-
-
Notifications
You must be signed in to change notification settings - Fork 2.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Email Protection Systems Generate Invalid Traffic #9798
Comments
We have a lot of discussion about that in company. We've talked about 2 solutions:
Add page before redirect with Recaptacha and decide based on score
I like this idea. @mabumusa1 do you have any opinion? |
@mabumusa1 I developed a Mautic plugin for a client who had this problem. This type of software is usually used by large companies running their own email servers. We tried to find an elegant and scientific method to solve the problem, like identify the browser agent, IPs and looked at the data for other possible ways to isolate the bad clicks or the bad click producers and we tested a few, didn't work consistently... Browser agents change a lot. We identified a few browser agents doing a lot of damage, but in the next round of emails, those had changed. Also, if you check data over time, browser agents that were clearly harmful to one email, were part of what looked like legit clicks in other emails. Also, there usually is a great number of fake clicks coming from a handful of "bad browser agents" but that is maybe 50% of the total, and the rest of bad browsers make just one or a few clicks, hard to define patterns, maybe a good job for an AI. I was also unsuccessful with isolating IPs, these are corporate servers behind corporate networks with reverse proxies, reaching out to the internet over a pool of IPs. In one extreme case, we had the same person (contact) click on a link from 5 different locations all around the US, from coast to coast in a 10-second window. What ended working decently well for us was to add an invisible link to all outgoing emails, then once a click to the invisible link happens, we check all the clicks in a 10-second window and we eliminate all of them (we copy them to a different table for further analysis). After a few adjustments to the scripts, the CMO of the company decided this method was doing the job well enough, and there was no need to double the development cost to squeeze an extra 5% reliability, hence no further development or research was deemed necessary. If you ask me, this is an excellent problem for an AI, this is what these excel at, finding patterns, so if we ever decide to improve the current scripts, I will strongly recommend training an AI with the data from the Mautic database and see what comes out. Another thing that might change is the moment in time we run the filters. Right now we are running the scripts from a cronjob, hence the data first makes it to the database and then is evaluated and removed if deemed wrong. Interesting possibility with the Recaptcha @kuzmany, so basically every link would point to or be intercepted by a "proxy page" where the Recaptcha lives and then redirected to the real page, right? |
@YosuCadilla thank you for your experiences
Did you increase or decrease that time tresholds?
Yes, all urls are tracked, then it's easy to add before redirection routine (stats, redirect) some page and continue to standard redirection after passed verification. |
Did you increase or decrease that time tresholds? That means after tweaking invisible link resolved 90% of bots clicks at least? However, our level of detected bad clicks matches what others described on the HubSpot thread, and the click ratios are now much more aligned with industry standards. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
This issue has been automatically closed because it has not had recent activity. If the reported issue persists, please create a new issue and link back to this one for reference. Thank you for your contributions. |
I think this issue is important and we should discuss and address it in the community. |
This issue has been mentioned on Mautic Community Forums. There might be relevant details there: |
We've already worked on solution with recpatcha page before go page. |
This issue or PR has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. If you would like to keep it open please let us know by replying and confirming that this is still relevant to the latest version of Mautic and we will try to get to it as soon as we can. Thank you for your contributions. |
This issue or PR has been automatically closed because it has not had recent activity. In the case of issues, if it persists in the latest version of Mautic, please create a new issue and link back to this one for reference. With PRs if you wish to pick up the PR and update it so that it can be considered for a future release, please comment and we will re-open it. Thank you for your contributions. |
|
Bug Description
This is not a Mautic bug by itself but it impacts Mautic a lot, there are many protection systems like https://www.proofpoint.com/us/products/email-security-and-protection/email-protection which do the following on the emails sent by Mautic
User Agent
which makes it hard to block invalid traffic.I opened this thread for discussion as there is no clear way to solve it
The text was updated successfully, but these errors were encountered: