There is a lot of mythology surrounding spamtraps, what they are, what they mean, how they’re used and how they get on lists.

Spamtraps are very simply unused addresses that receive spam. They come from a number of places, but the most common spamtraps can be classified in a few ways.

  • Addresses that used to belong to someone and subsequently abandoned. This is where a lot of spamtraps at major ISPs come from.
  • Addresses that were never assigned to anyone, but they just started receiving spam one day. These are frequently used to drive filtering.
  • Addresses that were created and put on websites to track harvesters and web scrapers.  These addresses are frequently used to drive filters and track spammers.

Addresses that belonged to someone and were abandoned are usually “turned off” for a period of time between abandonment and re-purposing as a spam trap. They may return a 550 “user unknown” to any sender, or in some cases the entire domain will have no working mailserver. There are no hard and fast rules for how long the addresses are left unused, but most professionals leave them off for at least a year.

Addresses that were never assigned to anyone are not as common as they used to be. It used to be that some small or mid-size domain owners would turn on their SMTP server to accept all email to any address at that domain, existing or not. Mail to addresses that were not associated with a user would be stored. As the volumes of random mail increased, the spamtraps were used to drive filtering and blocking decisions. This is not as common now because the sheer volume of spam can create bandwidth and storage problems for domain owners.

Addresses that were seeded on websites, or on Usenet, are used for a number of purposes. These addresses often wind up on lists because someone has purchased addresses.

Spamtraps on a mailing list or in a database is a sign that there is some problem with the address acquisition process. As a result, the solution to spamtraps on a list is never just remove the available spamtraps. Instead, you need to figure out what broke and correct the underlying issues.


  1. Jon Stanesby says

    Great summary Laura! You are so right. Just removing spam traps (if you can identify them) is not a solution – it is merely sticking a metaphorical plaster on the wound. Tackling bad acquisition practices and latterly data hygiene of long standing inactive users (e.g. no opens/no clicks in 18months etc..) will help to organically minimise the number of spam traps hiding in your list.

  2. Spamtraps mean your list is bad – Word to the Wise says

    […] Spamtrap Mythology […]

  3. Brian says

    A client using SendGrid for post-action emails has hit 6 Hotmail spam traps in the past 72 days. The only emails being sent via SendGrid are to email addresses that signed up on their website within the last 90 seconds. Instances like this make me scratch my head.

    We have no way of determining which addresses those are, or who is entering them.


Your email address will not be published. Required fields are marked *

  • Lost in the mists of time

    Over on the Farsight Security blog Joe St. Sauver talks about some of the early days of online abuse, on usenet. Laura and I were on the periphery of early usenet abuse, mostly as users, but Usenet (and IRC) around then were the places we both started with email abuse.No Comments

  • Ongoing Yahoo delays

    I've been hearing from folks over the last few days that they're seeing an uptick in deferrals from Yahoo! The deferrals are not uniform. ESPs report they're seeing some, but not all, customers affected. Other ESPs aren't seeing any changes. It's not just you. But it would be very worthwhile to dig into engagement and other stats. It's possible this is a new normal at Yahoo! and they're tightening filters to catch mail that doesn't fit their standards but was previously difficult to filter.No Comments

  • AOL starts using Sender Score Certification

    Good news for Sender Score Certified IPs. Return Path recently announced that AOL has joined the list of ISPs offering preferential treatment to certified IPs.  1 Comment