Email bots play a significant role in the world of email communication… in other words, bots are a good thing, and we want them to do their job. Sadly, their job disrupts a Threat Defense campaign’s data and while email security bots are essential for safeguarding users, they can be frustrating when you are running your Threat Defense campaign.

 

So what is a Bot?

An email bot is a software security application that runs automated tasks with the intent to imitate human activity… meaning, a bot is trying to do what a real person would do. 

When an email campaign (e.g.: a Threat Defense Campaign) is sent to your end users, bots will open and then click on links within the email to simulate user behavior and to determine where these links lead. These programs meticulously scan each email and click through every link to ensure they lead to secure websites.
 

How does this affect a Threat Defense Campaign?

Usually with a Threat Defense Campaign these bots open between 50-100% of emails and click on between 25-40% of them. This can be much higher depending on the nature of the campaign. (e.g.: Microsoft based campaigns usually have a much higher open and click bot rate)


Additional Search Capabilities: As we continue to add new simulated phishing campaigns each month and expand our Threat Defense offering. We recently added new search capabilities, making it easier to find the campaigns you’re looking for.
More Reliable Reporting: In an ongoing effort to keep users safe against legitimate phishing attacks, third-party bots are becoming more sophisticated and prevalent than ever. The bad – bots are designed to emulate human behavior, which can result in false negatives. The good – most false negatives (80-90%) occur near when an email is sent which is why we’ve added some sophistication to detect time-based bot activity. User activity for false negatives will not appear in our reports, making our reporting more reliable than ever. 

Remedial Training Delay: We’ve also added some additional sophistication to our remedial training enrollment criteria to exclude false negatives. Users will no longer be asked to complete remedial training based on known bot activity. 


Also, if anything appears suspicious, the bot may flag the email or mark it as spam to protect recipients from potential threats. 

One more note, excessive bot opens and clicks can lead to various consequences. Besides the inaccurate open-and-click data, your Threat Defense emails may be quarantined.


 
How can we prevent bots from opening and clicking on Threat Defense emails?

While it is challenging to completely eliminate bots opening and clicking on Threat Defense emails, your organization can minimize their impact. You will want to:

  1. Connect with your IT Email Team
  2. Verify that they have whitelisted as per our documentation
    1. Whitelisting BrainStorm Threat Defense on Email Servers: QuickHelp™ Support Center
    2. Advanced Delivery Policies for Whitelisting Threat Defense Phishing Campaigns: QuickHelp™ Support Center
    3. Microsoft Windows Defender Domain Whitelisting: QuickHelp™ Support Center
  3. Have your IT Email Team work with your organization’s Email Service Provider (ESP) to reduce the number of bot opens and clicks from our Threat Defense IP address (52.228.117.29).

 

In summary, while email bots serve a crucial purpose in protecting your end users, they also introduce complexities for Threat Defense campaigns. Because of these “bot-induced” opens and clicks we highly recommend that any training given to users is given to only users who submit data as a bot cannot type in information. They can only open and click.