Avoiding Spamtrap Disasters

Nothing can derail an e-mail marketing program so quickly and completely as sending mail to spamtraps. Businesses that are new to e-mail marketing are often unschooled in the hazards of spamtraps, so today we’ll take a crack at explaining what they are and how they work, and what senders can do to avoid spamtrap disasters.

Spamtraps are e-mail addresses that, by design, look and behave in most ways like ordinary, deliverable addresses. Once they’ve been added to a list of recipients, there’s really no way for senders to tell them apart.

The difference between spamtrap addresses and ordinary recipient addresses is that spamtrap addresses are never used to opt in to mail, or to send any mail at all. Owners of spamtraps use them to collect mail from, and generate data on senders who are harvesting, e-pending, or guessing addresses (or who are purchasing lists comprised of same) and who are sending to them without any kind of permission.

Spamtrap data is used to inform a number of widely deployed block list and reputation scoring systems, including Spamhaus, SpamCop, URIBL, ReturnPath, and internal reputation scoring at large ISPs. Senders who make persistent attempts to deliver mail to spamtraps will shortly find a smoking crater where their sender reputation used to be, and deliverability of all of their mail – permissioned or otherwise – takes a nosedive.

There are a couple of different ways in which spamtraps are created. Spamtrap network operators will register brand new domains that have never existed before, and place their mail server behind it. Addresses at the new domain are “seeded,” or published on web sites across the Internet to be harvested. Any mail to these addresses – or indeed, any syntactically correct e-mail address at the domain – is therefore assumed to be unsolicited.

ISPs and other trap network operators will take abandoned e-mail accounts or re-register abandoned domains, and configure them to reject all mail with a hard bounce for six months or more. Once this period of conditioning is over, the account or domain is then reconfigured to accept mail. This type of trap is used to identify senders with poor list hygiene practices who have failed to remove addresses that have not been deliverable for eons (in Internet time).

In some instances, ISPs can even create new spamtraps “on the fly.” They’ll note persistent attempts to send to addresses that have never existed, and cause those addresses to suddenly exist so they can get a look at the mail. Once they have a statistically useful collection of mail sent to the new trap, they can punish the senders’ reputation and deliverability accordingly.

The good news is that, with careful acquisition and hygiene practices, spamtraps are easy to avoid.

First, make sure you have permission to send to the addresses you collect. Those you collect through a confirmed opt-in loop process will have the lowest chance of being (or later becoming) a spamtrap. There are many different flavors of permission, and it’s not always appropriate or necessary to close the confirmation loop. When customers complete a transaction on your web site, make sure you ask them whether they’d like to receive your marketing mail. This can be done with a simple form on your checkout or purchase confirmation page. You’ve already collected payment information and an address to which you can send transactional mail to confirm a purchase, so the likelihood the address is actually a spamtrap is pretty slim.

Second, if you’re thinking about sending to a rented list, ask tough questions of the vendor about the provenance of the addresses. All list rental firms describe their lists as opt-in, but many really aren’t. Recipients on these list may not understand that they’ve opted in to mail from third parties. Ask the firm exactly what processes were used to collect permission, and ask if they will let you do a test send to a small subset of the list. If you see a lot of hard bounces and spam complaints, there’s a good chance that there are some spamtraps on the list, too.

Third, beef up your list hygiene. Suppress addresses that have a history of hard bounces in case they are later converted into traps. Many ESPs will automatically suppress addresses that hard bounce two or three times within a given period. But if you send only infrequently, you may not be sending often enough to your lists to trigger that rule. It’s a good idea to review your lists periodically and manually suppress the hard bounces.

Last, consider suppressing recipients who historically have shown no interest in your mail, or that always seem to bounce as full. Addresses that have never opened, or that have a history of remaining over quota are good candidates for abandoned addresses (or that will shortly be abandoned), and therefore for conversion to traps. You’ll also see improvement to your overall engagement metrics, deliverability rate, and ultimately ROI.

Spamtraps are like land mines; they’re carefully disguised, and stepping on them yields disastrous results. Senders can sweep the field ahead of them by implementing some simple best practices, like gathering meaningful permission and performing regular list maintenance.

2 thoughts on “Avoiding Spamtrap Disasters

  1. Also start slow. If you are emailing to a new list, or one that’s not been used for a while, send your emails in small batches with pauses between, so that you have the chance to notice problems.

    To borrow the minefield analogy, you would cross a minefield in single-file, with gaps between people, not all in a bunch.


    • This is good advice, and mitigates a number of possible issues, but doesn’t really help in terms of spamtrap avoidance. Collecting permission from recipients is key, but too often senders ignore good list hygiene. It’s imperative that senders prune unengaged recipients from their lists regularly.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s