What about Tom?

I use as my default bogus email address. Tom has subscribed to so many things because of me.

This is why address verification doesn’t work. The address is a real address. It exists. It accepts mail. And at least one person admits to signing up Tom for mail that the person doesn’t want. I’m sure he’s not the only one.

<- 250 OK
<- 250 OK
-> RCPT TO:<>
<- 250
<- 221 Service closing transmission channel

Signups like this do contribute to deliverability problems in a number of ways.

  1. The address may be a spam trap. Sending mail to too many spamtraps can result in mail going to the bulk folder.
  2. It may belong to an actual person. Sending mail to someone who has not asked for it can result in spam complaints and bulk foldering.
  3. It may be a canary address. This is one that gets a lot of spam. If mail goes to this address then it’s likely spam and similar mail is bulk foldered at other recipients.
  4. This may be a test address. It might be used by someone inside Hotmail as a test address.

A few of these fake signups aren’t going to hurt deliverability for most senders. Over time, however, these fake signups are going to accumulate on a list. As they accumulate they can, and do, start to affect deliverability. It you’re hitting a lot of these types of addresses it tells the ISP that you don’t have good subscription practices. The ISP knows you are sending mail to people who don’t want it and never asked for it. Filters are designed to affect mail sent to people who don’t want it and never asked for it.

These kinds of addresses are one reason delivery folks talk about segmenting mail based on engagement. Getting rid of even a few of them off a list can improve deliverability for an otherwise opt-in list.

Address verification doesn’t weed out these address. The test I did above is exactly what most of the verification services do. They’re going to return that is a valid address and it’s going to end up in your list.

For those of you who are the type to put real addresses into signup forms, please don’t. It’s unfair to the people who own those addresses and it’s unfair to marketers. Use an address that you know doesn’t exist – like, .net or .org. These domains are reserved by ICANN and will never have users. Stop directing your unwanted email to an innocent 3rd party. They don’t deserve it, and neither do the senders you’re trying to avoid.


  1. Mohammed says

    Hello Laura,

    Thank you for this great blog, always insightful!

    These companies using the SMTP commands to “verify” addresses is just exploiting the system and all about the monies nothing more. They might have good intentions but in this fight against spam it does not help, only causes more problems to issues that cannot be fixed by running lists through such a process.

    Kind regards,

  2. James says

    I must admit to putting abuse@ the vendor’s domain occasionally (such as when the vendor doesn’t allow opt-out when the email is captured, which is a legal requirement in the UK). They do deserve it!


Your email address will not be published. Required fields are marked *

  • OTA joins the ISOC

    The Online Trust Alliance (OTA) announced today they were joining forces with the Internet Society (ISOC). Starting in May, they will operate as an initiative under the ISOC umbrella. “The Internet Society and OTA share the belief that trust is the key issue in defining the future value of the Internet,” said Internet Society President and CEO, Kathryn Brown. “Now is the right time for these two organizations to come together to help build user trust in the Internet. At a time when cyber-attacks and identity theft are on the rise, this partnership will help improve security and data privacy for users,” added Brown.No Comments

  • Friday blogging... or lack of it

    It seems the last few Friday's I've been lax on posting. Some of that is just by Friday I'm frantically trying to complete all my client deliverables before the weekend. The rest of it is by Friday I'm just tired. Today had the added complication of watching the Trumpcare debate and following how (and how soon) it would affect my company if it passed. That's been a bit distracting, along with the other stuff I posted about yesterday. I wish everyone a great weekend.1 Comment

  • Indictments in Yahoo data breach

    Today the US government unsealed an indictment against 2 Russian agents and 2 hackers for breaking into Yahoo's servers and stealing personal information. The information gathered during the hack was used to target government officials, security employees and private individuals. Email is so central to our online identity. Compromise an email account and you can get access to social media, and other accounts. Email is the key to the kingdom.No Comments