Tony Cheetham

spam traps - Why do they hate me so much?

8 posts in this topic

I've got a newsletter list setup on a site I maintain, and the address are all entered into our website.  They do not require confirmation to receive the letter, but they can un-subscribe at any time and I am 100% commited to being a responsible email user.

However with our last mail out I found that we had hit a spam trap!  Oh no!  How did this happen?

Well I don't know :|  We absolutely do not get addresses from outside sources, and I keep a log of all users who give us an address(IP address, and external referrer where it exists).

The guy on the support system here gave me some help, but the only useful info he could give me was the message-id associated with the message.  I keep all our SMTP logs which are very detailed, and that message-id is not one we sent out, although the rest of the headers he shared with me look genuine enough.

I'm un-sure what to do next?

Share this post


Link to post
Share on other sites
Quote

They do not require confirmation to receive the letter, but they can un-subscribe at any time and I am 100% commited to being a responsible email user.

Those two statements are mutually contradictory, I'm afraid. You should move to a "confirmed opt-in" immediately.

Spam-traps don't hate anyone. They are email addresses made up of random characters that have NEVER been used to send email. They are hidden around the internet as bait for harvester-bots. The ONLY way you can hit one is to send mail to one of those harvested addresses. SO, who has access to your SMTP server? Is it shared? if so it may be the fault of a fellow user. Are you the only one who is meant to have access? in that case, you have been hacked and a spammer is using your server without your knowledge. If you supply the IP address someone on here can look up its reputation and report history for you.

HTH

Share this post


Link to post
Share on other sites

You did not say who's spam trap you hit, one of SpamCop's or someone else's.   How do you know you hit a "spam trap" or was your (your shared) IP just reported?

As Derek said, spam trap addresses are hidden, kept secret.  To keep the address hidden, reports of a hit are not provided.

5 hours ago, Tony Cheetham said:

but they can un-subscribe at any time

Of course in the case of unsolicited email, using the un-subscribe, only confirms that someone reads email sent to this address (and more spam will be read).

Share this post


Link to post
Share on other sites

Using confirmed opt-in is a good idea. If you're using a sign-up form on your website which blindly accepts email addresses without doing at least some kind of check on the validity of the information provided, you're setting yourself up for trouble. Anyone can enter any rubbish on the form, and if what is entered happens to match someone's spamtrap address, chances are extremely low that a real person will be clicking on an unsubscribe link.

Share this post


Link to post
Share on other sites

"Using confirmed opt-in is a good idea. " I agree. But I don't see how it would have helped the OP in this case, from what he is telling us. 

Let's say a visitor enters any rubbish in the form, and, bad luck for Tony, it happens to be identical to a spam trap's address. Tony's page can blindly accept it, in which case he might hit the spam trap at some point. If he verifies it, the typical method is to email the claimed address and wait for the user to confirm that it was entered correctly and in good faith. However, sending that verification mail means Tony hits the spam trap IMMEDIATELY, not when the next newsletter goes out.

Hard to believe the situation is this twisted, so please fill in the gaps if I've missed something.

I suppose the advantage to the verification mail hitting the trap first is that you are mailing to one user instead of the whole list, so connecting the signup to the time of the report you might have a chance to zero in on the bad address. But the damage is done.

Share this post


Link to post
Share on other sites
9 hours ago, John Campbell said:

Let's say a visitor enters any rubbish in the form, and, bad luck for Tony, it happens to be identical to a spam trap's address.

The randomish nature of spam trap email addresses makes it extremely unlikely that a visitor would enter the address in the form.

Share this post


Link to post
Share on other sites

There are spam traps and there are spam traps, it can depend on how they're set up. Some are email addresses hidden on websites where only web crawlers and nosey people who view the page source would find them. Others, of a different kind of sneaky nature, are based on real email addresses that were once active and legitimate recipients of email but have been disabled or fallen into disuse - these will catch you out if you don't look after your mailing list carefully.

Edited by lisati
minor rewording

Share this post


Link to post
Share on other sites

And there are others that use the whole domain that has never used the MX except as a trap, so any email received by the domain is "spam."

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now