Skip to content

Identifying and Editing BOT-Clicks/False Positive Low Scores

← Surveys
BizRatings records source IPs that interact with survey URLs and flags suspicious, patterned behavior as BOTs. BOTs are typically non-human survey url clicks generated by anti-spam, safe URL checkers and/or junk mail filters.  It is possible for a Survey URL to be BOT scanned before the intended human end user submits a legitimate Customer Experience Metric (CEM) score. Depsite BizRatings constant updates stay ahead of and identify BOT submitted clicks, end user envinroments vary widely, especially regarding whitelist management. The complexity of the situation is compounded by the fact that end point security and safe URL checkers constantly update their behavior in attempts to block malicious sites.  As a result, no software is 100% bulletproof in identifying all bot-submitted clicks. 

BizRatings will suppress 1-click scores submitted by common anti-spam/content filtering software based on BizRatings behavior analytics. This automation drastically reduces false-positive responses in the case @bizratings.com is not whitelisted. If a BOT-click is detected, BizRatings will pivot to a ReCaptcha test to validate the interaction. While BizRatings anti-BOT measures are extensive, anti-spam, junk mail and safe url checker rules and parameters vary greatly and are updated often.  As a result, false-positive ratings can never been entirely avoided. If you confirm a score has been bot-submitted, BizRatings accomodates submitted scores to be edited so cumilative CSAT scores are not negatively impacted.  See the section "Deleting and Editing a verified bot-clicked score submission" at the bottom of this article.

The most effective way to reduce BOT activity on surveys is to whitelist @bizratings.com and messages@bizratings.com in your anti-spam/firewall filters on their device(s) and throughout their network. 

Note: If low score notifications are activated on your account, low scores resulting from BOT-clicks will trigger a low-score notification email. To quickly identify whether a low score has been BOT-submitted, see the section below.

What do BOT-clicked score submissions look like?

  • An uptick in repeated low CSAT Scores ranging from 1-5 that were submitted as 1-click (QuickScore) scores over a short period of time. QuickScores are collected from clicks on the rating scale included in survey emails. The full webpage based survey is not submitted in this case
  • IP address origin for the survey score submission is cloud-based vs. a non-residental ISP. Typical IP origins for bots originating from endpoint security/safe URL checkers are Amazon, AWS, Amazon Cloud, Barracuda, etc. 
  • A low score notification email was received, but the affected end-user on the ticket claims they did not submit the low score, and/or indicates they never received the survey email.

Identify BOT-clicked score submissions in BizRatings

  • Check the IP address origin for the survey score submission.  If the IP origin is cloud-based vs. a non-residental ISP, the score was likely submitted by a BOT. Typical IP origins for bots originating from endpoint security/safe URL checkers are Amazon, AWS, Amazon Cloud, Barracuda, etc.
  • The survey score submission information shows "False" for "Survey Completed"  This indicates the full survey landing page was not completed, and that this score is a one-click score (aka QuickScore) resulting from a submission from a survey email.  
  • A low score notification email was received, but the affected end-user on the ticket claims they did not submit the low score, and/or indicates they never received the survey email.

Survey Score Source IP and Agent Information - Identifying Bot-Clicks and False Positive Low Scores 

Any BizRatings user with Admin or Account Manager rights to CSAT can view the source IP address and registered agent/browser type of each survey respondent. To access a ticket or survey’s source IP and Agent Information, navigate to Connected Apps > Your Company Listing > CSAT Reports > Service Tickets IP addresses appear the Responded On Date and agent/browser will appear on hover of the info icon next to the IP address.  

Endpoint security, anti-spam, junk mail and safe URL checkers typically resolve with IP Origins that are cloud based such as "Amazon, AWS, Amazon Cloud, Barracuda, etc."

BOT-clicks are almost always generated by false positive clicks on survey email rating scales, these one-clicks are recorded by BizRatings as QuickScores. 

To identify a QuickScore, locate the Actions column corresponding to each CSAT Service score row, click on the "info" button > in the resulting Ticket information dialog box "Survey Completed" reflects as "False" for QuickScores


BizRatings BOT Checker Log  -  Find out which score submissions are flagged as BOTs 

BizRatings suppresses CEM scores resulting from non-human behavior from showing up in CSAT/NPS reporting.  BizRatings constantly learns and updates triggers for suppression to stay current to anti-virus/spam patterns at the time, however there are situations when BOT software originate from new IPs so for a short period of time, some BOT-clicks might make it through to standard BizRatings reporting. A telltale sign of BOT activity is repeated low score submissions over short amounts of time directly from email survey urls (aka QuickScores) as opposed to a score submission through the full survey landing page.

If a suspected BOT score is present in the BOT checker log and not present in NPS/CSAT reporting pages, that score result was suppressed from reporting due to our BOT detecting code as the submission behavior and/or the IP source reflects BOT characteristics.  

If you see a BOT submitted score on the BOT Checker Log, contact the assigned end user on the subject Ticket to have them whitelist @bizratings.com and messages@bizratings.com in their anti-spam/firewall filters in their enviroment and device(s).  This is the best way to ensure anti-spam/safe URL checkers allow BizRatings emails and survey landing pages bypass their standard scans, and most importantly allow for BizRatings emails to land in Focused Inboxes. 

Any BizRatings user with Admin or Account Manager rights can access the Bot Checker Log via Connected Apps > CSAT Reports > BOT Checker Log.  You can search through CSAT by ticket # and NPS surveys by reviewer name using the filter fields on the page. 

Why do Bot-Clicks happen, and when they do, why usually 1s and 2s?


Bot-clicks are false-positive score submissions triggered when anti-spam, junk mail filters and/or safe URL checkers scan a BizRatings survey email or survey landing page. The reason for the 1 and 2 low score submissions is that junk/spam/safe url checkers scan code left to right, so the 1 and 2 score hyperlinks are the first to be encountered, and therefore erroneously submitted. In BizRatings, Bot-clicks are not legitimized survey submissions. As such, bot-clicks do not conflict with the survey submissions of actual human respondents.

There are easily thousands of anti-spam, junk mail and safe-url checker tools to contend with. BizRatings constantly iterates code to maintain the integrity and relevance of the customer experience metrics you entrust BizRatings with colllecting. We have observed an increased number of endpoint security platforms spoofing legit browsers but have IP address origins resolve as a non-residential-business related ISPs. Onc such tool is Microsoft Defender, which is integrated with Windows OS, and Office365, etc, and has a substantial user base globally. As such, many BizRatings clients will likely experience bot-clicked low scores.

To reduce the frequency of bot-clicked survey responses, BizRatings will verify IP Address origin prior to acceptance of a survey submission. This feature gatekeeps survey submissions from being made by IPs belonging to cloud based hosting companies like Azure, Amazon Web Services, Google, etc. On occassion anti-spam/safe url checkers and junk mail filters will update behavior and techniques, resulting a surge of bot-clicked low score submissions. By checking IP origin and the BOT Checker Log above, BizRatings empowers clients to quickly identify BOT-suspected activity and edit/remove scores to preserve the integrity of your CSAT metrics. 

Note that to whatever extent you can influence your potential reviewers, @bizratings.com should always be added to safe senders/white lists.

Deleting/Editing a verified BOT-clicked score submission

To edit a BOT-Clicked score submission, any BizRatings user with Admin or Account Manager rights to CSAT can navigate to Connected Apps > Your Company Listing > CSAT Reports > Service Tickets > Located the subject CSAT score > scroll to the right and click the "Edit" icon as shown below.  You can also elect to Delete a score entirely. 

Edited CSAT scores will be included in cumilative CSAT calculations however their corresponding review record will not be available for online publication to your BizRatings Public Company Profile as found through the Review Dashboard.