In the digital realm, new developments and possibilities emerge every day. Subscribe to learn about the latest updates and insights long before your competition.

All Posts

Facts About Bots and Email Security

For a concerned advertiser, today's email marketing environment may resemble the Wild West more than advertising's fastest growing medium.


With every step forward, a new pitfall appears with terminology that makes you shudder: Spam, malware, bots, zombies, ghosts, Trojan horses, viruses, ransom-ware. It makes you wonder what happened to the good old days when a newspaper ad was all you needed to bring prospects to your lot.

Thankfully, it's not as bad as all that. A quick introduction to the laws and the technology behind email marketing can help you navigate email marketing's oceans of opportunity safely, with confidence, and excellent ROI. Two subjects every email marketer should understand are (1) The federal CAN-SPAM Act, and (2) The chatter around web bots.


CAN-SPAM is the federal law that regulates what's acceptable and what's not in sending email. It's worth mastering because CAN-SPAM violations are punishable by fines up to $16,000 per email.

That's why ePush! diligently complies with every requirement of the CAN-SPAM Act. The law isn't complicated, but it is strict. Here are its rules for sending commercial email:

Don’t use false or misleading header information. Your email's “From,” “To,” “Reply-To,” and routing information – including the originating domain name and email address – must be accurate and identify the person or business who initiated the message.
Don’t use deceptive subject lines. The subject line must accurately reflect the content of the message.

Identify the message as an ad. The law gives you a lot of leeway in how to do this, but you must disclose clearly and conspicuously that your message is an advertisement.
Tell recipients where you’re located. Your message must include your valid physical postal address. This can be your current street address, a post office box you’ve registered with the U.S. Postal Service, or a private mailbox you’ve registered with a commercial mail receiving agency established under Postal Service regulations.

Tell recipients how to opt out of receiving future email from you. Your message must include a clear and conspicuous explanation of how the recipient can opt out of getting email from you in the future. Give a return email address or another easy Internet-based way to allow people to communicate their choice to you. You may create a menu to allow a recipient to opt out of certain types of messages, but you must include the option to stop all commercial messages from you. Make sure your spam filter doesn’t block these opt-out requests.

Honor opt-out requests promptly. Any opt-out mechanism you offer must be able to process opt‑out requests for at least 30 days after you send your message. You must honor an opt‑out request within 10 business days. You can’t charge a fee, require the recipient to give you any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request. Once people have told you they don’t want to receive more messages from you, you can’t sell or transfer their email addresses, even in the form of a mailing list. The only exception is that you may transfer the addresses to a company you’ve hired to help you comply with the CAN‑SPAM Act.

Monitor what others are doing on your behalf. The law makes it clear that even if you hire another company to handle your email marketing, you can’t contract away your legal responsibility to comply with the law. Both the company whose product is promoted in the message and the company that actually sends the message may be held legally responsible.
This last requirement demands your close attention. It's the advertiser's responsibility to make sure he is contracting with a reliable, effective and honest marketing company like ePush! with a verifiable track record of success and compliance with all applicable laws and regulations.


For some time now, automotive dealerships have been receiving warnings from third parties that a significant portion of their email marketing traffic is invalid and bot-driven. The warnings site as proof a slight uptick in clicks on dealership website privacy, disclaimer and terms of service (tos) pages.

Bear in mind, though, that most automotive email marketing is validated through sales results, not traffic results. So using bots to drive vapor traffic (invalid traffic that drives up clicks) is of no benefit to the sales-driven marketing company.

Additionally, if an email marketing company was to use bots to drive traffic, it could easily hide its malicious intent by programming the bots to hit actual sales pages, and to avoid the privacy, terms or disclaimer pages. (Again, this would be pointless to marketers who base their value and success on actual, verified sales.)


Spend a little time researching the subject, and you'll find volumes of documents that have been written and released by the major network security firewall and virus-protection providers that address this very issue.

You’ll recognize these international security corporations like Barracuda, Symantec, McAfee, Kaspersky. The information is readily available from these respected companies.

Built into the foundation of network security firewall spam protection and virus protection is the use of automatic traffic monitoring software - commonly called "bots" or "crawlers." You’ll find more information about bots a little further on.

All large enterprises – the major ISP's, financial institutions, hospitals, insurance companies, brokerages, etc. – and most medium and even smaller enterprises – use network security, a combination of both firewalls and spam detection software. A primary function of network security is to stop and inspect any incoming email from an unknown source before it hits the recipient’s inbox. So, if email comes from an unknown source, or if say, several emails come from the same source in a short period of time, the firewall and/or software kicks in with their bots.

In fact, some firewalls actually inspect all incoming and outgoing emails.


Bots are simply software that does what no human can do - perform thousands or millions of functions automatically in mere minutes or even seconds. For firewalls and spam filters, you'll frequently hear the term "zombie bot" and "ghost crawler" just to add some color to their functions.

Good bots are the worker bees of the Internet that assist its evolution and growth. Their owners are legitimate businesses who use bots to assist with automated tasks, including data collection and website scanning.

– Igal Zeifman
Senior Digital Strategist

So, when those unknown emails come in, the zombie bots and/or ghost crawlers go to work:

They check every attachment and link in the email for malware (malicious code), and then follow those links to the websites to make sure the website is legitimate, and then the bots check every link in the website to make sure they don't lead to illegitimate websites set up for phishing or that drop malware like "ransom-ware" on the network. In addition to the virus attached to the emails, their creators launch these infected websites for things like the classic Nigerian Prince scam, the new "here's your invoice,” email attachment and the famous "Love Bug" virus of years ago. There are scores of such malicious scams out there, with new ones appearing almost daily.

Now, when a legitimate marketing company like ePush! sends out 50,000 or 75,000 or 100,000 emails for you, no matter how closely we or anyone else scrubs that data, it’s perfectly predictable that a percentage of those emails will go to a protected network that will check them. This is how you see a slight – emphasis on slight - uptick in clicks on your website's privacy statement, terms of service, and other places you wouldn’t normally expect it. It's the recipient's network security doing its job.

That's not us saying it; that's Barracuda, Symantec, McAfee, Kaspersky, and other network security providers that use automated traffic monitors to protect networks and ISPs all over the world.


You might wonder why you don’t see similar metrics on PPC (Pay Per Click) ads. Quite simply, firewalls scan incoming emails, not website clicks. So any activity that comes directly from paid clicks doesn’t go through the email filter on your firewall.

When legitimate marketing firms like ePush! send valid email to a real person who happens to be accessing that email through a firewall at the particular time, there is no scrubbing or hygiene flaw with that particular email – the bots are simply scanning for content.

More reasons why bots can be present in email marketing

The reality is that bots do exist on the internet and the email marketing industry is seeing a trend of bot activity on analytics. Companies are increasingly using bots within emails to provide different solutions for a variety of services. For example, they create legitimate email addresses, use those addresses to opt-in to various offers that puts them on opt-in email lists, and thereby seed those lists with these security email addresses. The actual recipient is an automated program that uses a bot to open and click on links for a variety of reasons ranging from identifying malicious sites to verifying proper suppression. These bots will appear as clicks on analytics reports and usually click on all links of the creative and within the website. Here are a few examples of uses of bots and companies that implement this practice:

Affiliate Marketing creative compliance. Advertisers are concerned that affiliate publishers use approved and compliant creatives when marketing. Several companies use seeded bot emails to identify the end advertiser, whether the creative is compliant, and to alert advertisers if necessary. Lash Back is one example of a company offering this service.

Advertisers have had issues with email marketing companies running campaigns without using proper suppression files. Two of the largest companies that manage suppression files, Optizmo and Unsub Central, create and employ bot style mailboxes, then add these email addresses to the suppression files to catch mailers that are not using them.

Email advertising watch dog companies such as Spam Haus and Spam Cop, which have guidelines that are stricter than U.S. laws, also set up bot style mailboxes that will open and click on any email that gets delivered. Some scan the landing pages. These email addresses, typically referred to as spam traps, are added to as many email data lists in the market as possible. Even though a mailer may be fully compliant with all U.S. laws, it may not necessarily follow the email rules of these independent organizations, which use this information to gather intelligence on IP providers and hosting companies used by bulk commercial mailers.

Antivirus companies like Barracuda Networks will use bot mailboxes to identify any type of malicious code that could compromise a user’s computer or mobile device. In order for the antivirus companies to block the code, they must capture a sample of it first to track and analyze. So, they seed email lists and use bot boxes to open, scan, click on the email, and even scan the destination website.

Email inbox placement is a growing industry and companies like Litmus and Return Path test email creatives to see how they appear in various browsers. This may include seeding bot style mailboxes for email intelligence gathering.


More than any other medium, email has revolutionized marketing in the 21st Century. More than half of emails are opened on mobile devices, read on the fly, and responded to while people are on the move. Email is active, informative, and utilizes text, sound, video, and interactive methods more than any other medium has ever done. It can link to your website, to live chats, to telephone numbers – anything you can think of.

And, bottom line, the ROI on smart email marketing is huge, trackable and immediately verifiable.

Understanding the basics removes the mystery from this powerful marketing ally. Follow the rules and demystify the technology (Bot traffic happens and is irrelevant to email campaigns that are sales-based.) and you can generate great and ongoing revenue with smart email marketing.

ePush! has the knowledge you need to stay compliant, and a proven track record of increasing sales and generating positive ROI through email. Check out our other white papers, and contact us for a Free Market Analysis for your dealership.


Email Security.cloud protection is built upon big intelligence, and Symantec is continuously learning from the significant volume of emails that are filtered on behalf of customers. Backed by one of the world’s largest malware research organizations, the Symantec™ Global Intelligence Network is also fed by the millions of desktops, servers, and networks where Symantec security products are installed. This combination of intelligence gives Email Security.cloud visibility beyond just email into new and emerging threats which will allow it to deliver effective and accurate protection.

This intelligence is combined with Skeptic™, the Email Security.cloud proprietary scanning technology, which examines multiple attributes of an email to look for anomalies. It learns from what it sees and uses forward-facing heuristics to consider how any malicious content could be applied in an alternate way, invoking protection immediately.

Enabled with real-time link following technology, it will track a link to its final destination and protect an organization from receiving email messages that contain links to malicious content. This protects against new and malicious URLs created to target an organization through phishing or spear phishing attempts, blocking the email before it reaches the inbox.


Intent analysis involves researching email addresses, web links (URLs) and phone numbers embedded in email messages to determine whether they are associated with legitimate entities.


Barracuda Link Protection Service automatically rewrites any URL in an email message to a safe Barracuda URL, and then delivers the message. If the user then clicks on that URL, the service evaluates it for validity and reputation.


McAfee Network Security Platform is an integrated network security platform that combines intelligent threat prevention with intuitive security management to improve detection accuracy and streamline security operations. It provides industry-leading coverage against advanced threats, malware callbacks, zero-day threats, and denial-of-service attacks. Built from the ground up for integration with McAfee’s Security Connected Ecosystem, McAfee’s Network Security Platform leverages security data from across the organization and help plug the security gaps often missed by other pieced-together security solutions.

Unparalleled threat prevention

McAfee Network Security Platform is based on a next-generation inspection architecture designed to perform deep inspection of network traffic while maintaining line-rate speeds. It uses a combination of advanced inspection technologies—including full protocol analysis, threat reputation, behavior analysis, and advanced malware analysis to detect and prevent both known and zero-day attacks on the network.

If you would like to stop your dealership from wasting money on ads & campaigns that aren't working learn how to get an eAnalytix™ marketing evaluation.

Eric Thornsbrough
Eric Thornsbrough
As the Marketing Director for ePush! Eric Thornsbrough oversees business developement, strategic marketing and consults with dealer agencies who want to leverage complex data and new technologies.

Related Posts

Behavioral Data Is Ideal For Automotive Targeting Of Prospects

A longtime client and I were having lunch earlier this year when he voiced a complaint I’ve heard dozens ...
Sean Marra Jul 23, 2018 10:27:54 AM

5 Must Have Ingredients of an Automotive Advertising Ad

It was Spring and I assigned an artist we’d just hired to design an email template for our automotive cli...
Sean Marra Jul 2, 2018 9:00:23 AM

Marketing to Millennials: 6 Ways to Effectively Engage

With a population of over 75 million, Millennials are a target market that cannot be ignored. In fact, cu...
Eric Thornsbrough Jun 25, 2018 5:36:42 AM