I’ve not observed these in the wild – nor should I have, so far, as there are still three weeks and change left on the calendar before CASL goes into effect. But I’d bet you a box of meat we’ll soon see a new type of spam trap meant to tease out data from the spam stream on which senders are not bothering to comply.
Spam traps is one of those topics that seems to drive some folk inexplicably crazy. I am none of them. Spam trap data is extremely useful to senders to help them gauge how effective their list and permission-building strategies are performing, as well as list hygiene practices.
Although it’s not precisely analogous, I like to think of trap data as another kind of feed back loop, of the sort ISPs offer to senders with good reputation. Different types of trap hits will tell you different types of things about the sender – things that not even a feed back loop can tell you.
So, what would a CASLtrap look like? For starters, I think we’d see one or more existing trap operators register a number of Canadian domains, ending in the country code TLD of .ca, with mail hosting and WHOIS POC data clearly broadcasting that they are, in fact, a Canadian entity. A sender would have to be completely oblivious (or malicious) to miss it.
I’d condition the network for traps by rejecting all mail for six months or so, but after that, I’d spin up websites at those domains with conspicuously published, deliverable email addresses at each domain, accompanied by a clear notice next to each address that unsolicited email is not welcome (per CASL requirements to revoke implied consent). I’d start accepting mail at about the same time.
Mail received at those published addresses will tell the trap operator that the sender is completely uninterested in complying with CASL. But then we could add another layer of data to that. The trap operator could accept mail for any syntactically correct email address at those domains, whether they were conspicuously published or not.
Mail to an unpublished address at that domain will tell the trap operator that the sender is probing name space to guess addresses that might be actual users. That kind of activity would indicate someone who is probably more malicious than simply clueless. After a time, the data would get a little noisy as lists of those addresses get swapped around on the Undernets, but you start to get the picture.
I’m not sure that hitting a spam trap of this sort would generate much in the way of legal repercussions – non-existent users probably don’t have standing in a Canadian court of law – but then again, I’m not a lawyer. Also, spam trap operators have been, historically, far more often defendants than they’ve been plaintiffs. They’re generally more interested in generating data than generating case law (excepting, of course, MAPS back in the day).
Anyone laying odds on whether and when we might start to see this kind of trap activity? I note that, as of this writing, casltrap.ca is available for registration.