Spamtraps

There is a lot of mythology surrounding spamtraps, what they are, what they mean, how they’re used and how they get on lists.
Spamtraps are very simply unused addresses that receive spam. They come from a number of places, but the most common spamtraps can be classified in a few ways.

  • Addresses that used to belong to someone and subsequently abandoned. This is where a lot of spamtraps at major ISPs come from.
  • Addresses that were never assigned to anyone, but they just started receiving spam one day. These are frequently used to drive filtering.
  • Addresses that were created and put on websites to track harvesters and web scrapers.  These addresses are frequently used to drive filters and track spammers.

Addresses that belonged to someone and were abandoned are usually “turned off” for a period of time between abandonment and re-purposing as a spam trap. They may return a 550 “user unknown” to any sender, or in some cases the entire domain will have no working mailserver. There are no hard and fast rules for how long the addresses are left unused, but most professionals leave them off for at least a year.
Addresses that were never assigned to anyone are not as common as they used to be. It used to be that some small or mid-size domain owners would turn on their SMTP server to accept all email to any address at that domain, existing or not. Mail to addresses that were not associated with a user would be stored. As the volumes of random mail increased, the spamtraps were used to drive filtering and blocking decisions. This is not as common now because the sheer volume of spam can create bandwidth and storage problems for domain owners.
Addresses that were seeded on websites, or on Usenet, are used for a number of purposes. These addresses often wind up on lists because someone has purchased addresses.
Spamtraps on a mailing list or in a database is a sign that there is some problem with the address acquisition process. As a result, the solution to spamtraps on a list is never just remove the available spamtraps. Instead, you need to figure out what broke and correct the underlying issues.

Related Posts

Controlling delivery

How much control over delivery do senders have? I have repeatedly said that senders control their delivery. This is mostly true. Senders control their side of the delivery chain, but there is a point where the recipient takes over and controls things.
As a recipient I can

Read More

Legitimate email marketers need to take a stand

I was reading an article on Virus Rants and the opening paragraph really stood out.

Read More

We only mail people who sign up!

I get a lot of calls from clients who can’t understand why they have spamtraps on their lists. Most of them tell me that they never purchase or rent lists, and they only mail to people who sign up on their website. I believe them, but not all of the data that people input into webforms is correct.
While I don’t have any actual numbers for how many people lie in forms, there was a slashdot poll today that asked readers “How truthful are you when creating web accounts?”. The answer seems to be “not very” at least for the self-selected respondents.

Read More