Identifying Bot Responses

Email security systems sometimes automatically click and scan links during spam checks to detect and block malicious content. These so-called “bot clicks” occur before an email reaches the recipient and are part of a standard pre-scan for phishing or malware.

While these measures help protect users, they can also distort engagement metrics by appearing as genuine user interactions. Typical indicators of bot activity include rapid, sequential clicks on all links in the email, which can be used to distinguish automated behavior from real user engagement.

At nps.today, we have developed a process to detect and flag responses generated by email bots. We use a combination of the following indicators to determine whether a response was generated by an email bot:

1. Time from delivery to response: The survey is completed almost immediately after it is delivered.
2. Number of clicks: Email bots often click through all links in the survey, resulting in an unusually high number of clicks.
3. Click speed: If all links are clicked within seconds—or even milliseconds—of each other, it is highly likely the response came from a bot.
4. Missing comment: Bot responses never include a written comment.
5. Hidden link clicked: Our email surveys contain a hidden link that is invisible to the recipient. If this link is clicked, it is a clear indication of bot activity.

Human verification

To prevent email security systems from creating false responses, we offer a feature called Human Verification, which you can enable on your account.
Read more about this feature here.