There’s a battle being waged just beyond your inbox…
You can’t hear it, and you can very rarely see it. It is a battle to the death against spam. It’s ISPs vs spammers, with some anti-spam “entities” such as Spamhaus thrown in as covert forces.
You, me, and anyone who uses email to run their business sometimes get drawn into the crossfire of these forces. And – let’s face it – a few of us might even inadvertently do spammer-like things. And, sometimes, we get caught.
In fact, the most common way to get caught is by a spam trap! Truly, one of the finest tools ever created for catching spammers.
Before we dig in any deeper, let’s give you a more specific definition of a spam trap.
A spam trap is an inactive email address set up by an ISP or an anti-spam entity for the sole purpose of receiving unrequested emails, aka spam emails.
There are several types of spam traps. Here’s how to identify them, and which list-management sins can trigger them.
The recycled spam trap
This is an email address that was once used in a normal way, by a real person who was getting legitimate emails. Then one day that person left – they either stopped logging into their email account or they closed the account. After an extended period of inactivity, around 18 months, their ISP (for example Yahoo or Gmail) decide to reactivate their email address, but with a whole new purpose, as a spam trap! Now, if anyone sends an email to that email address, they’ll trigger the trap.
The recycled spam trap is there to teach one important lesson: Clean your list regularly. “Regularly” would be at least once a year, and possibly every six months, though some email experts think cleaning lists every six months is too frequent. We’ll leave that for the experts to debate, but it’s clear that an annual purge of inactive names is a safe and recommended best practice. Not only will you remove subscribers who have “emotionally unsubscribed”, but you’ll also keep yourself out of the crossfire from recycled spam traps.
Word to the Wise blogger and email deliverability expert Laura Atkins, views all spam traps and all the issues they create as mere symptoms of a mismanaged list. Her diagnosis rings true in many ways, and can easily be applied to recycled spam traps. Basically, if you’re triggering recycled spam traps, you need to clean your list, or, in the lingo of email marketers, practice better “list hygiene”.
The honey pot
This is not the sort of honey pot Winnie the Pooh loves. In fact, if Pooh were an email marketer, this honey pot would give him a very sour mouthful. This type of honey pot is an email address that ISPs, or (more typically) anti-spam entities such as Spamhaus have created explicitly to trap spammers.
Honey pots are particularly sticky because ISPs and anti-spam organizations don’t just create them and then wait for someone to accidentally send an email to them. The ISPs and anti-spammers will actually promote honey pots, in a way almost guaranteed to trap spammers. They do this by publishing honey pot addresses on websites, and may even embed the honey pot addresses in the code (like in the “alt” tag). When embedded on sites, these honey pot addresses are also sometimes called “seeded addresses”.
One particular kind of honey pot spam trap is set up by Backscatterer.org, which runs an entire business out of detecting the “backscatter” spam sent to their spam traps. Your email service provider should have measures in place to prevent you from generating backscatter spam. If you’re an SMTP2GO customer, we’ve got you covered: See our setup guide for ways to correctly configure Microsoft Exchange Server and other recommended techniques to block backscatter spam from ever being sent.
Unfortunately, many email service providers do not have such measures in place, and as a result, backscatter spam is extremely common. This is mostly because the default installation of Microsoft Exchange Server (and some other MTA’s) actually allow backscatter spam to be sent.
How honeypots get on to “legitimate” email lists
After a honeypot email address has been set up, it sits and waits on a website for scraper software to “harvest” it. The scraper software scoops up the honey pot addresses, thinking they’re like any of the other hundreds of thousands of addresses they steal. The person operating the scraper software – the spammer – then inadvertently adds these stolen addresses to their mailing list.
Unfortunately, the spammer may also sell these harvested email addresses (including the honey pots) to a legitimate email marketer. The spammer may have to lie and say these are double opt-in email addresses, but that’s no big stretch for a spammer. Another way a spammer’s harvested names can get on a “legitimate” email list is if a marketer uses co-registration with a shady partner, or if they do an email append with an email service that gets its names from less than trustworthy sources.
Malformed email addresses, aka typo domain traps
These kinds of spam traps often catch legitimate email marketers. Malformed email addresses are email addresses with typos, like firstname.lastname@example.org or email@example.com. It is quite common for these kinds of malformed addresses to get added to email lists when someone is writing out their email address on a printed form – like at a brick and mortar store – or if the email capture is not vetted by double opt-in.
To give you an idea of how many emails go out to these malformed domains, consider that one of the largest email service providers said in a blog post that they mailed “approximately one million emails to typo-squatting domains” in November of 2011 alone. That was several years ago, and while we’d like to report that there are fewer emails going to these kinds of addresses now, there aren’t.
Occasionally, someone filling out an online opt-in form will also make a typo and send an email to a spam trap. These are the least severe of all traps, as they are most often simply caused by user error. If the sender of the email is using double opt-in, this will mean they at least send only one email to the trap. But even if you’re using double opt-in, if you’ve got a high-traffic site with thousands of people typing in their email addresses, it’s bound to happen every so often.
Another variation on this problem is when people deliberately type in false email addresses – like firstname.lastname@example.org for example or email@example.com. Occasionally, someone will type in an email that just happens to be a spam trap. Once again, if the marketer is using double opt-in, this will minimize the damage.
How to tell if you’ve got a spam trap on your list
Most email marketers find out they’ve got a spam trap only after they see their deliverability rates tumble. But you can use tools like the Windows Smart Network Data Services, Return Path’s Sender Score tool, or ProjectHoneyPot.org to see if any of these bad apples are on your list.
What happens if you do get on a spam trap?
The consequences of triggering a spam trap vary depending on which spam trap you’ve triggered and how often you’ve triggered it. In other words, mailing to a malformed email address once is bad. Mailing to a honey pot that was embedded on a website once is very bad. Mailing more than once to that honey pot is very, very bad.
One major email deliverability service reported seeing a mailer’s SenderScore drop as much as 20 points after mailing to just one spam trap, one time. SenderScore is a rating of zero to 100 – anything below 90 is considered a problem; so that one email created quite a deliverability disaster. In another example of an extreme penalty of mailing to a spam trap, a sender’s inbox placement dropped below 81% (that’s how many emails they send that actually reach peoples’ inboxes).
While those kinds of consequences are severe, they’re not uncommon. Mailers who trigger spam traps often end up on one or more blacklists and can have many other problems. In short, you don’t want to mess with spam traps. Even one or two triggered spam traps can cripple your profitability.
The best way to get out of a spam trap
So what happens if you find a spam trap in your list? The single best way to identify a spam trap is to look for no engagement with your email messages. Start by going back six months, and remove everyone who has never opened an email. If that seems too extreme, you could go back and remove everyone who has never clicked one of your emails in the past six months.
The next, less effective way is to remove malformed domain names. The third method would be to remove emails with job functions (known as role accounts), like firstname.lastname@example.org or email@example.com. That third method should be used only as a last-ditch effort – you will probably delete quite a few legitimate email subscribers if you purge those kinds of addresses.
How to never get on a spam trap in the first place
Given how severe the consequences of triggering a spam trap are, what can you do to ensure you never trigger one in the first place? Fortunately, there are several easy and proven ways to never get tangled in a trap.
1) Never buy an email list.
It’s SMTP2GO’s policy to not let our users use purchased lists. We do this to protect the deliverability rates of our network for all of our customers, but also because we just don’t want you to get burned the way so many other people have with purchased lists. Note that we also do not tolerate “harvested” email lists.
2) Use double opt-in.
Double opt-in is when you send a confirmation email to a new subscriber after they’ve entered their email address in your opt-in form. The prospective subscriber has to click a link in that confirmation email in order to be subscribed.
This does create an extra step for people to get on your email list, but it is also one of the best ways to never have to worry about triggering a spam trap multiple times. Spam traps aren’t the only reason to use double opt-in though – you’ll also enjoy nearly double the open rates and click-through rates if you set up double opt-in, and you’ll get fewer unsubscribes and spam complaints. Double opt-in will cost you a few subscribers on the front end, but for long-term list engagement and profitability, it beats single opt-in hands down.
If you really must use single opt-in, at least send a welcome email to every new subscriber. If that welcome email bounces, consider removing the new subscriber.
3) Be very, very careful about which companies you pick for co-registration or email append services.
Co-registration is when you sort of piggyback on another company’s opt-in form. Typically, the prospective subscriber fills out your co-registration partner’s form and then checks a box near the bottom of the form that says they also want to opt into your list.
This technique used to work very well, but it’s always been a bit borderline spammy, and it’s never resulted in high-quality lists. Now that we have CASL, co-registration forms also cannot be pre-checked, so if your co-reg partner is still using pre-checked boxes (i.e., pre-checking the boxes so people are opting in to your list by default), either get them to uncheck that box, or stop doing business with them.
Email append services are where you have, say, a list of 10,000 postal mailing addresses, and you want to get email addresses for those people. An email append service can do that. Once again, these tend to create poor quality email lists.
In the end, the only good way to get an email list is to build it, subscriber, by subscriber. Fortunately, it’s not that hard, and can often be cheaper than trying to buy lists that end up performing poorly.
5) Practice good list hygiene.
Every six to 12 months, purge your list of anyone who has never opened or clicked one of your emails. Yes, this will reduce your list size. But it will also preserve and improve the deliverability of the subscribers you do have, and it will keep you off spam traps from recycled addresses. It will even reduce your overhead costs for your remaining subscribers. There’s a reason list hygiene is one of the most recommended best practices – it’s worth the effort.
If you’re seeing more than 5% bounce rates after you mail to a portion of your list, then before sending any further emails we recommend cleaning your list using one of our recommended email verification services:
TheChecker (this link gives you a 20% discount)
You may need to run your list through these services if your list is very old or out of date. Part of our terms of service – set to preserve our deliverability rates for all customers – requires that very old or out of date lists must be verified beforehand.
6) Use CAPTCHA on opt-in and contact forms.
There’s no better way to ensure you’re dealing with an actual human than to add a CAPTCHA to your opt-in and (especially) to your contact forms. This will serve as another potent deterrent to keep spam trap emails off your list.
7) Use a company-wide suppression list.
Leverage other people’s work. If you’re in a company large enough to have multiple email lists, pool your resources, and create a list of addresses no one in your company should mail to. This isn’t a foolproof way to steer clear of spam traps, but it definitely helps the cause.
Fortunately, if you are an SMTP2GO user, you will have your very own suppressions list within your account where hard-bounced, unsubscribed and spam complaint recipients will be blocked. We also maintain a large list of known spam trap domains, and we block any attempts to send emails to those domains. This protects both your reputation and ours. It also instantly notifies you about potential problems with your list, or with a compromised computer within your network.