Types of spam traps

There are several types of spam traps, and they all work differently.

Pure spam traps

Also known as pristine spam traps, these are email addresses that ISPs and other organizations create that have never been associated with a real person. These email addresses only exist to function as a spam trap. The email addresses are embedded into websites so that, when spammers scrape the sites to add to their mailing list of spam targets, they unknowingly pick up the trap as well. The administrator of the spam trap then watches to see which addresses email the trap. Those that email the trap are deemed to be spam and are blocked, or are more closely monitored, as they harvested that contact — the trap’s address — in a suspicious manner, as opposed to asking for the address as a legitimate sender would do. A pure spam trap can damage the sender’s reputation if an antispam organization finds it in the sender’s contact email list.

Recycled spam traps

These are often email addresses and domains that were at one time legitimate but have since been repurposed as spam trap addresses. Some common examples of repurposed addresses are role addresses, which might look like the following:

Email addresses of employees who no longer work for a company can also be used as recycled spam traps. The address still exists, but it’s no longer used for its intended purpose. So, it gets recycled as a spam trap. The recycled spam trap is generally not as harmful to senders as the pure trap but still can cause damage over time. Unlike addresses designed specifically for trapping spam, recycled addresses have an element of legitimacy. They’re more likely to attract legitimate traffic — for example, those who previously corresponded with the owner of the address before it was recycled.

Email with typos

Like recycled traps, these spam traps aim to look legitimate. However, instead of recycling a legitimate address, they contain subtle typos, even though they’re a different address. The following are some examples:

• @gmil instead of @gmail.
• @yaho or @yah0o instead of @yahoo.
• @hotmal instead of @hotmail.

Like recycled spam traps, these don’t damage a sender’s reputation as severely as pure traps, but signal antispam authorities over time.

How to identify a spam trap

A spam trap has features that a normal user typically notices and, as a result, causes the user to cease correspondence. These include the following:

• The address has typos in the domain.
• The address is acquired through suspicious, illegitimate or uninvolved means, such as scraping or bulk list purchasing.
• The address appears outdated or no longer valid.
• A hard bounce immediately results from sending an email to the spam trap, implicating the address so that it can be marked as a trap.

To check if a spam trap is included in an email list, the sender of that list should check their email delivery rates. If delivery rates are dropping drastically, the sender’s list could contain a spam trap. This is because spam traps don’t respond to or conventionally read emails sent to them. Emails are sent to them but aren’t registered as delivered. Also, the fact that the address doesn’t respond damages a sender’s reputation.

There are tools senders can use to analyze their contact list for spam traps. If a sender believes they have a spam trap in their list, they can check to see if the email addresses are on an email blocklist. Some common IP or domain blocklists to check are the following:

• Barracuda Reputation Block List.
• Invaluement antispam.
• NiX Spam.
• SpamCop.
• Spamhaus Domain Blocklist.
• Spamhaus Policy Blocklist.
• UCEProtect.

Blocklist tool vendors maintain and add to their blocklists. For example, SpamCop adds IP addresses reported by its user lists. Senders who suspect they’re on SpamCop’s list can check that list, but it can be difficult to get an address removed from one of these lists. Most legitimate companies remove an email address upon request, but some organizations require additional verification before they remove an email address.

How to avoid spam traps

The best way to avoid acquiring spam traps in a contact list is to practice good email management. A poorly maintained email list could indicate a potential spammer and, therefore, attract a spam trap. A spam trap in the contact list then worsens the sender’s reputation by decreasing their email delivery rate.

The following are examples of sender behaviors that indicate poor email management:

• Doesn’t seem aware of the addresses that it consistently emails.
• Consistently emails addresses that a legitimate sender wouldn’t email.
• Consistently acquires email addresses through suspicious means, such as scraping.
• Goes long periods without sending email to an address.
• Sends email to an address that hasn’t opened sender email for several months.

To avoid acquiring a spam trap, which causes a user to exhibit these bad behaviors, senders should follow email best practices. Some examples of email best practices are the following:

• Don’t purchase contact lists. Purchased email lists are likely to include spam trap addresses. They’re also generally considered a poor way to accrue contacts, as even the legitimate users on those lists might have no interest in receiving what the sender plans to provide.
• Use email validation on contact lists. Email validation can be incorporated in email signup forms that automatically check the legitimacy of the entered email addresses.
• Include a double opt-in for subscribers. Recipients should have to confirm their email address before they begin receiving sender content. A double opt-in ensures that recipients want the sender’s emails and verifies that the sender’s list contains only legitimate addresses.
• Send confirmation emails. When a user or customer subscribes to the sender’s mailing list, the sender should send a confirmation email for authentication to ensure that they’re real; if the sender doesn’t receive a reply after a reasonable period, they should consider removing the address from their list. It could well be a spam trap email address.
• Keep contact lists up to date. Lists should be reviewed regularly to ensure all subscribers are engaging with the sender. Outdated email lists appear to authorities as though the sender is sending spam. Reengagement campaigns can help senders engage with addresses they haven’t emailed recently. If those don’t work, it’s best to remove addresses that are not engaging. Regular list cleaning is essential to list hygiene.
• Practice permission-based email marketing. Spam is generally defined as emails or traffic the recipient likely didn’t consent to and almost definitely doesn’t want. Gaining recipient permission before sending bulk marketing emails ensures that the recipient participates in and consents to the communication.
• Monitor email engagement metrics. Regularly monitor open rates, click-through rates, bounce rates and other key metrics. Drops in these numbers could indicate spam traps or deliverability issues.

Organizations can ensure they protect their customer data from bad actors by implementing several privacy best practices.