Do spamtraps exist?

One of the folks on the Email Geeks slack asked me a question last week that I thought was really insightful and has a somewhat nuanced answer.

Do spamtraps really exist? Like, in the sense of being a real mailbox? They actually exist just like any other mailbox, yes? Otherwise they can’t be monitored and reported on. This includes typo spamtraps, correct?

Do spamtraps exist?

A spam trap exists in the sense that it is a legitimate RFC5322 email address and has a valid MX record (or A record). It’s a real email address. Most spamtraps accept mail for delivery, although there are a few that reject after the full SMTP transaction. In those cases the mail doesn’t “deliver” but the data is still captured by the trap owner.

What most of us mean when we say “spamtraps don’t exist” is that there is not a human that actually uses that address for email. The domain owner has not assigned that address to any individual for use. This means that no one sending mail to that address has permission to send mail from the user of the email address. There’s simply no person to give that permission to the sender. In that sense, the address “doesn’t exist.”

Are they read like any other mailbox?

In terms of existing like “any other mailbox,” again we’re in nuanced territory. For normal email delivery, the MX accepts the mail and then hands it off to a local delivery agent. Here, we have postfix as our MTA server and dovecot as our IMAP server . All of our mail clients (phone, desktop, tablets) then connect IMAP so we can read, respond to, forward and save mail.

But that’s not the only way we accept mail here. We have a system for clients where ever client gets a subdomain and can send mail to it. That mail never goes anywhere near a IMAP server, it’s dropped into a database and displayed on a website. I can read mail, but I can’t reply to it or forward it or anything. We also have aboutmy.email, which also drops mail into a database and displays it on a website but there’s no way to “read” mail if you don’t have the specific link for the message or do anything more with it.

The way our internal tools and aboutmy.email handle mail are much closer to how large spamtrap feeds handle mail. They accept the message (or just read through data and reject the mail), extract the data they need into a database and query it later. For large feeds, they physically can’t read the mail, it just arrives too fast. Some trap feeds are dozens or hundreds of messages a second. It’s also so much data they don’t keep it for long. They record important things in their database (IPs, domains, dates, headers) and delete the message after a few hours to conserve storage space.

So the feeds themselves are mostly mechanically ‘read’. The data is put into a database and dealt with as ‘big data’ with tools and reports. They usually don’t have any way to connect a mail client with them and individual messages aren’t read in any way that normal people read mail.

Do spamtraps interact with mail like real recipients?

For a long time many folks, including myself, reassured clients and the general public that spamtrap addresses were unlikely to show opens or clicks in email. And, statistically, we were correct. The folks running traps didn’t open or read or click on the vast majority of mail coming into their traps. However, there was always a chance that a spamtrap would open or click on a mail. Statistically it was unlikely. but I was always aware that we could be missing spamtrap focusing on engagement. Over time I got a little more refined in my recommendations to address these concerns.

More recently, I don’t spend a lot of time on opens or clicks as a filtering criteria to identify real addresses. The details depend the particular client, but I focus more on metrics that are actually the result of a human getting a message and taking an action. Opens and clicks are not interactions that indicate a human is reading a message and we cannot treat them as reliable human signals.

Overall, the answer to the original question is that spamtraps are real email addresses but they’re not addresses used by real people to sign up for mail. If they weren’t used as part of spam filtering and spam blocking systems, we wouldn’t care about spam traps. But they are used as a data source and too many spamtraps on a list can be a sign that there are issues with the sender.

Tomorrow I’ll be posting some more detailed information about spamtraps and what you can do about them.