Email Bot Clicks

  • Updated on Jul 11, 2025
  • Published on May 28, 2024
  • 7 minute(s) read
Prev Next

Some email clicks might not originate from a human but bot clicks (server clicks). Bot clicks make profiles seem more engaged than they truly are, which can affect your marketing strategy. This guide aims to define the bot clicks and provide a list of suggested actions you can take.

In this article, you can find:

Definition and Symptoms of Bot Clicks

A bot click is a machine that clicks a link in an email instead of a human for multiple reasons. 

The following symptoms might indicate bot clicks:

  • You might observe a high number of clicks for a user in a campaign reported approximately the same time an email message is delivered.
  • The same IP address reported for a high number of click events belongs to a user.
  • You might observe increased unsubscribe rates due to the ISP clickable bot activity for opt-in users. Since unsubscribe is also a link, it can be clicked and cause the users to unsubscribe.
  • You might observe clicks without an open event for a user in a campaign.
  • Clicks might occur within a few seconds of email delivery.
  • Users might open every email and click all links consistently.
  • You might observe unusual spikes in click activity coming from security gateways like Proofpoint, Barracuda, or Mimecast.

Origin of the Issue

Several reasons cause the bot clicks: email clients, security tools, bots, etc.

Email Clients

An invisible, one-pixel image is added at the end of emails to track the email opens. The open event may not be triggered in all emails as some email clients such as Yahoo, Microsoft, and Gmail may not automatically download images including this one-pixel image. In this case, a user can still click the link(s) in the email without triggering the open event.

Gmail clips email messages larger than 102 KB, and some or all of the clipped content is hidden behind the following "[Message clipped] View entire message" notification.

In this case, the open event may also not be recorded for the user as Insider tracks the open events by an invisible, one-pixel image at the end of the email. Unless the recipient clicks the View entire message link, this one-pixel image will not load, and the open will not be tracked while a click might still be registered for this campaign.

Security Tools

Malware and Phishing Protection

  • Link Scanning: Security tools (e.g. antivirus software, email security gateways, etc.) scan emails for malicious links and attachments to help protect users from phishing attacks and malware. These tools might also click links to analyze their content and destination for potential threats.
  • Sandboxing: Advanced security tools often open links in a sandboxed environment to observe behavior without risking the user's device. This step ensures that malicious scripts or downloads are intercepted before they can cause harm.
  • Pre-fetching: Pre-fetch links to scan for malicious content without loading the email or its tracking pixel.

Content Filtering

  • Content Analysis: Security tools analyze email content to detect spam, malware, and phishing attempts. This analysis can involve fetching remote content, including images and links, to identify suspicious patterns or payloads.
  • Reputation Checks: URLs in emails may be checked against databases of known malicious sites. This involves querying external servers, which can simulate a click event.
Your title goes here
These types of security scans also cause clicks per user in email campaigns even though the user does not click any link. To mitigate such issues, it is suggested to link branding and two-click unsubscribe before sending email campaigns.

Bots

Automated Interaction

  • SEO Crawlers: Search engine bots and other crawlers might click the links in the emails to index content for search engines. While these bots typically focus on web pages, they can also interact with the links in the emails if they are accessible.
  • Monitoring Services: Automated services that monitor email performance might test links to ensure they are working correctly. These services aim to verify that links are not broken and lead to the intended destinations.
  • Automated Bots: Bots follow links for indexing or analysis without rendering the email content.
Your title goes here
This behavior can be observed in private domains as well as Microsoft domains such as MSN, Live, Outlook, and Hotmail. For Microsoft domains, increased clickable bot activity is observed for email campaigns below 40 KB in size.

Impact on Metrics

Bot clicks can affect the open rates and click rates.

  • Open Rates: When a security tool loads images, it can trigger tracking pixels, which can lead to false open reports. This action does not represent user engagement but an automated process.
  • Clicks / Click Rates: Clicks per user, total clicks, and click rate can have a spike.

Suggested Actions

To mitigate the bot clicks, you can implement the following actions.

Branded (Dedicated) Link Tracking

Branded link tracking allows you to display your domain on click-tracking links instead of the default Insider (Sendgrid) link encoding. Using branded links with your sender domain is a better recognition by email clients. If you set up branded click tracking, it also allows your customers to trust further the emails from your brand as the branded links are easily recognizable and authentic.

Unlike encoded links, branded links do not consist of long strings of letters and numbers. End users can see your brand name when they hover over the email campaign links. This could improve the inbox placement and also increase the probability of the recipients' engagement with your links. Having the same root domain in both your branded click tracking and the sending domain creates a direct match and alignment across your brands.

The following are some of the key benefits of dedicated click tracking:

  • It builds trust with inbox providers and email filtering services.
  • It helps build better trust in your email campaign content with major mailbox providers and email filtering services.
  • It minimizes the chances of bot clicks.
  • Branded (dedicated) click-tracking domains use dedicated SSL certificates.

When you set up link branding, you should not use URL shorteners. These will replace the branded URLs with short URLs, which will not prevent bot clicks.

If you want to do link branding, you can contact Insider's Email Deliverability Team for configuration.

2-Step Unsubscribe

A 2-step unsubscribe helps prevent email clickable bots from automatically unsubscribing users. It requires users to confirm that they no longer want to receive emails from your brand. It also allows you to customize the message and add a logo for users to see when they click the unsubscribe link in a campaign.

You can implement the 2-step unsubscribe functionality with a custom unsubscribe page

If you are still in your onboarding and want to implement the 2-step unsubscribe, you can contact your Insider Customer Onboarding Manager. If you have completed your onboarding, you can contact Insider's Operational Excellence Team to implement the 2-step unsubscribe feature.

Your title goes here
Insider is already adding a one-click unsubscribe to the email header for all customers in compliance with Gmail and Yahoo's requirements. However, you can still utilize a two-step (click) unsubscribe within the email template to mitigate the bot clicks.

With the two-click unsubscribe in your email, recipients will be asked to confirm their opt-out when they click the unsubscribe link in your email.

Campaign Size

You can keep the size of your email campaigns between 40 KB and 80 KB to help decrease issues with email security scanners. The emails above 102 KB are clipped by Gmail

If the size of the pure HTML is greater than 75 KB, you will be notified of the size of your email template.

Use of HTTPS Links

You need to ensure all email links are HTTPS-based to avoid unnecessary link rewriting or scanning by security systems.

Request Throttling

On the website or application, you can implement throttling mechanisms to manage sudden traffic surges and protect system stability.

Audience Segmentation

You can create dedicated campaigns for inactive or low-engagement users. This helps isolate potential bot patterns and analyze clean behavioral data.

FAQ

Q: Are these bot clicks specific to the Insider?
A: This behavior is not specific to Insider or Sendgrid, but instead on the mailbox provider side and recipient workstation.

Q: Are there any specific domains where we observe bot clicks the most?
A: This behavior can be observed in private domains together with Microsoft domains such as MSN, Live, Outlook, and Hotmail. For Microsoft domains, increased clickable bot activity is observed for email campaigns below 40 KB in size.

Q: How can we differentiate bot clicks from real human clicks?
A: Bot clicks often occur within 2–3 seconds after the email is delivered and may appear as multiple rapid click events for a user from the same campaign. They typically originate from known email security tools (e.g., Barracuda, Mimecast), follow repeated full-link click patterns, and come from the same IP address as the email delivery event. In contrast, human clicks tend to come from unique IPs and occur less predictably.

Q: How does auto-unsubscribe happen?
A: The "bot clicks" click on the unsubscribe link and makes the user auto-unsubscribe even though there is no human interaction. If you set up a custom unsubscribe to use the two-step unsubscribe feature, you can mitigate the bot clicks that make the users unsubscribe. The two-step unsubscribe will help with this issue as the bot clicks cannot click on the confirmation page of the unsubscribes. However, if you use the default unsubscribe, bot clicks can make users unsubscribe.