Proximity rules
Proximity rules look at the timing of events for each individual send to identify activity that is too fast to be human. Events are grouped by send (per recipient), sorted by timestamp, and then checked pairwise against two thresholds, both set to 1 second.| Rule | Description |
|---|---|
proximity_within_1s | If two open or click events for the same send happen within 1 second of each other, both events are flagged. A human cannot realistically open and click (or perform two actions) that quickly. |
open_or_click_within_1s_of_delivery | If an open or click event lands within 1 second after a Delivered event for the same send, the open or click is flagged. Real recipients almost never act that fast after delivery, so this pattern typically indicates the mail provider pre-fetching or scanning the email. |
Both events involved in a
proximity_within_1s match are flagged as bot activity, not just one of them.IP inspection
Alongside proximity rules, Conversion inspects the IP address associated with each open and click and checks it against a predefined list of known bot IPs. This list is maintained continuously and is built from:- Industry best practices. Publicly recognised bot IP ranges, including those from major providers such as Google.
- Conversion’s own detection. Additional IP addresses identified by Conversion’s internal bot detection algorithms.