How do bots and link scanners inflate open counts?

Still have a question, spotted an error, or have a better explanation or a source we should cite?

Corporate security gateways and antivirus scanners don't just check your email for threats and move on. They often automatically follow every link in the email to see where it goes, and they load every image to check for embedded malware. Your tracking pixel is an image. When the scanner loads it, your ESP records an open.

The same thing happens with clicks. Security gateways often click every link to verify the destination is safe. If your click tracking uses redirect URLs, the scanner follows the redirect, and you record a click. This means you can see "opens" and "clicks" from corporate email addresses that happened within seconds of delivery, before any human could have read the email. That's the scanner.

How to spot bot inflation in your data:

  • Immediate opens: Opens recorded within 1-3 seconds of delivery are almost always automated.
  • Identical open and click timestamps: If someone opens and clicks every link at exactly the same millisecond, that's a bot.
  • Unusual user agents: Security scanners often have identifiable User Agent strings (Barracuda, Mimecast, Proofpoint, etc.).
  • Click patterns: A human clicks one or two links. A scanner clicks every single link in a specific order.

This problem is more common with B2B lists where recipients use corporate email with security appliances. Consumer Gmail and Outlook personal accounts see less of this (though Apple Mail privacy pre-fetching is a separate inflation issue there).

Some ESPs filter obvious bot activity automatically. Others don't. Check your ESP's documentation to understand what filtering, if any, they apply before you see the engagement data.

Contributors

Who worked on this answer

Every name links to their profile. Every company links to their site. Real people, real accountability.

Ask an AI · tailored to your setup

Find out how much of your open and click data is bot inflation and what to do about it.

I was reading about bots and link scanners inflating email open counts on the Email Almanac. I think this might be affecting my data. My details: - My ESP: e.g. Mailchimp, SendGrid, Klaviyo - My audience type: B2B / B2C / mixed - My typical open rate: e.g. 45% - Am I seeing unusually fast opens (within seconds of delivery)? yes/no/not sure how to check - Am I seeing clicks on every link in emails? yes/no - Does my ESP show user agent data? yes/no/not sure How much of my open and click data is likely bot/scanner inflation, and what can I do about it?

Edit the yellow boxes, then send to the AI of your choice.