Share on LinkedIn49Tweet about this on TwitterShare on Facebook0Google+4

On the Origin of Spamtraps

Some of the most common email compliance questions I get around being blacklisted seem to center on how they were listed in the first place and what email address specifically got their company’s IP address listed, which inevitably leads to a conversation around spamtraps… which can get confusing, fast. So, I figured it was about time to write up a three part series on what a spamtrap is, how you can wind up with one (or a few) on your list, and a few myths around them. Today, let’s chat about the different types of spamtraps.

To start with some history, the definition of a spamtrap has evolved with the email industry. Initially, spamtraps were simply secret email addresses that had never been used, so it was just a “trap” address that only spammers could find and send mail to. If you sent mail to those spamtraps, you would wind up blacklisted.

However, as email filtering evolved, so did spamtraps. Now they’re defined as (still secret) addresses that receive spam. That’s a pretty interesting change, as the new definition of spamtrap was a response to different methods for creating and managing spamtrap addresses, which gave us different ways of collecting information on how email senders acquire email addresses.

There are now two different “classes” of spamtraps: pristine and repurposed. Pristine spamtraps are ones that have never signed up for marketing email, which tells the spamtrap owner that the sender is either randomly creating addresses or is scraping lists online. Repurposed spamtraps are ones that belonged to someone once, but were abandoned and reclaimed by either the ISP or a spamtrap creator, which tells the spamtrap owner that there are likely bad marketing practices at play. Below, I’ve included the typical name for the kind of spamtrap and whether it is considered pristine or repurposed. Laura Atkins over at Word To The Wise has a phenomenal writeup on this (with some other spamtraps I haven’t covered) that I’d definitely recommend checking out for further reading!

Dead address- Repurposed

These are email addresses that formerly belonged to someone, but have been abandoned. Generally, dead addresses are used by ISPs who then reclaim this email address. They will then often send back a bounce notification for 12-18 months, so marketers have the chance to remove this prospect from their lists. After that bounce timeframe, the addresses are live again and are considered spamtraps. Anyone who is following appropriate best practices for bounce management and handling should not have issues with these spamtraps. Dead spamtraps are best for determining if there are issues with purchased lists or poor list management practices.

Classic – Pristine

Classic spamtraps most closely follow the spamtrap type that was first created. It’s an address that isn’t found anywhere on the Internet, but if the sender is randomly creating addresses, they may hit this classic trap. Alternately, a classic trap might be actual users submitting junk data to forms, without actually owning the domain they’re typing in. That could lead to an accidental spam trap hit by an otherwise legitimate marketing sender.

Seed traps- Pristine

Seed traps are ones that are similar to classic traps in that they’re email addresses that never opt in, but seed traps are placed on websites for scraping tools to find. Seed traps are particularly useful for determining whether someone is scraping email addresses or is buying lists from someone who scrapes the internet for email addresses.

Under “Seed traps”, I would also include live email traps. These are, in my experience, used by known members of the email sending community that can be trusted to know precisely what they’d opted in to receiving on that address. For example, my personal email never opts into any marketing email, for any reason. If I ever get marketing email to that address, I can write to that abuse desk letting them know what the situation with that email address is. From my perspective, my live email address is a great indicator of someone using a purchased list or scraping from my college’s email database.

Typo- Pristine

Typo traps are similar to classic traps, but are close enough to a regular address or domain that a typo might get that spamtrap on your list. For example, I could type in [email protected], and someone happens to own slaesforce.com… which they’ve turned into a spamtrap domain. Typically, typo addresses can be problematic, as they may often be a source of legitimate email, and someone just happened to mess up their typing. How many of us have accidentally typed in @gamil.com instead of @gmail.com before? Mail to a typo trap at least tells us there was probably a person behind that email address signup, so typo traps aren’t really the most accurate way for spamtrap owners to determine if someone is truly sending spam or is sending legitimate email. Typo traps aren’t the best traps for someone to be using as their sole source of data when analyzing an email stream, but they are quite useful when used in conjunction with other spamtrap types.

That’s it for today’s post! Tune in next time for part 2: How does a spamtrap get onto your list?