What about Tom?

I use tom@hotmail.com as my default bogus email address. Tom has subscribed to so many things because of me.

This is why address verification doesn’t work. The address tom@hotmail.com is a real address. It exists. It accepts mail. And at least one person admits to signing up Tom for mail that the person doesn’t want. I’m sure he’s not the only one.

<- 250 OK
-> MAIL FROM:<test@gmail.com>
<- 250 test@gmail.com....Sender OK
-> RCPT TO:<tom@hotmail.com>
<- 250 tom@hotmail.com
-> QUIT
<- 221 SNT004-MC1F46.hotmail.com Service closing transmission channel

Signups like this do contribute to deliverability problems in a number of ways.

  1. The address tom@hotmail.com may be a spam trap. Sending mail to too many spamtraps can result in mail going to the bulk folder.
  2. It may belong to an actual person. Sending mail to someone who has not asked for it can result in spam complaints and bulk foldering.
  3. It may be a canary address. This is one that gets a lot of spam. If mail goes to this address then it’s likely spam and similar mail is bulk foldered at other recipients.
  4. This may be a test address. It might be used by someone inside Hotmail as a test address.

A few of these fake signups aren’t going to hurt deliverability for most senders. Over time, however, these fake signups are going to accumulate on a list. As they accumulate they can, and do, start to affect deliverability. It you’re hitting a lot of these types of addresses it tells the ISP that you don’t have good subscription practices. The ISP knows you are sending mail to people who don’t want it and never asked for it. Filters are designed to affect mail sent to people who don’t want it and never asked for it.
These kinds of addresses are one reason delivery folks talk about segmenting mail based on engagement. Getting rid of even a few of them off a list can improve deliverability for an otherwise opt-in list.
Address verification doesn’t weed out these address. The test I did above is exactly what most of the verification services do. They’re going to return that tom@hotmail.com is a valid address and it’s going to end up in your list.
For those of you who are the type to put real addresses into signup forms, please don’t. It’s unfair to the people who own those addresses and it’s unfair to marketers. Use an address that you know doesn’t exist – like anything@example.com, .net or .org. These domains are reserved by ICANN and will never have users. Stop directing your unwanted email to an innocent 3rd party. They don’t deserve it, and neither do the senders you’re trying to avoid.

Related Posts

Spamhaus Speaks

There’s been a lot of discussion about Spamhaus, spam traps, and blocking. Today, Spamhaus rep Denny Watson posted on the Spamhaus blog about some of the recent large retailer listings. He provides us with some very useful information about how Spamhaus works, and gives 3 case studies of recent listings specifically for transactional messages to traps.
The whole thing is well worth a read, and I strongly encourage you to check out the whole thing.
There are a couple things mentioned in the blog that I think deserve some special attention, though.
Not all spam traps actually accept mail. In fact, in all of the 3 case studies, mail was rejected during the SMTP transaction. This did not stop the senders from continuing to attempt to mail to that address, though. I’ve heard over and over again from senders that the “problem” is that spamtrap addresses actually accept mail. If they would just bounce the messages then there would be no problem. This is clearly untrue when we actually look at the data. All of the companies mentioned are large brick and mortar retailers in the Fortune 200. These are not small or dumb outfits. Still, they have massive problems in their mail programs that mean they continue to send to addresses that bounce and have always bounced.
Listings require multiple hits and ongoing evidence of problems. None of the retailers mentioned in the case studies had a single trap hit. No, they had ongoing and repeated trap hits even after mail was rejected. Another thing senders tell me is that it’s unfair that they’re listed because of “one mistake” or “one trap hit.” The reality is a little different, though. These retailers are listed because they have horrible data hygiene and continually mail to addresses that simply don’t exist. If these retailers were to do one-and-out or even three-and-out then they wouldn’t be listed on the SBL. Denny even says that in the blog post.

Read More

April: The month in email

April was a big month of changes in the email world, and here at Word to the Wise as we launched our new site, blog and logo.
DMARC
The big story this month has been DMARC, which started with a policy change Yahoo made on April 4 updating their DMARC policy from “report” to “reject”. We began our coverage with a brief DMARC primer to explain the basics around these policy statements and why senders are moving in this direction. We shared some example bounces due to Yahoo’s p=reject, and talked about how to fix discussion lists to work with the new Yahoo policy. We gathered some pointers to other articles worth reading on the Yahoo DMARC situation, and suggested some options for dealing with DMARC for mail intermediaries. Yahoo issued a statement about this on April 11th, explaining that it had been highly effective in reducing spoofed email. We also noted a great writeup on the situation from Christine at ReturnPath. On April 22nd, AOL also announced a DMARC p=reject record.  We talked a bit about who might be next (Gmail?) and discussed how Comcast chose to implement DMARC policies, using p=reject not for user email, but only for the domains they use to communicate directly with customers. We expect to see more discussion and policy changes over the next few weeks, so stay tuned.
Spamtraps
We wrote three posts in our continuing discussion about spamtraps. The first was in response to a webinar from the DMA and EEC, where we talked about how different kinds of traps are used in different ways, and, again, how spamtraps are just a symptom of a larger problem. Following that, we wrote more about some ongoing debate on traps as we continued to point out that each trap represents a lost opportunity for marketers to connect with customers, which is really where we hope email program managers will focus. And finally, we tried to put some myths about typo traps to rest. As I mentioned in that last post, I feel like I’m repeating myself over and over again, but I want to make sure that people get good information about how these tools are used and misused.
Security
We started the month by saying “Security has to become a bigger priority for companies” and indeed, the internet continued to see security breaches in April, including the very serious Heartbleed vulnerability in SSL. In the email world, AOL experienced a compromise, which contributed to some of the DMARC policy changes we discussed above. In a followup post, we talked about how these breaches appear to be escalating. Again, we expect to hear more about this in the next weeks and months.
Best Practices
Ending on a positive note, we had a few posts about best practices and some email basics. We started with a pointer to Al Iverson’s post on masking whois info and why not to do it. Steve wrote up a comprehensive post with everything you ever wanted to know about the From header and RFC5322. I talked about how companies ignore opt-outs, and why they shouldn’t. I shared a really good example of a third-party email message, and also talked about message volume. And finally, we talked about how and why we warm up IP addresses.
Let us know if there’s anything you’d like to hear more about in May!

Read More

Typo traps

People make all sorts of claims about typo traps. One claim that showed up recently was that Spamhaus has just started using typo traps. I asked my Facebook network when people started using typos to detect incoming spam.
Two different colleagues mentioned using typos, both on the left hand side and the right hand side, back in ’98 and ’99.
The point is, typo traps are absolutely nothing new. They are, in fact, as old as spam filtering itself. And as one of trap maintainers remind me, not all of them even look like typos. It’s not as simple as hotmial.com or gmial.com.
I really think that focusing on traps is paying attention to the wrong thing.
The traps are not the issue. The underlying issue is that people are signing up addresses that don’t belong to them. Sometimes those are addresses that are spamtraps. Sometimes those are simply addresses that belong to someone else. Those addresses don’t belong to customers, they belong to random people who may never have heard of the sender. Sending mail to those people is sending spam.
Just trying to remove traps from your address lists isn’t going to solve the underlying problem. Instead, focus on improving your data process to keep from sending mail to random strangers.

Read More