Sign in to follow this  
Followers 0
felixsanch

How do I identify a spam trap from a spam trap header .txt

10 posts in this topic

Hi all.

First post ever, so bear with me please.
I'll try to make this to the point.

Yesterday my company hit a spam trap, and I've been able to get a .txt-file for the "spam trap header".
But when looking in the spam trap header I really can't see anything that I can use for identifying what caused hitting the spam trap.

I did some seaches for parts of the text in the .txt-file matching it with our entire newslettersubscriber database, but searches like these:

mxweb102

0MRFSd
0MDAqe
0LvCtq
h9bhv4163hsg
Ogbm8j4XQn5Q


didn't return any matches at all.

---
So, as I'm very new to this, I'd like to ask:
When hitting a spam trap, and then being able to get a .txt-file for the "spam trap header".. how can I use this info to identify and later avoid hitting that spam trap again?

Thanks

Share this post


Link to post
Share on other sites

What does that mean?

Hi Dave.

As understand it, somehow we've unintendedly included a bad emailadress (not someone interested in our product and services) in our group of newsletter recievers, sent a newsletter to that emailaddress and thereby "hitting that spam trap".

Share this post


Link to post
Share on other sites

Assuming that you use a confirmed-opt-in procedure for adding email addresses to your mailing list, can't you cross-check the confirmations you received against the current list, to see if there are any discrepancies?

Share this post


Link to post
Share on other sites

spam traps are by design hidden. If anyone could identify the mailbox/domain of a spam trap they would serve no purpose sense any spammer could avoid the trap.

If you are using a double-opt-in, confirmed-opt-in, emailing list as Dave suggested, you could not have sent your newsletter to a trap. By chance you may have sent a confirmation email to a trap, but the odds are low.

How do you know you sent email to a spam trap? SpamCop does not send any notices for spam trap hits.

What is the IP address used by your newsletter mail server? With that we could look at the history and help you understand what has happened. OR you can go to https://www.spamcop.net/w3m?action=map and look up your IP address. If you don't want to post your IP address publicly, you can send me a PM (the envelop icon in the top right corner of this page.)

Share this post


Link to post
Share on other sites

Assuming that you use a confirmed-opt-in procedure for adding email addresses to your mailing list..

Hi Dave.

I'm sorry to say, our mailing list contains thousands and thousands of subscribers without confirming their email-adresses.

It's a terrible setup, I know.

How do you know you sent email to a spam trap? SpamCop does not send any notices for spam trap hits.

What is the IP address used by your newsletter mail server? With that we could look at the history and help you understand what has happened. OR you can go to https://www.spamcop.net/w3m?action=map and look up your IP address. If you don't want to post your IP address publicly, you can send me a PM (the envelop icon in the top right corner of this page.)

Hi Lking.

The spam trap header I have is from Return Path referring to it as a spam trap.

I know the bad email address is from Germany, but when trying to narrow down my german subscribers having not opened or clicked any mails for a long time (that how spam traps act, right?) I still get a very, very long list of addresses.

So, I was hoping to being able to - with your help - getting used to information in spam trap headers so I would have an idea on how to identify bad adresses.

Hope it makes sense.

Anyway, I'm not sure if posting my IP address publicly is a bad idea, but anyway, I've sent you my address and hope, that you'll be able to guide me in the right direction.

Thank you very much

Share this post


Link to post
Share on other sites

I'm not sure posting you IP is a bad either, but some people have expressed concern so I wanted to give you another option.

Following the link I provided above, I see that that IP has a neutral reputation in a neighborhood of IPs with good reputations. The IP does not seem to be on any block list.

I am not sure what you mean by 'a .txt-file for the "spam trap header".' The spam traps I am familiar with are "black holes;" emails go in ~ and NOTHING comes out. Is this some extract from your log files?

Using an un-confirming emailing list does lead to problems.

Share this post


Link to post
Share on other sites

I've copied and pasted the content of the following in a private message to you, hope it makes sense.
I think you might be right; that it's some kind of extract from our log files - it's just me not knowing the terms

I am not sure what you mean by 'a .txt-file for the "spam trap header".'

Share this post


Link to post
Share on other sites

I've copied and pasted the content of the following in a private message to you, hope it makes sense.

I think you might be right; that it's some kind of extract from our log files - it's just me not knowing the terms

Sounds like a fake bounce notice, with false "notice" some email clients can be made bounce back to "from" email address.

Sometimes ignorant ISP's use this method also, sometimes even falsely claiming " Blocked by SpamCop"

Spammers ""from: email addresses" are mainly fake, or sometimes use a real one as a "joe job"

spam Traps are undetectable often addresses that are hidden in e.g. web pages like poison for "spam bots" that collect them.

spamtrap email address have NEVER been used to send email.

When a email is posted to a spamtrap address only the sending IP address (if hit "X" number of times) is listed and blocked (trapped)

From addresses are almost never never blocked by email servers

SpamCops blocklist only lists IP's that are reported as spam, or a sent from a IP to a spamtrap (which is a super secret email address) over "X" number of times for a minimum of 24 hours after spam stops!

Edited by petzl

Share this post


Link to post
Share on other sites

felix,
Finely had time to look at the data you sent me. What you sent is the text of an email, including the header. You can get similar files from most email applications (Thunderbird, etc) by selecting an email and pressing <ctrl> u A new window will open with the text (like you sent me) for the selected email. What you sent is a bounce message from a "lazy" mail server (well a lazy mail server manager).

hard to say but I'm guessing someone (a spammer) forged your email address in the FROM: of spam they sent. The poorly informed recipient ISP bounced the message back to you, the forged FROM:

As I said before, it defeats the purpose of a spam trap to identify the email address of the trap.

A--periodically I too get a burst of this type of bounce messages when a spammer somewhere uses one of my email addresses to forge the FROM: in their spam. It does work ~~ their mail server does not have to deal with the bounce message for the bogus addresses in their mailing list.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0