TL;DR
To identify bot vs. real engagement: Go to Campaign β Lead list, click on a lead, check the Activity section for bot detection flags. lemlist automatically flags bot activity: opens/clicks under 5 seconds = bot, clicks within 9 seconds of open = bot. Focus on unflagged engagement for accurate data. Bot detection runs automatically - no setup needed.
Additionally, certain external factors such as email security filters (e.g., Proofpoint, Barracuda) may trigger bot-like engagement by performing automated scans on emails.
Symptoms
Unusually high open rates (over 50%)
Multiple clicks from same lead within seconds
Opens and clicks happening immediately after send
Engagement metrics don't match reply rates
Suspicious activity patterns in campaign reports
Environment
Applies to all lemlist campaigns with open and click tracking enabled. Bot detection runs automatically on all tracked engagement.
Understanding Bot Detection
How It Works
lemlist uses time-based thresholds to identify bot activity:
5-second rule: An email open is flagged as bot activity if it occurs within 5 seconds of sending the email.
Opens or clicks under 5 seconds = Bot
Humans can't interact that quickly
9-second rule: Clicks are flagged as bot activity only if the associated open is detected as bot and the click happens within 9 seconds of that bot-open event.
Clicks within 9 seconds of open = Bot
Based on real user behavior patterns
Flagged engagement:
Marked as bot-generated
Excluded from genuine engagement metrics
Check Bot Detection
1. Access lead activity
Go to Campaign β Lead list
Find the lead in the list
Click on the lead name to open details
2. View activity section
Scroll to the Activity section in the lead card
Review engagement events (opens, clicks)
Look for bot detection flags on events
β Verify: Bot-flagged events marked clearly, unflagged events show genuine engagement
3. Analyze engagement patterns
Real engagement indicators:
Opens after 5+ seconds
Clicks 9+ seconds after open
Multiple engagements spread over time
Opens followed by replies
Bot engagement indicators:
Instant opens (under 5 seconds)
Rapid clicks (under 9 seconds after open)
Multiple rapid events
No follow-up replies
β Verify: Can distinguish genuine interest from automated scanning
Use Bot-Free Data
Focus on legitimate engagement:
Prioritize leads with unflagged opens/clicks
Follow up with leads showing real interaction patterns
Use genuine engagement for A/B testing decisions
Base optimization on real user behavior
Ignore bot-flagged data:
Don't count toward open rates
Don't factor into engagement scoring
Don't trigger follow-up actions
Exclude from campaign performance metrics
β Verify: Decisions based on real engagement, not bot activity
Confirm It's Working
β Lead activity shows bot detection flags on suspicious events
β Can identify which opens/clicks are genuine vs. bot-generated
β Campaign metrics more closely match reply rates
β Follow-up decisions based on legitimate engagement
β A/B testing uses clean, bot-free data
Why It Happens
Email security systems and spam filters use bots to scan emails before delivery - checking links for malware and content for threats. These bots open emails and click links instantly (under 5-9 seconds), creating false engagement signals that inflate metrics and mislead campaign decisions.
Specific email security systems, such as Proofpoint and Barracuda, often account for these false positive metrics due to their automated scanning processes.
Prevent confusion: Use lemlist's automatic bot detection to identify and exclude automated activity. Focus on engagement happening after 5-9 second thresholds for accurate insights.
Best Practices
Review activity regularly - Check lead cards to understand real engagement vs. bot scanning
Use clean data for decisions - Base optimization on unflagged engagement only
Don't disable tracking - Keep tracking enabled to collect both real and bot data (detection separates them)
Combine with other signals - Use bot-free opens/clicks alongside replies and conversions for a complete picture
Test with realistic expectations - Understand some "opens" are security scans, not human interest