It's not all spam, is it?

Over on the Mainsleaze blog, Catherine Jefferson points out that the Obama campaign is sending mail both to an address she purposely signed up to receive their mailings, and also to a spamtrap address.

What does a reputation system do with that? What should it do with that? If it's a reputation system that deals with just individual spamtrap hits, then that IP address is now tagged as having a bad reputation, because it hit a spamtrap address. But it's also sending wanted mail at the same time. A blacklist operator or an ISP postmaster might go either way on this -- you're hitting my spamtraps -- so I'll block you. But maybe my users will complain, so maybe I can't block it.

It's a bad situation for a sender to be in. They're sending mixed reputational signals. If you're really about staying in the inbox, shouldn't you be staying away from mixing bad lists or bad data into that good, wanted mail stream? I think you should.


  1. So the variable here is volume. 1 message hitting a spam trap and 1 in a wanted inbox is bad. What about 1 spam trap hit in a 1000? Is that a bad mailer? What about 1 in 1,000,000? And 10,000,000?

    I suppose one has to set a threshold at which point does it become bad? Is it possible to be perfect? Yes, but who really is?

    playing devil's advocate here...

  2. I think that you're missing the point. Spamhaus and ReturnPath (the biggest players in the blacklisting and reputation service field, respectively) have the volume of spamtraps required to get some idea of what percentage of a list is hitting spamtraps. But even they can't tell what additional percentage of the list isn't to spamtraps, but *is* to email addresses that did not request that email.

    That's the first bit of bad news. The second bit is this: unless Spamhaus and ReturnPath share data with large webmail providers on engagement statistics -- how many of those emails were opened, how many links clicked, how many people actually read it --, they also can't tell what percentage of that email was sent to email addresses that asked for it and wanted it.

    What that means is that they have no way to obtain much of the information that you believe is critical to a proper decision on whether to block the email or not. They have no way to know what percentage of a dirty email list consists of legitimate, asked for bulk email. So, in absence of that information, what should they do?

  3. True. Most reputation systems see only the negative; complaints and spamtrap hits.

  4. It's also like this - it's a rotten apple in a box of apples. I don't care if the rest of the apples are great, I'm going to be grossed out when I see this yucky one in the box, maybe I won't even want ANY of the apples. That feels to me kind of like how a lot of reputation systems work -- and I don't blame them for that!

  5. mephistofales - I think the type of spam trap here that Al is referring to is not an address converted to a spam trap as a result of an old list, but one of the honey pot variety that has only ever been a trap address. ISPs will likely be more lenient in Al's scenario based on a lower ratio of traps to volume if those traps are convereted traps, where as sending to a honey pot is a huge red flag that a purchased or scraped list is being used.


Comments policy: Al is always right. Kidding, mostly. Be polite, please and thank you.