What about the spamtraps?

I’ve been slammed the last few days and blogging is that thing that is falling by the wayside most. I don’t expect this to change much in the very short term. But, I do have over 1200 blog posts, some of which are still relevant. So I’ll be pulling some older posts out and sharing them here while I’m slammed and don’t have a lot of time left over to generate new content.
Today’s repost is a 2015 post about spamtraps.
Spamtraps are …
… addresses that did not or could not sign up to receive mail from a sender.
… often mistakenly entered into signup forms (typos or people who don’t know their email addresses).
… often found on older lists.
… sometimes scraped off websites and sold by list brokers.
… sometimes caused by terrible bounce management.
… only a symptom …

… of a bigger problem with address collection.

Removing spamtraps …
… just means you’ve removed the spamtraps you know about.
… may mean you have a spamtrap free list …

… until you start adding new addresses to it.

… does not fix mail going to addresses belonging to other people.
… does not guarantee good delivery.
… ignores the underlying issues.
Why do people take spamtraps so seriously?
A lot of this is historical and some of it is to avoid arguments. Just about any sender, when told they’re sending mail to someone who didn’t ask for it will respond “But we only send opt-in mail! That person is wrong! They signed up!!” I’ve had this happen to me more times than I can count.
I’ve even had clients come to me in the past where I’ve been able to dig into my own mailbox to affiliate spam. This is always a fun conversation.
spammailboxMe: Here are a dozen examples of the mail your affiliates sent to me in the last month.
Client: All our affiliates send opt-in mail. They’ve assured us of this.
Me: This is an email address only ever published on a website / not used since 2001 to sign up for anything / untagged so it’s not something I would have given them.
Client: Our vendors say you’re wrong. Would you like to hop on a call with them so they can tell you when you opted in?
The calls have happened and vendors have argued with me about whether or not I opted in to receive stuff from them. It tends to end up them claiming I opted in to mail and me telling them I did not. Sometimes they tell me I just forgot – except all my actual opt ins are tagged addresses and have been since roughly 1999, so if you’re not mailing a tagged address, I never gave it to you. Sometimes they tell me I opted in to some company they purchased back in the late 90s and therefore they had permission to send to me.
The discussions are never productive. They are so fixated on their business story, that they will duck and weave and tell me I’m wrong about the spam they are sending me.
This is why people focus on spamtraps!
With spamtraps there isn’t the discussion of whether or not someone signed up. There’s no account owner, no one who has this address and could have signed up. Even in the case of recycled traps, the addresses generally bounced for a while telling senders there was no account owner there. Focusing on spamtraps on a list deflects the back and forth argument about whether or not the sender has permission to send mail they’re sending.
But spamtraps aren’t the problem!
In fact, I was just talking to one of the Spamhaus volunteers who told me “I hate the modern day focus on traps.” I agree. We focus on traps because it deflects and diffuses a lot of the arguments about whether or not someone opted in. But that means we don’t address a lot of real issues, either. If there are spamtraps on a list, then that list has problems. Focusing on removing the traps doesn’t resolve the problems, it just focuses on the traps. That tends to lead to a cleanup strategy that doesn’t do what the sender thinks it does.
Spamtraps are the symptom!
If there are spamtraps on a list, then there are also addresses that go to a person who never opt-in on that same list. Focusing on fixing the problems that led to the spamtraps getting on the list then cleaning off addresses that aren’t performing leads to better overall delivery and fewer problems. Focusing on getting rid of spamtraps may, but may not, fix a SBL listing. Maybe. But it’s my experience that fixing a SBL listing may only resolve a small fraction of delivery problems. Getting off the SBL by trying to address spamtraps, will not fix bulk foldering or temp fails are major webmail providers.
Focusing on improving overall list hygiene and really making sure that mail is wanted and expected by the recipients generally will resolve both the SBL listing and fix the other delivery problems that are happening because of poor data and poor list hygiene.
I’ve written about spamtraps before. 

 

Related Posts

August 2016: The Month in Email

August was a busy month for both Word to the Wise and the larger world of email infrastructure.
IMG_0026
A significant subscription attack targeted .gov addresses, ESPs and over a hundred other industry targets. I wrote about it as it began, and Spamhaus chief executive Steve Linford weighed in in our comments thread. As it continued, we worked with M3AAWG and other industry leaders to share data and coordinate efforts to help senders recover from the attack.
In the aftermath, we wrote several posts about abuse, blocklists, how the industry handles these attacks currently, and how we might address these issues going forward. And obviously this has been on my mind before this attack — I posted about ongoing problems with internet security, how open subscription forms contribute to the problem, and other ways that companies inadvertently support phishing operations.
I posted about the history of email, and recounted some of my earliest experiences, when I had a .bitnet and a .gov address. Did you use email before SMTP? Before email clients? I’d be curious to hear your stories.
Speaking of email clients, I did two posts about how mail gets displayed to the end user: Gmail is displaying authentication results, which should provide end users with a bit more transparency about how authentication is used to deliver or block messages, and Microsoft is partnering with Litmus to improve some of the display issues people face using Outlook. These are both notable — if this is not your first time reading this blog, you know about my constant refrain that delivery is a function of sending people mail they want to engage with. If the mail is properly formatted and displayed, and people have a high degree of confidence that it’s been sent from someone they want to get mail from, that goes a long way towards improving engagement in the channel.
On that note, I spoke at length with Derek Harding about how marketers might change their thinking on deliverability, and he wrote that up for ClickZ. I also participated in the creation of Adobe’s excellent Teaching the Email Marketer How to Fish document (no, not phish…).
Steve was very busy behind the scenes this month thinking about abuse-related topics in light of the SBL issues, but he wrote up a quick post about the Traffic Light Protocol, which is used to denote sensitive information as it is shared.
Finally, for my Ask Laura column this month, I answered questions about delivery and engagement metrics and about permissions with purchased lists. As always, if you have a general question about email delivery, send it along and I’ll consider it for the column.

Read More

Audit trails are important.

One of the comments on my Spamtraps post claims that audit trails should be maintained by recipients, not senders.

Read More

It's about the spam

Tell someone they have hit a spamtrap and they go through a typical reaction cycle.
Denial: I didn’t hit a trap! I only send opt-in mail. There must be some mistake. I’m a legitimate company, not a spammer!
Anger: What do you mean that I can’t send mail until I’ve fixed the problem? There is no problem! You can’t stop me from mailing. I’m following the law. My mail is important. I’ll sue.
Bargaining: What if I just send mail to some recipients? What if I hire an email hygiene company to remove traps from my list?
Acceptance: What can I do to make sure the people I’m mailing actually want to be on my list?
Overall, my problem with the focus on spamtraps (and complaints to a lesser extent) is that these metrics are proxies. Spamtraps are a way to objectively monitor incoming email. Mail sent to spamtraps is, demonstrably, sent without permission of the address owner. This doesn’t mean all mail from the same source is spam, but there is proof at least some of the mail is spam.
If there is enough bad mail on that list, then reworking the subscription process may be necessary to fix delivery.

Read More