BLOG

Spamhaus Speaks

There’s been a lot of discussion about Spamhaus, spam traps, and blocking. Today, Spamhaus rep Denny Watson posted on the Spamhaus blog about some of the recent large retailer listings. He provides us with some very useful information about how Spamhaus works, and gives 3 case studies of recent listings specifically for transactional messages to traps.

The whole thing is well worth a read, and I strongly encourage you to check out the whole thing.

There are a couple things mentioned in the blog that I think deserve some special attention, though.

Not all spam traps actually accept mail. In fact, in all of the 3 case studies, mail was rejected during the SMTP transaction. This did not stop the senders from continuing to attempt to mail to that address, though. I’ve heard over and over again from senders that the “problem” is that spamtrap addresses actually accept mail. If they would just bounce the messages then there would be no problem. This is clearly untrue when we actually look at the data. All of the companies mentioned are large brick and mortar retailers in the Fortune 200. These are not small or dumb outfits. Still, they have massive problems in their mail programs that mean they continue to send to addresses that bounce and have always bounced.

Listings require multiple hits and ongoing evidence of problems. None of the retailers mentioned in the case studies had a single trap hit. No, they had ongoing and repeated trap hits even after mail was rejected. Another thing senders tell me is that it’s unfair that they’re listed because of “one mistake” or “one trap hit.” The reality is a little different, though. These retailers are listed because they have horrible data hygiene and continually mail to addresses that simply don’t exist. If these retailers were to do one-and-out or even three-and-out then they wouldn’t be listed on the SBL. Denny even says that in the blog post.

We do not list IPs because of one-off transactional emails sent to a few spamtraps. If the email stream is persistent over time, especially high volume, and drifts outside the relationship of individual transactions, we may find these messages a problem.

Spamtraps are not just typo domains. In the 3rd case study, Spamhaus mentions that the domain in question expired in 2010, and was picked up by Spamhaus. This is not that uncommon an occurrence. Domains expire out of registration all the time, and sometimes they’re registered by new owners. Even if those new owners start using the same email addresses that the old owners did, there is no permission. If a domain goes away for a year or more and then comes back, it is folly to believe this is the same as it was.

Spamhaus isn’t out to catch senders who make the occasional mistake. Spamhaus has a policy of keeping traps dormant for a period of time (at least 6 months, but more often a year) before accepting any mail there. Spamhaus isn’t listing for a single trap hit. They’re really only listing senders with continual and ongoing problems.

There is so much myth and legend about what Spamhaus does and doesn’t do. And while I, and others in the delivery space, are more than comfortable acting as Spamhaus mouthpieces (sometimes after clarifying points with them, sometimes just acting on our own), it’s nice to have information directly from them.

Based on discussions I’ve seen in lots of other places, this isn’t going to be the last post I write on Spamhaus this month (possibly even this week, if things keep going the way they are). But I think it’s important to highlight their own words and their own data whenever possible.

3 comments

  1. John L says

    Most of my spam traps return a 550 at the end of data. Don’t everyone’s? I have to agree that this has no perceptible effect on the people who are sending spam to them.

  2. Denny Watson says

    I apologize for this one aspect of the Spamhaus Projects’ news article; There was no mention of which case studies where subjected to listing and which were not. Some of them were not, as it was obvious that two of them were actually all, or nearly all, transactional messages… Though for case number two they did send some stuff that didn’t look like it was transactional.

  3. En vrac, l’emailing cette semaine : Équipe, Notifications, Matériel, Segmentation, Livre, Spamhaus, Multicanal,… | Badsender - Conseil Emailing & eCRM says

    [...] Spamhaus Speaks – Word to the Wise There’s been a lot of discussion about Spamhaus, spam traps, and blocking. Today, Spamhaus rep Denny Watson posted on the Spamhaus blog a… 00Share [...]

Comment:

Your email address will not be published. Required fields are marked *

  • AOL compromise

    Lots of reports today of a security problem at AOL where accounts are sending spam, or are being spoofed in spam runs or something. Details are hazy, but there seems to be quite a bit of noise surrounding this incident. AOL hasn't provided any information as of yet as to what is going on.4 Comments


  • ReturnPath on DMARC+Yahoo

    Over at ReturnPath Christine has an excellent non-technical summary of the DMARC+Yahoo situation, along with some solid recommendations for what actions you might take to avoid the operational problems it can cause.No Comments


  • AOL problems

    Lots of people are reporting ongoing (RTR:GE) messages from AOL today.  This indicates the AOL mail servers are having problems and can't accept mail. This has nothing to do with spam, filtering or malicious email. This is simply their servers aren't functioning as well as they should be and so AOL can't accept all the mail thrown at them. These types of blocks resolve themselves. 1 Comment


Archives