Hey there,
Every week I report on the newsletter stats in our team meeting. Open rates, click-through rates, what performed well, what didn't. I take it very seriously. Probably too seriously. These emails are my baby.
So imagine me, sitting in our weekly meeting a few months back, pulling up the latest numbers, and realising that the click-through rate had dropped by HALF for the last three emails.
I immediately went into full spiral mode. Were people finally sick of hearing about email deliverability? Had I used too many emojis in the subject line? Not enough emojis? Was it something I said? Was it the squirrel story? People loved the squirrel story. Didn't they??
I spent the rest of the afternoon going through recent emails trying to figure out what I'd done wrong. Which one was the culprit? What had changed?
What actually happened is that our email platform updated how it filters out bot activity. And a huge chunk of all those "clicks" we'd been celebrating for months had never been real people at all.
I had to go back to the team and explain that the numbers hadn't actually dropped but rather they'd just been artificially high this whole time. Which is a weird thing to feel relieved and insulted by simultaneously.
Anyway. Here's what's going on, because I had no idea about any of this until I went down the rabbit hole, and I suspect most people don't either.
When you send an email, it passes through a gauntlet of security filters like corporate firewalls and spam scanners before it reaches a human being. And these systems don't just look at your email. They click your links checking for phishing, malware, anything dodgy.
Which is great! That's exactly what you want security tools to do. The problem is that those automated clicks get recorded as real engagement. So when you look at your email reports and see a nice healthy click-through rate, some percentage of that (probably 20% to 60%+ depending on your audience) is robots.
I know. Welcome to my afternoon of existential crisis.
Now, you might be thinking "I don't send marketing emails. I send order confirmations and password resets. Why should I care about this?"
Fair question. But if you're using any kind of email tracking to monitor what's happening with your site's emails (which you should be) this affects you too.
Say you're looking at your WP Mail SMTP email logs and tracking open and click rates on your transactional emails. You might see that your password reset emails have a 90% click rate and think "brilliant, people are getting those and using them." But if a security filter pre-clicked that reset link before the recipient even opened the email, your data is telling you a story that isn't true.
It gets weirder. Some security bots will click a password reset link, follow it through, and potentially even trigger the "this link has been used" expiry, meaning by the time the actual human clicks it, the link doesn't work anymore. They're left thinking your site is broken when really a robot got there first.
The same thing can happen with one-click unsubscribe links. A bot dutifully clicks every link in the email, accidentally unsubscribes someone who never asked to be unsubscribed, and you've just lost a subscriber to a machine that was trying to protect them.
There isn't a magic solution to this, unfortunately. It's one of those messy realities of how email works now. But a few things are worth knowing:
Email open rates have been unreliable for years. Apple's Mail Privacy Protection started pre-loading tracking pixels back in 2021, which made open rates essentially meaningless for a large chunk of recipients. Click rates were supposed to be the more reliable metric. Now they're getting muddied too.
Look at what happens AFTER the click. The most reliable way to tell if real people are engaging with your emails is to look at your website analytics. Did someone actually land on the page? Did they complete the action? If your email reports show lots of clicks but your site analytics show otherwise, you might be counting robots.
Transactional email speed matters here. The faster your email arrives after someone requests it, the more likely a human gets to the link before a security bot does. This is especially true for time-sensitive things like password resets. If there's a delay in sending, the security scanner has more time to get there first.
Why transactional email speed matters
As for our newsletter, I've made peace with the fact that our real click rate is lower than I thought. My pride has taken a small hit. But on the bright side, it means if you're reading this and you click on something, I can be reasonably confident you're a real person who made that choice on purpose.
Unless you ARE a robot. In which case, welcome. Please don't click the unsubscribe link.
Rachel
Product Educator, WP Mail SMTP
0 komentar: