Should we be concerned about bots clicking links in email with regard to double opt-in consent? | Community
Skip to main content
keithnyberg
keithnyberg
New Participant
January 16, 2018
Solved

Should we be concerned about bots clicking links in email with regard to double opt-in consent?

  • January 16, 2018
  • 1 reply
  • 3889 views

I was reading through this discussion: Bot-checks in emails that highlights an issue were security software clicks all the links in an email to verify none are malicious. All of these clicks are logged in Marketo so this discussion was focused on filtering out bot clicks to get better reporting.

Today, this topic led me to ask the question, Should we as marketers be concerned about this issue with regard to capturing double opt-in consent?

The purpose of Double Opt-In is to gain consent from the individual that asked to receive your emails by having them confirm their selection via email, however the issue outlined above leaves room for false positive consent.

Imagine the unideal scenario where a prospect takes legal action as they did not consent to receive email becasue "they" did not click the link in the email to confirm, but their security bot did.... would really suck....

Is anyone else concerned about this? Thoughts from others? Should we need to ask Marketo to put a solution for bot clicks in place before GDPR is in place? Am I over thinking this?

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
    Best answer by SanfordWhiteman

    I would not trust a clicked link as an opt-in, just as I wouldn't use an "instant unsubscribe" link, for exactly this reason. Require a button click on an LP instead.

    1 reply

    SanfordWhiteman
    SanfordWhitemanAccepted solution
    New Participant
    January 17, 2018

    I would not trust a clicked link as an opt-in, just as I wouldn't use an "instant unsubscribe" link, for exactly this reason. Require a button click on an LP instead.

    keithnyberg
    keithnybergAuthor
    New Participant
    January 17, 2018

    So they fill a general subscribe form and check the box to receive email, then send them the "confirm consent" email that directs them to a consent confirmation form, correct? That would make the process more bulletproof but does require the user to take some extra actions. I guess the secondary confirmation form could be minimal and only require email, but how do I ensure a bot doesn't get to my  consent confirmation form page URL? No index/nofollow is an obvious first step, but can anything else be done to only make the page accessible via the "confirm consent" email?

    SanfordWhiteman
    SanfordWhiteman
    New Participant
    January 17, 2018

    If a bot (search engine or spambot in this case, not mail scanner) finds your confirmation page, (a) the search engine isn't going to submit the form, and (b) the spambot isn't going to submit in the context of the specific lead. The confirmation form doesn't even require that email be a field on the form.

    Terms & ConditionsAccessibility statement

    Loading footer...