Many blocklists use spamtraps to detect poor sending practices and will cite spamtrap hits as the reason for the blocks. Senders legitimately fear spamtraps showing up on their lists because of this. If spamtraps weren’t used by blocklists no one would really care about them. They’re just another kind of bad address.
Yesterday I answered a question about whether or not spamtraps existed. My answer was that they do exist in the sense that they’re real email addresses but that they don’t exist in that they’re not used by individual people.
Overall, they’re real email addresses that are not read like normal mail. They’re simply used as an indicator of whether or not a sender is really sending permission based mail. The interesting thing about spamtraps is the type of trap can tell the trap owner a lot about what poor mailing practices. They can also tell the sender about where the problems in their data collection process lie.
Different Kinds of Spamtraps
In 2011, I wrote a post called “A Brief Guide to Spamtraps” where I talked about a bunch of categories of spamtraps. In the time since I wrote that, a few other terms and types of spamtraps have entered into the public lexicon. I’m talking, of course, of Pristine, Recycled and Typo traps.
Pristine Traps
Pristine traps are addresses that have never existed. Usually they’re at domains that have never existed for email either. We have a couple domains here that we don’t use for mail, but if we were to start accepting mail to those domains, they’d be pristine traps.
These traps generally only get on lists because addresses are being created by someone. They simply are not addresses anyone would use. One example is the “cold-outreach” sender who sends to laura-atkins@. That’s a pristine trap, the spam was the first message that address ever received. Now, did the spammer make it up? I actually think so because it gets no other spam, but these addresses can also be purchased.
Pristine traps tell the trap owner that the sender is making up addresses or buying them from a list seller that is making up the addresses. Overall, pristine traps are a sign that the sender is not building their list through opt-in processes.
Recycled Traps
Recycled traps are domains or email addresses that received legitimate mail at one point, but were decommissioned, allowed to bounce for a minimum of 12 months and then reopened.
Mails to these traps most likely indicates that the sender is either not properly bounce handling or they found an old list and started mailing to it. Recycled traps can also show up in purchased lists. Overall, though, we treat recycled traps as a sign of poor list hygiene.
Typo Traps
Typos happen whenever someone inputs what they intend to be their own email address but mess it up somehow and typo the address. Most of the time when we’re talking about typo traps, we’re talking about typos on the domain side of the email address. Over the years security and anti-spam organizations have bought some of these domains and turned them into spamtraps.
The term typo trap is a descriptor many of us use to indicate that we think, for the most part, a particular sender is only collecting email addresses through opt in forms. The problem is, the sender is trying to be opt-in, but they’re not taking care to verify the data is correct.
Spamtraps Are a Signal
Over the past 20 some odd years I’ve dealt with a lot of folks who come to me wanting help fixing their spamtrap problem. Just to be clear, spamtraps are NOT the problem; they’re a signal. Spamtraps tell us that there are problems with something about our data. No one really cares if email addresses that don’t belong to people get mail. But what they do care about is the fact that if your list processes allow spamtraps on the list, it’s likely you’re also sending mail to actual people who don’t want it.
Now that we know what spamtraps tell us, let’s talk about how to deal with them, particularly when they’re resulting in problems with your email sending.
Dealing with Spamtraps
In my line of work, so many clients come to me and part of their opening brief is “we want to remove spamtraps from our list.” I reframe that as “removing non-opt-in addresses off the list” and make sure that we’re clear I don’t have a list of spamtrap domains to simply remove. What I’m doing here is actually working out why there are non-opt-in addresses on a list and fixing that so that they’re no longer on the list, whether they’re spamtraps or not.
Here’s an abbreviated summary of my process.
- Identify what type of bad addresses are on the list.
- I use a variety of means to do this. We have some internal tools, some ESPs and clients have access to public spamtrap data, and often Spamhaus will give me information about the type of trap involved.
- Pristine traps suggest a purchased list
- Recycled traps suggest a reactivation of old addresses
- Typo traps suggest a problem with data entry on a website
- Implement changes to address that problem
- Purchased addresses –
- Does anyone know when they were purchased? If not, are there indications in data patterns that indicate when the purchase was added to the list?
- If we can identify when the purchase happened, the simplest thing to do is just remove the purchased addresses. For some clients, they’re unwilling to give up data, so we see how we can address those concerns. For instance, we can treat a purchase as an implicit opt-in and keep those addresses. Or we can send a confirmation emails to some or all of the purchased emails. In any case, the goal here is to remove addresses of people who never asked for and who don’t want mail from the client.
- The next step is to look at who at the company decided to buy a list and work out how to stop this from happening in the future.
- Reactivate old addresses
- Why were the addresses reactivated? Who authorized this? Who did the work internally to do this? Can we deactivate those addresses and remove them from future sends? Did someone actively decide this was a good idea or was there an oops with the database?
- Once we’ve identified the how and why, I work with the client to find ways to stop this from happening in the future. This should never happen accidentally, so what technical changes will stop that from occurring again? If it was an internal decision, what was the thought process? Does there need to be additional training or some approval process to ensure this doesn’t happen for the wrong reasons. And, yes, there are good reasons to reactivate addresses (not many, but a few) and so that should be documented and it should be a responsibility belonging to someone at the client.
- Data entry on the website.
- Identify if the addresses are accidentally being subscribed, through some sort of Non-Human Interaction (NHI) or if people are giving bad data during the signup process.
- There’s no one way to mitigate NHI or bots on the website. Al Iverson wrote a good blog post on this recently and I suggest checking out his post Signup Best Practices: Banning Bots and NHI recently and it covers the steps in more detail than I can on this post which is already too long.
- If the issue is people deliberately giving fake or false addresses, then we start to ask why? What makes users distrust the sender so much? The next set of questions is what can we do to mitigate the bad data. The good news these days is most users are used to “check your email for a code” or other 2FA style
- Purchased addresses –
What doesn’t work to remove spamtraps is to use a data hygiene service. They might remove some of the commercial sensor networks but none of the data hygiene services have reliably identified spamtraps that cause your mail to be blocked.
Avoiding Spamtraps
It’s always better to keep spamtraps off your list in the first place. That means:
- Don’t buy lists. This includes avoiding buying B2B addresses.
- Don’t send to old addresses you find in the back of a desk drawer or in an old restore of your database.
- Take some step to verify addresses that are entered into forms on your website. You don’t have to go full COI to verify data entered into forms, but you do need to implement something that means you know there is a connection between the person who owns the address and the person who gave you the address.
More Info on Spamtraps
I’ve written in the past about different kinds of traps for almost as long as the blog has been around. I’m listing a few of the posts here. One of the interesting things is seeing how we write about spamtraps has both changed and not changed over the years. I think that reflects both how our understanding has changed and how spamtraps are used for filtering.
- 2010: Spamtraps
- 2011: A brief guide to spamtraps
- 2011: Spamtraps: should you care?
- 2012: Spamtraps are not the problem
- 2012: Spamtraps mean your list is bad
- 2012: Equivocating about spamtraps
- 2015: Only spamtraps matter, or do they?
- 2019: Recycled addresses, spamtraps and sensors
- 2019: Spamtraps on the brain
- 2019: Spamtraps are overblown… by senders
- 2019: Purging to prevent spamtraps
- 2019: Myths about spamtraps
Overall, spamtraps are a tool used by filtering companies and anti-spam organizations to tell them who has bad email practices and what those bad practices are. Those who end up on lists, or who have access to commercial sensor network data, can also use the trap information to understand what the underlying problems with their data are. These insights indicate what needs to be fixed.
Using spamtrap information to improve data collection and hygiene means a healthier email program and better overall delivery.
RSS - Posts