods. Today, many bots no longer announce themselves via their user-agent. They imitate the behavior of a conventional browser, change identity with each request, and become much harder to detect.
3.3 TRAPPING TACTICS
Faced with robots posing as humans, some platforms have developed tactics to unmask them.
One of the most common is to place an invisible link in the e-mail, such as a transparent pixel containing a clickable link. This link is not visible to the naked eye, so there’s no reason for a human recipient to click on it. However, a robot analyzing the HTML code of the message will detect it and click on it. Any click on this trap link reveals the presence of a robot, and excludes all its interactions.
Another technique relies on detecting URL modifications. Some anti-spam software modifies the parameters of tracking links before checking them. These modifications generate errors or inconsistencies that platforms can detect and use to identify automated clicks.
These methods work, but they have their limits. The latest robots have learned to avoid the pitfalls. They ignore links on elements that are too small or transparent, and they no longer modify URLs. The race between security bots and detection systems is ongoing, and no solution is 100% infallible.
4. Solutions for recovering reliable statistics
4.1 WHAT EMAILING PLATFORMS DO
Most emailing platforms have set up filtering mechanisms, given the scale of the threat. Each provider has its own recipes, but they all aim to detect clicks and opens made by robots or scripts, in order to exclude them from counters for more realistic statistics.
From user-agents looking for robot and script signatures, to lists of IP addresses used by email security platforms, to hourly behaviors or technical fingerprints: there are many ways for emailing platforms to set up filters for potentially fraudulent clicks and opens.
It’s interesting to note that Mailchimp initially announced that they wouldn’t be looking to filter robot clicks and opens: too complicated to implement. Since then, they’ve changed their mind and are now part of the trend. If we’re not talking about it, it’s because everyone else is… 🙂
Not everyone is on an equal footing. Some platforms make a point of being ultra-transparent about their methods. Others talk about it on the sly in an FAQ section, without putting much thought into it. So it’s a good idea to ask the question directly before signing up: which service provider uses filtering methods to clean up click statistics and robot openings? And the answer will undoubtedly enlighten you as to the seriousness (or otherwise!) of the solution.
4.2 THE EDIWARE SOLUTION
At Ediware, we couldn’t turn a blind eye to this issue. Our platform incorporates a filter which, by combining two approaches, enables us to detect and exclude non-human clicks and openings from our statistics.
The first approach is temporal. By default, we filter out clicks and openings made within six seconds of receiving the message. Six seconds is the minimum it takes for a human being to hear a ringtone or a vibration, decide to check their inbox, open the email in question, browse the email in question and finally click on a link… and even then, six seconds is really the minimum you can expect! If someone asks you the six-second question: don’t feel obliged to let them know that most of the time it’s not real humans who are trying to make you understand things, but robots of a very sad kind.
The second approach is source-based. We maintain a list of several hundred thousand IP addresses and domain names (403,000 in December 2022 and growing) which we use to identify the source of clicks and opens. These sources correspond to robots or scripts that we want to detect and exclude from our statistics: IPs supplied by email security solutions and email delivery platforms, but also IPs located at hotels, cafés or airports where Ediware service customers log on and click in their emails…
We offer this filter as an option, as some users prefer to have access to the full raw data. But for users looking for reliable, usable engagement statistics, this filter allows them to find them 🙂
Our aim is not to do what others do and artificially boost open and click rates to please our customers. Our aim is simply to provide our customers with indicators they can rely on to make the right marketing choices.
4.3 ADOPTING OTHER PERFORMANCE INDICATORS
Beyond the selection filter, the rise of click bots and Mail Privacy Protection should lead us to rethink the way we measure the effectiveness of email campaigns.
The open rate, a vanity metric, should now be put into perspective. It’s still useful for comparing campaigns on the same basis, but it no longer means much in absolute terms. It’s better to focus on engagement metrics that are less subject to automated interactions.
The click-through rate is still relevant, but only if your platform is capable of effectively filtering robot clicks. But the most reliable indicator is conversion: how many recipients have actually taken the desired action as a result of an email campaign? Visiting your site, downloading a white paper, requesting a quote, making a purchase: these are concrete actions that a robot can’t simulate.
To track conversions linked to your email campaigns, don’t forget to add UTM parameters to your links. This will enable you, in your analytics tool, to identify traffic from your email campaigns and track its behavior through to conversion.
Finally, don’t forget the qualitative indicators: direct responses to your emails, inbound requests that refer to your campaign, feedback from your sales reps. These weak signals are sometimes more revealing of the real impact of your messages than any click-through rate.
5. Practical recommendations
Here are a number of avenues to explore to get back to readable, reliable statistics.
Ask your service provider. If you’re using an emailing solution, ask the support team: what methods are used to filter clicks or robot openings? You can quote user-agents to filter, IP databases, temporal reminders… or no question at all. A detailed answer is reassuring. A vague answer that evades the question should tip you off.
Look at your figures the right way. What’s the normal click-through rate on a B2B mailing? You find it significantly higher on one of your campaigns, so start asking yourself questions. Look a little further: are there companies whose email domains get hit by bots? Are interactions taking place at logical times? Were all links supposed to get the same number of clicks? Or perhaps there are lots of different unique users and curiosity, each of them clicked on all the links in the mail. All this might suggest robotic pollution.
Don’t just rely on open rates: if you’ve been through Mail Privacy Protection, you may have realized that this indicator is losing some of its meaning. Think of it more as a standard for comparison between different campaigns, but not as a completely objective measure of recipient engagement.
Focus on conversions What happened after a recipient clicked on one of the links in my mailing? Update: How many visits to my digital site were generated as a result of clicking on a link in my e-mail? And out of these visits, how many different visitors contacted me, asked to be contacted again, requested a quote, etc.? Here are some indicators that are more likely to be linked to your success, and that you can use to monitor your campaigns.
If you’re with Ediware and you’re doing B2B emailing: remember to activate robot interaction filtering to benefit from usable statistics.
Don’t just look at the statistics for your email campaigns. They only tell part of the story. Compare them with what’s happening on your site, in your CRM, and with the feelings of your sales reps. This will give you a better understanding of what’s really working.
Frequently asked questions
WHAT IS A CLICKER ROBOT IN EMAIL MARKETING?
A clicker bot is an automated program that interacts with e-mails before or instead of the human recipient. These robots are generally integrated into corporate security solutions (antivirus, antispam, firewalls) and click on links to check that they do not lead to malicious sites.
WHY DOES ANTI-SPAM CLICK ON THE LINKS IN MY EMAILS?
To protect users. By clicking on links before the recipient does, security solutions check that URLs don’t lead to phishing sites, virus-infected pages or scams. This is a legitimate protection measure, but has the side-effect of distorting sender statistics.
WHAT IS APPLE MAIL PRIVACY PROTECTION AND WHAT IS ITS IMPACT?
Mail Privacy Protection (MPP) is a feature launched by Apple in September 2021. It automatically pre-loads email content, including images and tracking pixels, onto Apple’s servers, whether or not the recipient opens the message. As a result, emails appear as “opened” even if they have never been read, artificially inflating open rates.
HOW DO I KNOW IF MY STATISTICS ARE BEING FALSIFIED BY ROBOTS?
Several clues can alert you: abnormally high click-through rates, clicks recorded only a few seconds after sending, all links in an email being clicked uniformly, or clicks coming massively from certain company domains. If your platform allows, analyze the timing and sources of interactions to spot anomalies.
IS THE OPEN RATE STILL A RELIABLE INDICATOR?
Its reliability has declined sharply since the launch of Mail Privacy Protection. It’s still useful for comparing similar campaigns, but its absolute value no longer has much meaning. It’s better to supplement or even replace it with filtered clicks and, above all, conversion indicators.
HOW DOES EDIWARE FILTER OUT FALSE CLICKS?
Ediware offers an optional filter that combines two mechanisms. The first is temporal: clicks and opens recorded within six seconds of receipt are automatically ignored. The second is based on a database of several hundred IP addresses and hostnames of identified robots, whose interactions are excluded from the statistics.
DO CLICK BOTS HARM MY DELIVERABILITY?
No, not directly. Click bots aren’t there to penalize you, but to protect recipients. If you respect good emailing practices, their presence won’t affect your reputation as a sender. On the other hand, they do distort your statistics, which can lead you to make poor decisions, and these poor decisions in turn can affect your deliverability in the long term.
WHICH METRICS SHOULD BE USED INSTEAD OF THE OPENING RATE?
Concentrate on click-through rates (provided they’re filtered out by robots), and above all on conversions: visits to your site, downloads, contact requests, sales. These indicators measure real actions that bots can’t simulate. UTM parameters will enable you to track these conversions in your analytics tool.
Conclusion
Clicking robots and privacy protection mechanisms like Apple MPP are not threats to email marketing. They are logical developments, driven by legitimate concerns for security and confidentiality. But they do have one direct consequence: open and click statistics can no longer be taken at face value.
For B2B professionals, where volumes are limited and every interaction counts, this reality calls for adaptation. This means choosing emailing software that takes the problem seriously, activating the filters available, and moving towards more reliable conversion metrics.
At Ediware, we’ve opted for transparency. Our optional filter enables our users to retrieve statistics that are close to reality, without any artifice. Because good marketing decisions are always based on reliable data.
