Have you received a notification for a negative review only to find out your customer submitted a positive one? Do your customers reach out to you reporting that they're seeing a message that says "We've already received feedback for this ticket." after clicking the survey?
This is an issue known to us and we can help you prevent it.
What is the issue?
In many cases, the issue you're facing of receiving feedback that wasn't submitted by the named contact is caused by email security services (for example Barracuda, or Microsoft's ATP) that automatically follow all links in sent or received emails to check for security risks.
When a scanning service follows a link it appears to SmileBack the same as if a user had clicked that URL, and this triggers a review.
If you suspect this is happening but aren't sure please read the following and contact us at firstname.lastname@example.org, we are happy to investigate.
How can it be solved?
Filtering out false reviews
We run reviews through reCAPTCHA when we suspect them of not coming from your customers, in order to filter out bots.
How do we determine that? We check visits to our survey URLs, and if they come from an IP network we know is a source of automated clicks, or if we receive a click but never tracked that the email was opened, then we send that visit through reCAPTCHA.
Other survey responses will be exempted completely from reCAPTCHA. By doing this we are able to filter out the majority of automated clicks while reducing the instances of a human having to complete a reCAPTCHA puzzle to near zero. We tested this solution with a number of companies for several months in order to ensure the maximum number of bot clicks are rejected and the minimum number of human users are forced to complete a reCAPTCHA: we can confidently say the cases where it catches a human or misses a bot are rare.
Updating your survey to support the filter
Very old versions of the SmileBack survey do not work with the filter, meaning that they are vulnerable to automated clicks. Please see this article on how to update your survey snippet.
Whitelisting SmileBack to prevent false reviews
In the past we have advised customers to whitelist SmileBack's URLs with their security scanners, this is now unnecessary thanks to the filter described above.
However if you wish to be extra cautious, you can add "feedback.smileback.io" the whitelist of trusted domains in your email service and exempt that domain from SafeLinks in Microsoft Outlook.
What should I do if I suspect a review isn't genuine?
Please reach out to us at email@example.com and provide us with the following information:
- A clear description of your issue
- The ticket number for the reviews in question
- The email security service of your client in question (Office 365's ATP Safelinks, Barracuda, Vade Secure, Mimecast, etc)
We will then investigate to identify the source of those reviews, and if we find that they have originated from a source not yet covered by our filter, we will update it.
Would the customer see any changes or have to do anything different?
No, this is a solution that will be running in the background and that has been designed not to disrupt your end users' experience. It's highly unlikely that your clients will see a reCAPTCHA puzzle.
Do I need to do anything to activate the filter?
It is activated for all SmileBack customers, however very old versions of our SmileBack snippet do not work with the filter. If you started using SmileBack before 2017, then please generate a new survey snippet and replace all the snippets you have set up in your ticketing system. Please see this article on how to update your survey snippet.