Spamtraps – fix the problem, not the symptom

We strongly urge people to view spamtraps as proof of a data collection or hygiene issue and not be misled into conducting a hunt for spamtraps. Attempting to locate and remove traps only treats the symptom and not the underlying problem.

Spamtraps are never revealed by their owners. Partly because they are a component of the secret sauce of their filtering, and partly because if the trap is identified, what usually happens is that the sender simply suppresses the trap address – and they don’t undertake any of the necessary to work to improve their data. Here’s an outline of the various types of spamtraps in use:

Classic or Pristine Spamtraps

Classic spamtraps are email addresses never given to a live user or exposed on a website but have started receiving email anyway. In some cases, these are addresses at domains that accept mail to any local part (wildcard domains: e.g., *@example.com).

Seeded Traps

Seeded traps are email addresses that trap owners create and deliberately scatter – seeding around various places online that are not obvious (in webpage source code, for example).
These traps highlight that the sender is either scraping addresses from the web or is buying lists from someone else who is scraping addresses. These traps are good for identifying sources sending mail without permission and those not honoring unsubscribe requests.

Typo Domain Traps

These are traps at domains that are similar to common domains: yaaho.com or ynail.com, homail.com, etc. Mail to these traps suggests to the trap owner that the sender is trying to send mail to real people. These are not “pure” spam traps, can contain a lot of real mail, and are generally weighted accordingly. Employing COI at the data collection point is a perfect way to avoid your lists being polluted by these nuisance traps.

Dead Address Traps

“Dead” traps were once-valid email addresses that ISPs have turned off. All mail to these addresses is rejected with a hard bounce for a period of time, often 12 months or more. After consistently rejecting mail for a pre-determined period, the addresses are silently turned back on in the form of spamtraps. These are very useful for ISPs to easily spot senders with poor list hygiene. Hitting this type of trap is a significant red flag.

Dead Domain Traps

Trap owners purchase expired domains and collect mail that comes into them. In many cases, these domains are turned off for a period of time, either hard bouncing mail or not resolving in DNS, before they are silently turned back on as spamtraps.

Live Traps

These are email addresses belonging to a real user. Owners use them for real mail, but they use the unsolicited mail coming into those addresses to make blocking decisions. Hitting these can be extremely dangerous if the person who owns them has connections.

Domain registration addresses (a subset of live traps)

Registration (or role account) addresses are a special type of live trap. These addresses, published in whois records, are frequently harvested and mailed. These types of addresses should almost NEVER be on a marketing mailing list. Examples include [email protected], [email protected], [email protected], etc.

At the end of the day, if you follow our best practices paying attention to data collection, hygiene, and sending frequency, you won’t need to worry about the various types of spamtraps that exist…. Because you won’t be hitting any.

A final word

We’ll finish where we started at the very beginning of this guide…

Sending correctly authenticated, desired, well-targeted email to an engaged and active audience is the key to ongoing successful email delivery.