Why Bots click on Newsletter Links
Many modern email clients, such as Outlook or Apple Mail, utilize automated security systems known as bots to assess potentially harmful links (e.g., phishing or malware) before users open the emails. These bots automatically click on all or specific links within the email to analyze them in a secure environment.
The problem arises because these automated clicks are recorded in analytics, despite not being generated by real users. Consequently, click metrics can become distorted.
Estimates suggest that between 5% and 60% of all clicks in email statistics can be attributed to bot activities. The exact percentage varies significantly based on:
- Industry and target audience
- Email client and device
- Structure and content of the newsletter
As bot methodologies and systems evolve continually, it becomes nearly impossible to make valid and consistently reliable statements regarding the actual proportion of non-human openings and clicks.
Examples of distortions caused by bots include:
- Apple Mail Privacy Protection (MPP)
Apple Mail automatically loads remote content in the background via a proxy to protect privacy. This leads to tracking pixels being loaded automatically, signaling an opening even if the recipient did not actually read the email. - Microsoft Defender for Office 365 (formerly ATP)
Utilizes Safe Links, where URLs in emails are rewritten and examined at the time of clicking. In cases where links are deemed suspicious, a URL detonation (sandbox test) may occur in advance. Consequently, clicks may be recorded even without active user engagement. - Cisco Secure Email (formerly IronPort)
Cisco analyzes and rewrites links in incoming emails through URL rewriting. In certain configurations, a security check may perform pre-tests on links, potentially leading to clicks being erroneously registered—without recipient interaction. - Barracuda Email Security Gateway
Barracuda employs link protection technologies that check redirects and tracking links. Automated tests during this analysis can trigger tracking URLs, which are counted as clicks, particularly in cases of active time-of-click protection. - Google Safe Browsing / Gmail
Google scans links for known threats but does not use automated pre-click behavior for links. Tracking pixels (e.g., for openings) are affected by image proxying and caching within Gmail, potentially distorting opening rates; however, click data is generally not impacted. - Zscaler Internet Access
Zscaler centrally examines web access and can perform automated pre-fetches under certain configurations. This could result in linked resources being called without user interaction, which tracking systems might interpret as actual clicks. - Sandboxing Technologies (e.g., FireEye, Proofpoint TAP)
These systems assess emails in an isolated virtual environment prior to delivery. As part of this, they may invoke all contained links to check for exploits. Tracking systems may recognize these checks as openings or clicks. - Mobile Preview Features
Some older mobile email applications (e.g., Samsung Mail or early Android versions) automatically load images or external resources when displaying previews, potentially triggering openings or clicks erroneously. Modern clients increasingly prevent this behavior or inquire beforehand.
These automated actions occur without the recipient's interaction but are recorded by Evalanche as clicks or openings since the technical triggering takes place on the recipient's side and cannot reliably be identified as bot clicks.
Evaluation of Email Data
Despite these limitations, clicks and openings remain important metrics but should not be viewed in isolation or as absolute figures. Instead, we recommend a trend-oriented analysis:
- How have opening and click rates evolved compared to previous mailings?
- Are there significant deviations for specific target groups or subject lines?
- If performance declines, an A/B test (e.g., with a different design, content, or subject) may help identify the cause.
- Regularly review the recipient list for invalid or outdated email addresses.
Conclusion
Evalanche provides precise metrics such as Opening Rate (OR) and Click Rate (CR) within the limits of technological capabilities. However, these metrics can be influenced by the automated checking mechanisms of email clients.
As actual interactions by real individuals are not always easily identifiable, we recommend:
- Avoiding reliance solely on individual metrics
- Analyzing trends and relative changes
- Intentionally employing test and comparison scenarios (e.g., A/B tests)
The mailing statistics in Evalanche offer a solid foundation for tracking campaign development and continuously improving newsletter performance.