There’s a battle being waged just beyond your inbox.
You can’t hear it, and you can rarely see it. It is a battle to the death against spam. It’s ISPs vs spammers, with some anti-spam “entities” like Spamhaus thrown in as covert forces.
You, me, and anyone who uses email to run their business sometimes gets drawn into the crossfire of these forces. And – let’s face it – a few of us might even inadvertently do spammer-like things. Sometimes, we get caught. Spam traps are one of the most common ways to get caught, and are also one of the finest tools ever created for catching spammers.
Before we get too much further, let’s give you a more specific definition of a spam trap.
A spam trap is an inactive email address set up by an ISP or an anti-spam entity for the sole purpose of receiving unrequested emails, aka spam emails.
There are several types of spam traps. Here’s how to identify them, and which list management sins can trigger them.
1) The recycled spam trap.
This is an email address that was once used in a normal way, by a real person who was getting legitimate emails. Then one day that person left – they either stopped logging into their email account or they closed the account. After an extended period of inactivity, like 18 months, their ISP (for example: Yahoo, Gmail) decided to reactivate their email address, but now as a spam trap. So if anyone mails to that email address, they’ll trigger the trap.
The recycled spam traps teach an important lesson: Clean your list regularly. “Regularly” would be at least once a year, and possibly every six months, though some email experts think cleaning lists every six months is too frequent. We’ll leave that for the experts to debate, but it’s clear that an annual purge of inactive names is a safe and recommended practice. Not only will you have gotten rid of people who have “emotionally unsubscribed”, but you’ll also keep yourself out of range of recycled spam traps.
Word to the Wise blogger and email deliverability expert Laura Atkins (https://wordtothewise.com/author/laura/) views all spam traps, and all the issues they create as merely symptoms of a mismanaged list. Her diagnosis rings true in many ways, and can easily be applied to recycled spam traps. Basically, if you’re triggering recycled spam traps, you need to clean your list, or, in the lingo of email marketers, practice better “list hygiene”.
2) The honey pot.
This is not the sort of honey pot Winnie the Pooh loves. In fact, if he were an email marketer, this honey pot would give Winnie a very sour mouthful. In this context, honey pots are email addresses that ISPs, or (more typically) anti-spam entities like SpamHaus have created expressly to trap spammers.
Honey pots are especially sticky because ISPs and anti-spam organizations don’t just create them and then wait for someone to accidentally mail to them. The ISPs and anti-spammers will actually promote honey pots, in a way almost guaranteed to trap spammers. They do this by publishing honey pot addresses on websites, and may even embed the honey pot addresses in the code of the pages (like in “alt” tags and the like). When embedded on sites, these honey pot addresses are also sometimes called “seeded addresses”.
One particular kind of honeypot spam trap is setup by Backscatterer.org, which runs an entire business out of detecting the “backscatter” spam sent to their spam traps. Your email service provider should have measures in place to prevent you from generating backscatter spam. If you’re an SMTP2GO customer, we’ve got you covered: See our setup guide for ways to correctly configure Microsoft Exchange Server and other recommended techniques to block backscatter spam from ever being sent.
Unfortunately, many email service providers do not have such measures in place, and as a result, backscatter spam is extremely common. This is mostly because the default installation of Microsoft Exchange Server (and some other MTA’s) actually allow backscatter spam to be sent.
How honeypots get on to “legitimate” email lists
After a honey pot email address is set up, it then lies in wait on a website for scraper software to “harvest” it. The scraper software scoops up the honey pot addresses, thinking they’re like any of the other hundreds of thousands of addresses they steal. The person operating the scraper software – the spammer – then inadvertently adds these stolen addresses to their spam list.
Unfortunately, the spammer may also sell these harvested email addresses (including the honey pots) to a legitimate email marketer. The spammer may have to lie and say these are double opt-in email addresses, but that’s no big stretch for a spammer. Another way a spammer’s harvested names can get on a “legitimate” email list is if a marketer uses co-registration with a shady partner, or if they do an email append with an email service that gets its names from less than trustworthy sources.
3) Malformed email addresses, aka typo domain traps.
These kinds of spam traps often catch legitimate email marketers. Malformed email addresses are any email address that’s got a misspelling in it, like firstname.lastname@example.org or email@example.com. It is quite common for these kinds of malformed addresses to get added to email lists when someone is writing out their email address on a printed form – like at a brick and mortar store – or if the email capture is not vetted by double opt-in.
To give you an idea of how many emails go out to these malformed domains, consider that one of the largest email service providers said in a blog post that they mailed “approximately one million emails to typo-squatting domains” just in November of 2011 alone. That was several years ago, and while I’d like to report that there are fewer emails going to these kinds of addresses, there aren’t.
Occasionally, someone filling out an online opt-in form will also make a typo and send an email to a spam trap. These are the least severe of all traps, as they are most often simply caused by user error. If the sender of the email is using double opt-in, this will mean they at least send only one email to the trap. But even if you’re using double opt-in, if you’ve got a high-traffic site with thousands of people typing in their email addresses, it’s bound to happen every so often.
Another variation on this problem is when people deliberately type in false email addresses – like firstname.lastname@example.org for example, or email@example.com. Occasionally, someone will type in an email that just happens to be a spam trap. Once again, if the marketer is using double opt-in, this will minimize the damage.
How to Tell If You’ve Got a Spam Trap on Your List
Most email marketers find out they’ve got a spam trap only after they see their deliverability rates tumble. But you can use tools like the Windows Smart Network Data Services, Return Path’s Sender Score tool or ProjectHoneyPot.org to see if any of these bad apples are on your list.
What happens if you do get on a spam trap?
The consequences of triggering a spam trap varies depending on which spam trap you’ve triggered and how often you’ve triggered it. In other words, mailing to a malformed email address once is bad. Mailing to a honey pot that was embedded on a website once is very bad. Mailing more than once to that honey pot is very, very bad.
One major email deliverability service reports seeing a mailer’s SenderScore drop as much as 20 points after mailing to just one spam trap one time. SenderScore is a rating of zero to 100 – anything below 90 is considered a problem, so that one email created quite a deliverability disaster. In another example of an extreme penalty of mailing to a spam trap, a sender’s inbox placement dropped below 81% (that’s how many emails they send that actually reach peoples’ inboxes).
While those kinds of consequences are severe, they’re not uncommon. Mailers who trigger spam traps often end up on one or more blacklists, and can have many other problems. In short, you don’t want to mess with spam traps. Even one or two triggered spam traps can crippled your profitability.
The Best Way to Get Out of a Spam Trap
So what happens if you find a spam trap in your list? The single best way to identify a spam trap is to look for no engagement with your email messages. Start by going back six months, and remove everyone who has never opened an email. If that seems too extreme, you could go back and remove everyone who has never clicked one of your emails in the last six months.
The next, less effective way is to remove malformed domain names. The third method would be to remove emails with job functions (known as role accounts), like firstname.lastname@example.org or email@example.com. That third method should be used only as a last-ditch effort – you will probably delete quite a few legitimate email subscribers if you purge those kinds of addresses.
How to Never Get on a Spam Trap in the First Place
Given how severe the consequences are of triggering a spam trap, what can you do to never get on one? Fortunately there are several easy, proven ways to never have to tangle with spam traps.
1) Never buy an email list.
It’s SMTP2GO’s policy to not let our users use purchased lists. We do this to protect the deliverability rates of our network for all of our customers, but also because we just don’t want you to get burned the way so many other people have with purchased lists. Note that we also do not tolerate “harvested” email lists.
2) Use double opt-in.
Double opt-in is when you send a confirmation email to a new subscriber after they’ve entered their email address in your opt-in form. The prospective subscriber has to click a link in that confirmation email in order to be subscribed.
This does create an extra step for people to get on your email list, but it is also one of the best ways to never have to worry about triggering a spam trap multiple times. Spam traps aren’t the only reason to use double opt-in though – you’ll also enjoy nearly double the open rates and click-through rates if you set up double opt-in, and you’ll get fewer unsubscribes and spam complaints. Double opt-in will cost you a few subscribers on the front end, but for long-term list engagement and profitability, it beats single opt-in hands down.
If you really must use single opt-in, at least send a welcome email to every new subscriber. If that welcome email bounces, consider removing the new subscriber.
3) Be very, very careful about which companies you pick for co-registration or email append services.
Co-registration is when you sort of piggy back on another company’s opt-in form. Typically, the prospective subscriber fills out your co-registration partner’s form, and then checks a box bear the bottom of the form that says they also want to opt into your list.
This technique used to work very well, but it’s always been a bit borderline spammy, and it’s never resulted in high-quality lists. Now that we have CASL, co-registration forms also cannot be pre-checked, so if your co-reg partner is still using pre-checked boxes (i.e., pre-checking the boxes so people are opting into your list by default), either get them to uncheck that box, or stop doing business with them.
Email append services are where you have, say, a list of 10,000 postal mailing addresses, and you want to get email addresses for those people. An email append service can do that. Once again, these tend to create poor quality email lists.
In the end, the only good way to get an email list is to build it, subscriber by subscriber. Fortunately, it’s not that hard, and can often be cheaper than trying to buy lists that end up performing poorly.
5) Practice good list hygiene.
Every six to 12 months, purge your list of anyone who has never opened or clicked one of your emails. Yes, this will reduce your list size. But it will also preserve and improve the deliverability of the names you do have, it will keep you off spam traps from recycled addresses. It will even reduce your overhead costs for your remaining names. There’s a reason list hygiene is one of the most recommended best practices – it’s worth the effort.
If you’re seeing more than 5% bounce rates after you mail to a portion of your list, then before sending any further emails we recommend cleaning your list using one of our recommended email verification services:
NeverBouce.com (SMTP2GO users receive a 10% discount)
You may need to run your list through these services if your list is very old or out of date. Part of our terms of service – set to preserve our deliverability rates for all customers – requires that very old or out of date lists be verified.
6) Use CAPTCHA on opt-in and contact forms.
There’s no better way to ensure you’re dealing with an actual human than to add a CAPTCHA to your opt-in and (especially) to your contact forms. This will serve as another potent deterrent to keep spam trap emails off your list.
7) Use a company-wide suppression list.
Leverage other people’s work. If you’re in a company large enough to have multiple email lists, pool your resources and create a list of addresses no one in your company should mail to. This isn’t a foolproof way to steer clear of spam traps, but it definitely helps the cause.
Fortunately for you, SMTP2GO maintains a large list of known spam trap domains, and we block any attempts to send emails to those domains. This protects both your reputation and ours. It also instantly notifies you about potential problems with your list, or with a compromised computer within your network.