Spamtraps need to be Retired
Spamtraps are considered by many as the gold standard in proving that someone is a spammer. Secret emails/honeypots/blackholes are the canary in the email coal mine- heretofore absolute proof that you’re a bad actor in the war against spam. We’ve all been taught to believe that spam traps can only end up on your list if you’re mailing old/dead addresses and/or purchasing lists.
The problem is…what happens if neither of those is true? What’s the explanation for hitting a spamtrap when you’re NOT buying a list and NOT bringing back old names? According to some, this is impossible - there’s no way a spam trap address can end up on your list unless you’re engaging in bad practices.
Here’s a quote from an article I recently read talking about spam trap list operators- “For example, often a blacklisted marketer will claim their list is 100 percent opted in when the DNSBL operator has irrefutable evidence in the form of spam traps that it’s not.”
But guess what…”spam traps” can actually open. And even click. How do I know this?
- I looked at the results of our own data.
We run a site that is fortunate enough to get between 20,000 and 50,000 new users per day. They sign up, we validate the address as best we can using a third party. We keep non-responding sign ups on our list for up to 5 days, then stop if they haven’t opened or clicked. We only mail opens/click inside of a 45 day time window. Once a month we send to our full 12 month file because, hey, people actually did sign up for our emails.
Why do we go to all this trouble? Because we keep hitting “spamtraps.” That’s right, we only send to openers and clickers to people who actually signed up for our email yet still hit “spamtrap” addresses that are not supposed to open and/or click…but they do.
I thought…I must be crazy. There’s no way a spam trap – by definition – should be able to open and/or click. The truth is, spamtraps can - and do - open and click.
For example, yesterday we sent just over 107,000 emails to Hotmail. Unfortunately, we had three “trap hits” at Hotmail. On our last monthly send to Hotmail, we attempted to send 723,000 emails and recorded 65 “trap hits” even though – according to the SNDS web site FAQs, “Trap accounts are accounts maintained by Windows Live Hotmail that don't solicit any mail. Thus any messages sent to trap accounts are very likely to be spam. Well-behaved senders will hit very few such accounts because they're generally sending to people who give them their address and because they collect and process their NDRs. Spammers have a much harder time avoiding them because, in general, they can't and don't do either of those good practices.”
The usual response from the deliverability community is “well, you must be buying a list and/or mailing to really, really old addresses.” This sort of victim-blaming is not at all unusual and relies on a questionable logic path of “spammers wear jeans. You wear jeans. Therefore you must be a spammer.”
Here’s the thing…the internet is lot fuller than it used it be. Sometimes people enter in bad information because they don’t really want to hear from you…but they want your data. It might simply be old information in the form or their old email address. It might be a typo. It might be something random a person enters because they don’t want to give their real address (if firstname.lastname@example.org is a spam trap…guilty.) It might even be maliciously planted by people looking to either hurt your company or make a quick buck. In all of these cases, someone has to fill out our form. Even though we send every email to a validation service, we still get far too many “spam” hits that open and/or click our emails. It’s massively frustrating.
Spamtraps were once a great idea to combat spam. Then again, phones the size of a brick were once the gold standard for mobile communications. The question is, are spamtraps becoming the cassette tape of the email industry – a once popular technology rendered almost irrelevant by better, more accurate technologies? With the advent of DKIM, DMARC and other authentication tools – along with engagement filtering by ISPs – has the relevance of the spamtrap massively deflated? Do we even need to rely on a tool that has seemed to outlive its usefulness?
I’m all for tools that help to separate the good players from the bad. But spamtraps that click and open don’t really seem to do anything to advance that cause.
Yes, you are mainly talking about TrendMicro and their terrible, abusive practice as a "DNSBL" operator. Seems like those boys in Taiwan still haven't figured out what makes a spam trap reliable vs. one that provides mostly false-positives. Credible DNSBL providers will continue to work as they should with minimal, if not always, 0 opens/clicks. To further that if you happen to be making the choice to drive best practices to marketers that hit the traps the providers of those traps are very helpful in resolving it. This includes the chance to keep the list and remove portions that you should know are definitely bad. Sure go back to TrendMicro and the reality is, you just unsubscribe their traps because they don't seem to care.
If you're shocked to learn that some traps open and click, then you haven't been paying attention.
It's never been a secret that some trap networks do this in order to collect data or assess reputation associated with landing pages, their domain, and their content. Most don't, but some do, and some always have. Different types of traps do different things, and tell operators something a little different about a particular sender.
Furthermore, some recipient domains will observe persistent attempts to send to non-existent addresses, and cause them to suddenly exist so that they can monitor and assess reputation of the sender. That's one easy way an unconfirmed and recent sign-up can become a trap. It happens all the time, particularly with at least one very large free inbox provider.
But the data generated by trap networks is generally accurate, assuming the user of the data understands how it was generated and uses it accordingly. They're not going away anytime soon. I realize that this may present some senders with a bad customer experience, but it's best to remember that senders are not their customer.
I fully agree on the spamtrap methodology flaws outlined here, but one item is not clear. Are you conducting a double optin? While spamtraps do click and open are you suggesting they also click through the double optin link? That was a territory that I thought the spamtraps do not touch?
Bob, I share your frustration. The issue is that while you are doing everything right (not purchasing data, using confirmed opt-in, removing invalid addresses before you mail, removing hard bounces after a first hit, and not mailing inactive addresses), you are still experiencing problems with receiver traps. Specifically, mistyped usernames at major ISPs, that click.
A quick question, do an email (hotmail in this case) go through a process before becoming a spam trap? I've always heard that on Hotmail there are two kinds of spam traps, one of them it's created by Hotmail and it will never subscribe to a newsletter, the another one it's old adresses. This last one become a spam trap after being a SB due to inactivity (6 month inactivity). So checking which address has a SMTP response from Hotmail by inactivity we can avoid to hit this kind of spam trap. Is this correct?
There is far more breadth and depth to spamtrap use than this post suggests. Are there issues with some companies and uses? Sure there are. However concluding "Spamtraps need to be Retired" is either a gross failure of comprehension or click-baiting.
Which is it Bob?