June 3, 2022

Server clicks and what’s behind them


You don’t hear much about server clicks or robot clicks, but it’s important to know that they exist and may affect your email. Spambots, firewalls, and filters are all email scanning programs that check incoming emails, the validity and authenticity of the links in them, scan for malicious attachments, and then decide whether to categorize our email in the spam folder or inbox.

Server clicks are not actually human interactions, but the action of spam filters to determine whether an email is malicious. Sometimes only a few links are clicked, sometimes all of them.

Important to know: your email sending software detects server clicks as clicks, so it can cause a significant distortion in your email metrics, resulting in misleading statistics.

How do I know I’m dealing with server clicks? 

-There are increased opening and clickthrough rates, but they appear to have no effect on conversions or website visits. Compare the number of clicks reported by your email system to the number of sessions measured by email source in Google Analytics.
-The recipient clicked on all the links in the email, up to a link twice.
-Most clicks and openings occur within seconds of sending an email.
-Multiple unsubscriptions appear for no apparent reason.

How does it work and where does it occur?

With the growing threat of phishing, the drive for greater security is felt globally. Although this feature of mail systems is indeed necessary and useful to protect against phishing, it causes many problems in measuring the results of email campaigns.

Mail systems use different parameters to determine whether the anti-spam software should test links in an incoming mail. Some look at the sender’s reputation, others check everything that comes from outside the company.

Within seconds or minutes of an email being sent out, mass clicks appear. Most often, it is seen for email addresses belonging to a few email domains (e.g. xy@example.com and ab@example.com), and all of the recipients belonging to these domains show activity. It is most prevalent in B2B, but can also be present in B2C. Corporate email domains often have more aggressive firewalls and anti-spam filters than traditional free email providers.

In recent years, companies with their own mail servers have improved and strengthened their spam protection, using new algorithms and methods. Phishing domains disguise their URLs, for example through a shortening service or by using a new, unaffected domain.

In neither case will you find any content under the new URL, but it is redirected via http 301 or 302. For the security module to access the content, it must behave like a browser: it opens the link and follows all redirects. This is how it generates the automatic click.

Why is server-click a problem for email marketing?

One of the negative effects of server clicks is that they make the open and click data unreliable, and distort the click map. A further difficulty is that despite bot activity, the reader may actually open and click on the mail, making reporting even more impossible.

Unexpected unsubscribes can be generated by clicking on the unsubscribe link as well, so many potential leads are lost.

For B2B platforms, if clicks/opens also affect lead scoring, they can cause significant bias and lead to poor conclusions in lead nurturing campaigns. In fact, Marketing Qualified Leads (MQLs) that reach sales may not be interested in your product or service at all, they may not even be in the funnel yet, resulting in surprising and unpleasant sales conversations.

What can we do about it?

Unfortunately, just a few ESPs (Email Service Providers) use filtering mechanisms that filter out false clicks from reports. But there are a few ways email marketers can do something about it:

Recognize it!

-In the case of suspicious bot activity, opening and clicking will occur within seconds of sending;
-All recipients of the same domain are affected;
-They also click on things that no one else would, e.g. footer TOS, social icons, header menus.
-Wait! If you see clicks later, they are probably real. The information about real opens is not lost.
-Check what URLs you are using! If possible, avoid using attachments, link shorteners. It is important that
there is a clear and unambiguous link between the links and the domains posting them.
-Use links that lead to your own domain. When you link to another website, you are placing your trust in
their domain reputation, not your own.
-Maintain the health of your database: inactive subscribers are not worth sending mail to after a while,
because it will damage your sender reputation.
-Ask your subscribers to add you to their safe senders list.
-Confirmed unsubscribe: set a two-step way to unsubscribe to avoid unexpected unsubscribes.
-Bait link: use a hidden link with a 1×1 pixel that can’t be clicked by a human, but if a reader happens to
click on it, it should be understandable to them: it can lead to a special page or form, or to your main
page, but give it e.g. a special UTM so that in your campaign report you can recognize that this link was
only clicked by robots, and you can use a simple segmentation rule to separate them.
-List exclusions: exclude those who click on the bait link or footer links.
-It’s also worth using other channels to reach your subscribers, e.g. phone, popup, web push, so your
message is sure to reach them.

How to measure traditional email indicators from now on? 

We see two ways to evaluate the results of email campaigns:

  1. We separate out the bot-suspect email addresses and only consider the metrics of the “normal” campaign.
  2. But – as there may be real opens and clicks from recipients despite bot activity – we can also make manual corrections to the statistics afterwards. This simply means that you can check the history of each contact to see whether or not they actually read your email: if you see activity at a later time in addition to the simultaneous opens and clicks, then it’s real. If you export all the opens and clicks of your sent campaign into a spreadsheet, you can easily filter out those who have had 10-11 clicks in total, with only 1 open. Of course, this solution requires time and attention when posting a large volume campaign. 

What can we expect in the future?

Anti-phishing protection will not disappear, so server cliques can rear their heads at any time. The performance measurement of email marketing is also overshadowed by the introduction of Apple Mail Privacy Protection, which is still being studied by experts to see how it can be circumvented and how it can be used in the future.

Have you encountered server cliques? If you need help, contact Growww Digital!

Article orginally posted by Growww Digital as “Szerver-kattintások, és ami mögötte van

Expanding your business in Europe?

Let us know