Since early June, brands have been seeing a huge increase in Hotmail bot clicks. The team at Orita did some digging to find out what’s happening and why, how it impacts brands, and what actions can be taken for more accurate reporting.
So…what’s happening?
Microsoft has recently introduced several security improvements to Outlook, aiming to bolster email safety and provide users with greater protection against phishing and other malicious activities. One of those changes, Malicious Link Warnings, is having an impact on bulk senders’ tracking of click and open activity.
As described by Microsoft:
“Outlook also recently made changes to the Junk Email experience to help people stay more vigilant and protected as they search for mail that they want to keep and engage with. One change we made was a pop-up message warning users before visiting links in any messages they keep in their Junk Folder. We hope this helps customers truly think about the messages they are opening and ensure they are safe. This is available worldwide on Outlook.com, the new Outlook for Windows, iOS and Android, and Mac.”
As a side effect of this new feature, bulk senders across the internet have been seeing incredibly high bot clicks on emails sent from Hotmail accounts. Across Orita’s 100+ brands, Hotmail bot clicks have sat at 96.57%, compared to other inbox providers’ bot clicks showing up at a rate of 66.34%.
It appears that Hotmail is link testing, opening every link in a bulk sender’s email before relaying the email to the inbox. This allows Microsoft to identify any malicious links, but in the meantime, skews reporting for brands.
How do I get rid of these bots?
The bot activity occurring as a result of Microsoft changes are bot actions, rather than bot actors. Bot actors are bots that exist within your mailing list, like the bot signups that result in list bombing attacks. The Microsoft accounts are not bots, nor are the actions malicious towards accounts, so these accounts should not be removed!
What can I do for now?
Microsoft’s version 2405, which introduced these changes, was released on May 27th, 2024, and reporting inaccuracies can be traced back to this launch date. In the short term, brands can rely on estimating with click rates more consistent with click behavior prior to the 27th, or exclude Hotmail accounts from their reporting metrics. Though this will exclude some click reporting, seeing as the vast majority of Hotmail clicks are bot-generated, reporting will prove more accurate.
In Klaviyo, there is a beta setting where you can track/separate email bot clicks (currently only goes back to April 1st, 2024). It's a manual setting that can be turned on within your Klaviyo accounts. To be clear, the bot click filtering in segmentation and reports is already live in all accounts - it's the setting to automatically exclude from reporting that's in beta.
You can set up a segment in Klaviyo that looks like the one below: