Amazon SES Blog

So You’ve Hit a Spamtrap?

by Chris Wheeler | on | in Best Practices | | Comments

Have you been told you’re sending to spamtraps? Or do you just want to cover your bases after hearing about them? Either way, please read on!

A bit of history

Spamtraps were designed by ISPs and email watchdogs as a way to determine when someone is sending to email addresses that have not opted into getting the email – spam (as defined by Spamhaus). They come in many different forms and are a great source of information for email receivers that signals when someone is sending email to addresses they shouldn’t. A spamtrap is nothing more than an address that exists to collect email. No human recipient exists behind the spamtrap email address. They’re so effective that some major blacklists around the world use them exclusively to determine when someone is intentionally spamming (e.g., sending to scraped, harvested, or random character addresses (known as a dictionary attack)).

What happens if you send to a spamtrap?

Your email runs a high risk of not being delivered. And if the behavior is pervasive, Amazon SES won’t send your email for risk of relaying spam to the internet.

What can you do to avoid sending to spamtraps?

Never send to email addresses that have never opted into your email – it’s that simple. This means that if you’re purchasing email addresses, trading addresses with other list brokers, or are importing addresses of unknown origin – stop and rethink! Since there’s no way to really tell whether an email address is a spamtrap or not, you won’t know whether a person is behind it unless the address is provided via a human required action, such as registering an account, filling out a form, making a purchase, etc.

Some additional tips:

  • If you want to be extra careful, complete a double opt-in campaign where you only regularly email an address after a verification link has been clicked.
  • Another check you can do is to see whether an email address or account has been active on your site in a while. If not (let’s say no activity from an email address has transpired for more than 6 months), it might be time to remove the address from your list until it engages your site again.
  • Finally, any address that has hard bounced multiple times in the past due to an invalid or expired mailbox has the potential to be silently converted into a spamtrap. Monitor your bounces and don’t send to repeatedly hard bouncing addresses to avoid this.

If you’re really interested in learning the intricacies of spamtraps, Word to the Wise has a good and more exhaustive description of the different types of spamtraps.

Remember, if you’re ever unsure of whether an address is actually legitimate, review the source and opt out if you’re the slightest bit skeptical. It’s not worth sending to a spamtrap.