How Leo detects security-scanner clicks and removes them from your audience to protect deliverability and analytics accuracy.
Corporate inbox security tools (Microsoft SafeLinks, Barracuda, Mimecast, Proofpoint URL Defense) automatically click every link in every email — generating fake clicks that pollute your engagement metrics and trick your sequence into treating bots as warm leads.
Leo (ACT-004) detects these patterns and marks the lead as unsubscribed with reason `bot_filter`, so your replies and click-through analytics reflect real human behaviour only.
How does Leo know it is a bot?
Any of: ≥3 unique links clicked in <2s, click event with no open event, scanner User-Agent string, or click sourced from a known datacenter IP.
What if a real human is wrongly flagged?
Open the lead and click "Resubscribe" — the inverse restores `status = cold` and clears the reason.
Does this affect campaigns retroactively?
No — the lead is removed from future sends only. Past send / open / click rows are kept for audit.