Where Bot Clicks Come From — and How They Skew Your Metrics
Many large organizations use email security scanners — automated systems (bots) that:
Automatically open incoming emails;
Click on every link in the message;
Do this before the recipient even sees the email.
These scanners are designed to protect employees from:
Phishing websites;
Malicious links and files;
Social engineering attacks.
As part of the scan, they “click through” all links and run them through antivirus tools, sandboxes, and firewalls. Based on the scan results, the system decides whether to:
Deliver the email to the Inbox;
Send it to Spam or Promotions;
Or block it entirely.
These automated actions can seriously distort email performance analytics:
Opens and clicks are registered before the user actually engages;
Clicks may happen in bulk within seconds — and are not real;
Automated flows (like sending a follow-up campaign after a click) can be triggered by false events.
This makes it harder to trust your data and personalize communication effectively.
How Maestra solves it
To prevent these issues, Maestra applies Bot Click Filtering System.
How the filtering works
Step 1: Initial filtering
All clicks from transactional campaigns, and from users without email scanners enabled, are immediately counted in your click statistics.
All other clicks are placed in a temporary queue for up to 6 hours for further analysis.
Note:
Because clicks may be delayed by up to 6 hours, we recommend evaluating campaign performance at least 24 hours after sending.
Step 2: Behavior analysis
During the 6-hour window, Maestra reviews click patterns to decide whether they were likely made by a bot.
A click is automatically discarded as bot activity if it meets any of the following conditions:
4 or more clicks within 1 second
5 or more clicks within 10 seconds
Important:
Filtering only applies to clicks and unsubscribe requests.
Opens are always recorded, even if the related click is flagged as bot-driven