All you need to know about spamtraps

By Brightverify on April 7, 2016 in Best practices, Delivery improvement
0
0

Spamtraps are created by international service providers and anti-spam services, are used in email verification, email list cleaning and are one of the most widely used online management tools to block IP addresses and keep track of the individuals and companies who send spam. But what do they mean to the sender of marketing emails?

As much as spamtraps can be highly effective in reducing the amount of mail which is classed as illegal under European Anti Spam regulations and policies, they can also be have a detrimental effect if they are present on your domain. You could be heavily penalised and be risking your domain reputation. In this article we show how to track them down, the risks involved and the different ways in which you can remove them from your domain.

What are the different types of spamtraps?

The three main types of spamtrap are Pure spamtraps, Recycled spamtraps and Role spamtraps.

Pure spamtraps

Pure spamtraps as the name may imply were created by anti-spam services and ISP’s to lure spam away from your inbox. They have no other function but to combat illegal online mail – so any mail received there is automatically considered spam. Because of this, it is safe to say, of all the three types of spamtraps, pure spamtraps are likely to have the biggest impact on your online reputation.

Recycled spamtraps

Sometimes it’s less costly and more time efficient if anti-spam services can use sources which are already available on the web rather than spending tired budgets on new developments. Recycled spamtraps are those dead addresses, dormant addresses and inactive addresses which were once owned by the ISP or email provider and are no longer in use. In order for the ISP to use them as a spamtrap they facilitate a process called “gravestoning “. After an agreed period of time where the accounts are unused (all ISP’s have different timing arrangements) they will be turned off. People sending to the accounts will receive hard bounce errors such as “550 error messages”. Once reactivated, the recycled account can be used as a spamtrap. Although penalties are lower with recycled spamtraps it should be taken into account any email  entering the inbox will be considered a spamtrap hit.

Role accounts

Although not a spamtrap Role Accounts are risky to send to. Examples of this would be webmaster@, hostmaster@, sales@, support@, postmaster@ etc.  This type of accounts can have a varying web penalty but interestingly it is the smaller B2B domains that are more likely to get hit with a heavy penalty.

How do spamtraps get in your database?

If the location of spamtraps becomes common knowledge then they clearly will not be effective in trapping spammers. For this reason the whereabouts of spamtraps are confidential and only known to the owner of the website or ISP which created it. Finding one on your domain can be quite a shock. It almost feels as if your website is not in your control – that  it is being used for other purposes. More importantly there is the real concern that you may well start accruing penalties.

The result of purchasing email lists is the most common way of becoming infected with spamtraps. The problem with this kind of data is email addresses will not be accompanied by a date stating when the email address was created, or even an opt-in record. It is highly likely, if you use purchased email lists often for email campaigns, you are frequently sending to spamtraps. As well as penalties this also reflects how ineffective email campaigns can be if not handled correctly.

Another common way of being infected is through role account hits that lead to dead domains. This comes about when ISP’s go out of business, merge with another service or are purchased outright by another organisation. The new owner may either gravestone all email addresses (as outlined above) or migrate them to the new service. Either way it is at this point the common addresses such as sales@, or support@ etc can get lost in the mix.

“Through Spamtraps you can be heavily penalised and be risking your domain reputation.”

“Pure spamtraps will almost definitely cause an instant block on your IP address and could also affect your “from domain”. “

What are the risks to my IP address?

Spamtraps can have quite devastating results on your domain and IP reputation. Pure spamtraps have the greatest negative effect. It will almost definitely cause an instant block on your IP address and could also affect your “from domain”.

It could be costly and is likely to be disruptive to your business processes. Most importantly, when your reputation is hit it can be very difficult to re-establish it. To put into perspective how destructive just one spamtrap hit can be, it has been estimated that it could take from 6 months to one year for a business to recover.

Do you currently have an issue with spamtraps?

Once you are aware of the existence of spamtraps there is a likelihood you may start getting a little paranoid in terms of email deliverability errors. However, with most email service providers, and especially with Windows Hotmail, these kinds of errors do not tend to be caused by spamtraps. In most cases where there is a problem it is usually down to webmasters failing to adhere to basic email acquisition practices and guidelines – such as buying email lists.

There is no escaping from the fact that it does happen though, and one way to double check for spamtrap infection is by monitoring your bounce logs (or SMPT failure logs). If an ISP has been blocked a non-delivery receipt or delivery status notification (DSN) will highlight why the message has been deferred.

If there is nothing present to suggest there is a problem you can also use such sites which offer reputation monitoring services such as senderscore.org to check your reputation. Popular Anti-Spam service providers such as Cloudmark, BrightMail, Message Labs and Barracuda Network can be very useful whereas some services such as Return Path or DNSstuff.com offer a Spam Database lookup tool.

How can I deal with spamtraps on my domain?

There is no doubt that prevention is the best course of action. Protect yourself against gravestoning and recycled spamtraps. Sometimes many email inboxes are created for our businesses that over a period of time become redundant – such as when an employee leaves or a test email account. It is a good idea to check with the major ISPs that make up a larger share of your database how these accounts are dealt with. Keep to best practices and guidelines for acquiring and sending email marketing messages (i.e. don’t buy email lists).

5 tips to get you back on track

  1. Identify the source of the problem and close it up. This may seem a bit obvious but it is a bit like the question “What is the first thing you do in the middle of a flood?” answer: “Turn off the tap!”
  2. As we outlined above, the spamtrap address must remain a secret so it is no good approaching a spamtrap owner expecting him to disclose where it is. Once it is disclosed it is useless and you are disrupting his business. It will cost him time and money to set up another. Unless you know where the spamtrap is you are going to find that spamtrap owners are not going to enter into any kind of discussion. So make sure you have a clear idea of where it is located.
  3. Reconfirming your database is a costly exercise as it can cut the business subscriber base by 75% or more. However by reconfirming closed segments of the database one at a time, it can leave you in much more control and cut overall costs. Identifying certain segments can cut fallout rate by 50%.
  4. Consider whether the problem has occurred shortly after you purchased an email list. If so – don’t think twice – throw the list out and start from scratch.
  5. Issues often occur after a large influx of new subscribers. Be sure to analyse subscribers (especially recent ones) and check out anything which appears to be out of the norm.

Limiting spamtrap risk

  • Make sure your webforms are smart enough to pick up any data entry mistakes. While you can hire a webpage designer/coder to code in all of the ISPs and B2B domains syntax rules and rules for dead domains, this can be costly when compared to using a service like BriteVerify.com. This can be a highly effective service and can be a great asset in improving email hygiene.
  • Start creating suppression lists which will include dead domains, role accounts, wireless domains and government entities etc. It should be portable and MD5 compliant. Now if you choose to move ESPs, or take your email program in-house you can bring your suppression file with you.
  • Pay close attention to “soft bounce management”. Soft bounces can occur if the recipients’ mailbox is full, which in turn, is an early indicator that the recipients address may be close to becoming “gravestoned” by the ISP. You can reduce the risk of hitting a recycled spamtrap if you set a threshold for soft bounces at which point accounts will be removed. When creating your marketing schedule, make a soft bounce threshold and stick with it. The average is 5 soft bounces within any 30 day period. Having set your threshold, the MTA will treat the 5th soft bounce as if it were a hard bounce.

Conclusion:

Hitting a spamtrap can be a frightening prospect but there are clear ways, and professional services to get yourself out of trouble. Dealing with the issues alone is possible but may lead to further delays in having your IP removed from the blacklist. If you have the fundamental guards in place you are already on your way to getting yourself back on track. If not, start by working with an experienced Email Deliverability Consultant.

You can contact a verification service to identify hard bounces and role accounts before they are repurposed as spamtraps. Once you are making changes, consider working with an inbox monitoring service in order to track how the changes you implement affect deliverability.

With the ultimate goal of re-instating your company’s deliverability rate and healthy productive levels back to normal, there is nothing more effective than ensuring best practices are at the core of your email marketing campaigns at all times. Following best practices from the beginning could mean spamtraps are just your competitor’s worry!

Image via Flickr

About the Author

BrightverifyView all posts by Brightverify
BrightVerify is a global leader in email verification services. Our mission is to deliver tools that help data owners follow best practices in email acquisition and protect themselves from the email evil-doers.

Copyright 2017 DeliverabilityNext