Site   Web

March 21, 2013

E-mail Deliverability Spam Traps and Honey Pots: Definition, Prevention and Elimination

A spam trap is a special e-mail address designed to receive spam and “trap” mailers that spam or otherwise use questionable mailing practices. Sending to a spam trap address can quickly damage your deliverability reputation and cause you to be blocked or, worse, be blacklisted with Spamhaus or other blacklists. Fortunately, this can be avoided if you understand how they work, and adhere to best mailing practices.

This article discusses different kinds of spam traps, how to prevent sending to spam traps, and what to do if you discover spam traps on your list. Understanding the different kinds of traps will help you understand how to avoid them.

Reactivated Address Spam Traps

This is an e-mail address that previously was a valid working address which became an invalid address, but was then reactivated and turned into a spam trap by the ISP.

For example, if one of your subscribers stops logging in to check their e-mail, eventually the ISP (for example, Yahoo or Hotmail) will disable the e-mail address. When the address is disabled, any e-mail sent to this address will hard-bounce. ISPs re-enable a small percentage of these disabled e-mail addresses and turn them into spam traps.

Reputable spam trap operators ensure that the e-mail address was dead and returning hard bounces for a reasonable amount of time before turning the address into a spam trap (nine months to a year or more, it will vary and nobody knows for sure). Mailers following the best practices below will have already noticed these hard bounces and removed this e-mail address from their list.

Reactivated Domain Spam Traps

This is the close cousin to reactivated address spam traps.

These are created when a domain name with many e-mail addresses lapses (perhaps it belonged to a company that went out of business) and is then purchased by a company that wants spam traps. All addresses at this domain suddenly become spam traps.

Reputable spam trap operators ensure that the domain name was dead and returning hard bounces for a reasonable amount of time before turning the addresses into spam traps.

Classic Spam Traps (also called Honey Pots)

These are addresses that are designed from the beginning to be spam traps and whose sole purpose is to identify mailers that do not build their own e-mail lists organically. Classic spam traps are created and placed on websites or forums or other publicly available locations to be “harvested” or “scraped.” They have never been used to sign up for e-mail, or used as a contact or ever been associated with an e-mail account.

If sent to, the receiving ISP or mail system immediately knows the address was part of a purchased or shared list that was harvested or scraped from a website — in other words, definitely obtained somehow other than organically via an opt-in sign up.

Sending to one of these addresses is far worse than the reactivated address or domain spam traps listed above. In fact it is entirely possible — and even likely — that sending to just one of these addresses could get you blacklisted or blocked.

Typo Domain Spam Traps & Typo Address Spam Traps

All of the typos of common e-mail domain names have been purchased by spam trap companies. For example, “” could be a spam trap domain (but is not).

Typo address spam traps are addresses with a typo in the non-domain portion of the e-mail address.

These kinds of spam traps get on lists when a person legitimately attempts to subscribe but accidentally typos their e-mail address. Sending to a typo domain or address spam trap does not prove that your mail is spam, but it does show spam trap companies that you don’t use a confirmed opt-in process and allows them to see your e-mail. If your e-mail looks spammy this can be enough to get you blocked.

Investigative Traps

Sometimes when an employee of a spam trap operator or blacklist is investigating a potential spammer they will create a special one-time investigative e-mail address and use it only to sign up at this potential spammer’s site. If this company shares the e-mail address with other companies and they mail to it, this address effectively becomes a spam trap — any mail received at this address from these other companies is spam, and evidence of e-mail address sharing or purchasing.

How to Avoid Sending to Spam Traps

Basic e-mail sending best practices will help you avoid sending to spam traps. First, the basics of only sending permission-based e-mail:

•Never purchase lists. Purchased lists are often full of reactivated address spam traps because the list maintainer is never sending to the addresses and doing bounce processing. They may also contain classic spam traps and investigative traps depending on how the list was created.

•Never scrape the web or forums for e-mail addresses. (Additionally, this is a CAN-SPAM violation in the United States.) This will pick up many classic spam traps.

•Never “trade” e-mail addresses with another company. This is basically a purchased list.

However, senders who only send to people who specifically signed up can sometimes still have trouble with spam traps.

Here is some advice for avoiding recycled address and domain spam traps:

•Ensure your software or ESP is using proper bounce-processing practices and hard-bounces are removed from your list. If you don’t have proper bounce-processing you will eventually hit reactivated addresses or domain spam traps.

•Make sure you e-mail every address in your database at least every six months. For example, send a Christmas card e-mail to subscribers who you have not mailed otherwise. If you don’t e-mail an address for an extended period of time, you run the risk that it will turn into a reactivated address or domains trap without your ever knowing. Consider it risky to send to an e-mail address that you haven’t mailed in more than 18 months. It’s better if you never send mail to an address more than a year old.

•Review your internal processes to make sure there is no way that e-mail addresses can “sit” in some database for a long period of time and then be mailed to, or be sent to by one system even though a different system received a hard-bounce. This is more important for larger organizations or enterprises that may have multiple e-mail sending systems.

•Never send to or reactivate bounced subscribers. A major ESP reports that this is the most common reason their customers get on blacklists. Your list of bounced subscriber is likely full of recycled address and domain spam traps. Just don’t do it.

•Avoid address book importing. This is where your user gives you API access to his or her address book and you then send an invite e-mail to everyone in the address book. Think of all of the old data that exists in your own address book. This is a great way to hit recycled address and domain spam traps.

Additionally be careful of the following:

•Be very careful of “incentivizing” subscription. For example, if you are a retailer and you offer a coupon at checkout for subscribing to your e-mail newsletter, you will get plenty of e-mail addresses that people will just make up to get the free coupon. Some of these addresses that people make up will be spam traps. Monitor the invalid user rates of your different e-mail collection programs. If one program generates a high percentage of invalid e-mail addresses, this is evidence of a problem in the address collection, and you may also be collecting spam traps.

•Remove non-responding addresses. It is a general best practice that e-mail addresses that don’t click or open for a long period of time should be removed. Spam traps should not click on links in mail or trigger an e-mail open, so following this advice will also remove spam traps.

•Ensure your e-mail does not look like non-relational unsolicited e-mail. Even if people requested mail from you, don’t send just a “flyer” without your logo or an e-mail that is all one image. If your e-mail messages look like spam and you send to a typo address or domain spam trap, you are much more likely to get blacklisted.

Spam Traps Are Not the Problem, But a Symptom

If you have a spam trap on your list, it’s critical to realize that it is just a symptom of the real problem.

The real problem is, something about your list practices allowed you to send to the spam trap. Removing the spam trap would just be treating the symptom. Evaluating your list practices will get to the root of the problem and ensure you don’t get any more spam traps on your list.

What To Do If You Have a Spam Trap on Your List

This advice assumes you’re sending permission-based e-mail that was requested by your subscribers. If not, immediately stop sending to any purchased lists, traded e-mail addresses, or scraped e-mail addresses. You’ve been caught.

For those sending permission-based e-mail: First of all, relax. It’s a horrible feeling to have your e-mail blocked, and especially more horrible to be told that you have a “Spam Trap” on your list if you are trying to follow best practices.

Recycled address and domain spam traps can get on a list due to an un-intentional failure to follow one of the best practices above. These best practices have evolved over time with the introduction of recycled address spam traps, so not everyone is aware of them.

Make sure you correspond respectfully with the spam trap operator:

•Be calm, clear, and respectful in your communication. If you need to vent, vent to someone else.

•Do not ask for the spam trap address so you can “remove” it. The spam trap operator will not (and often cannot) give you the spam trap address. Remember that sending to the spam trap is not the problem, but the symptom.

•Work with the spam trap operator to understand what went wrong and fix the root problem.

If you received an e-mail from a spam trap operator, reply and let him/her know that you are permission-based. Briefly let the operator know where/how you collect addresses, and let them know you’re checking out your practices to see if anything went wrong on your end. Ask if they have any info they can help with.

Then, evaluate your e-mail program against the above best practices. This will often reveal the problem.

If you find a problem, fix it, and then let the spam trap operator know what you changed. If you can’t find anything wrong, share the details of what you’ve checked and see if they can offer you any guidance.

If nothing in the above appears to be the problem, there are more advanced techniques for identifying the problem that are beyond the scope of this article.

One catch-all technique is to prune addresses that have not clicked or opened recently from your list, since spam traps should not open or click mail. This is a good best practice anyway and can improve e-mail delivery across the board.

John Bollinger is the director of deliverability services and ISP relations at DRH Internet Inc., makers of the GreenArrow Suite of e-mail delivery software. John has been working with clients on e-mail deliverability issues and best practices for more than eight years and brings a wealth of knowledge from his tenure working both on the sender and e-mail service provider sides. He is active in many deliverability related forums and with the Mobile, Malware, Messaging Anti-Abuse Working Group (M3AAWG).