What are spamtraps? (Updated for 2020)

Spamtraps are special types of email addresses. There are varying definitions, but the two most common types are email addresses that were never valid that get spam (usually typos), and recycled email addresses that still get spam long after being abandoned by the user.

Anti-spam blocking list groups like Spamhaus, internet/email security vendors like Trend Micro, ISPs like Comcast and Microsoft, and others all use spamtrap addresses to identify bad senders.

How bad of a sender you are -- or if you're a bad sender at all -- is measured by how many of these bad addresses you send to. Since the addresses aren't valid people, or they're long abandoned, they shouldn't be signing up for email lists.

A sender adhering to best practices would send to few or no spamtrap addresses. Because mail to spamtrap addresses is generally never opened, usually never clicked on, and definitely never buys your product or service.

In theory you'd think that an anti-spam group would be fair and look at spamtrap hits as a percentage of mail sent. But that's rarely the case. Most of them can't tell how much mail you send overall. They only see the mail to the spamtrap addresses. So they often stack rank senders based on total number of email messages to spamtrap addresses over a given period.

Different groups have different spamtrap "feeds." Almost any group monitoring spamtraps has a different set of addresses they monitor. Thus, it's possible to show up on one group's spamtrap radar, but not another. It's important to keep in mind that showing up on any spamtrap radar in significant enough numbers is indicative of a list hygiene issue. You're not necessarily free and clear just because only one group sees it but another does not.

It's also important to note that cleaning up those list hygiene issues takes more than just identifying and suppressing spamtrap addresses. Spamtrap addresses are considered "canaries in the coal mine" -- it shows your list is bad and needs attention -- and hiding that by eliminating just the spamtraps does not change the fact that your overall list or data may be suspect.

How do you fix spamtrap issues? Spamtrap addresses don't usually click on email links. Thus, double opt-in is a good way to ensure you minimize mail to spamtrap addresses. Nobody's home in that mailbox, so it doesn't respond to the opt-in request. That's a big part of why double opt-in exists. It helps ensure that you've got the right person, and it keeps you from accidentally sending to the wrong or bad address ongoing. It keeps you out of trouble by verifying permission, making sure the owner of the address sent to really does want to receive that email.

Email validation services are also very popular, and use various methods to attempt to verify whether or not a given address is a real person or not. (Diving deep into their methodologies is something I just don't have the space for here. Be sure to do your own due diligence when deciding whether or not to work with any particular email validation vendor.)

Also, "engagement based suppression" or "subscriber lifecycle management" are two different ways to say the same thing -- it means finding a way to stop mailing addresses who never open or click. Since spamtrap addresses never open or click, if you stop sending mail to people who never respond, you typically improve your deliverability reputation by no longer sending to non-responding addresses.

Where do you get access to spamtrap data? A lot of entities maintain their own proprietary spamtrap "networks." Validity has one called Threatwave, for example. Validity's SenderScore.org will show you spamtrap count information as well. Microsoft's Smart Network Data Service provides information about counts of mail to spamtrap addresses received there.

And now, I also have my own spamtrap data to share on XNND.com. When you lookup an IP address on XNND, you'll get a "spamtrap score" (and perhaps an example sending domain or two) for that IP address. The scoring is very new and subject to change over time.

No comments:

Post a Comment

Comments policy: Al is always right. Kidding, mostly. Be polite, and you're welcome to join in, even if it's a differing viewpoint.