Jump to content

spam traps - Why do they hate me so much?


Tony Cheetham

Recommended Posts

I've got a newsletter list setup on a site I maintain, and the address are all entered into our website.  They do not require confirmation to receive the letter, but they can un-subscribe at any time and I am 100% commited to being a responsible email user.

However with our last mail out I found that we had hit a spam trap!  Oh no!  How did this happen?

Well I don't know :|  We absolutely do not get addresses from outside sources, and I keep a log of all users who give us an address(IP address, and external referrer where it exists).

The guy on the support system here gave me some help, but the only useful info he could give me was the message-id associated with the message.  I keep all our SMTP logs which are very detailed, and that message-id is not one we sent out, although the rest of the headers he shared with me look genuine enough.

I'm un-sure what to do next?

Link to comment
Share on other sites

Quote

They do not require confirmation to receive the letter, but they can un-subscribe at any time and I am 100% commited to being a responsible email user.

Those two statements are mutually contradictory, I'm afraid. You should move to a "confirmed opt-in" immediately.

Spam-traps don't hate anyone. They are email addresses made up of random characters that have NEVER been used to send email. They are hidden around the internet as bait for harvester-bots. The ONLY way you can hit one is to send mail to one of those harvested addresses. SO, who has access to your SMTP server? Is it shared? if so it may be the fault of a fellow user. Are you the only one who is meant to have access? in that case, you have been hacked and a spammer is using your server without your knowledge. If you supply the IP address someone on here can look up its reputation and report history for you.

HTH

Link to comment
Share on other sites

You did not say who's spam trap you hit, one of SpamCop's or someone else's.   How do you know you hit a "spam trap" or was your (your shared) IP just reported?

As Derek said, spam trap addresses are hidden, kept secret.  To keep the address hidden, reports of a hit are not provided.

5 hours ago, Tony Cheetham said:

but they can un-subscribe at any time

Of course in the case of unsolicited email, using the un-subscribe, only confirms that someone reads email sent to this address (and more spam will be read).

Link to comment
Share on other sites

Using confirmed opt-in is a good idea. If you're using a sign-up form on your website which blindly accepts email addresses without doing at least some kind of check on the validity of the information provided, you're setting yourself up for trouble. Anyone can enter any rubbish on the form, and if what is entered happens to match someone's spamtrap address, chances are extremely low that a real person will be clicking on an unsubscribe link.

Link to comment
Share on other sites

  • 8 months later...

"Using confirmed opt-in is a good idea. " I agree. But I don't see how it would have helped the OP in this case, from what he is telling us. 

Let's say a visitor enters any rubbish in the form, and, bad luck for Tony, it happens to be identical to a spam trap's address. Tony's page can blindly accept it, in which case he might hit the spam trap at some point. If he verifies it, the typical method is to email the claimed address and wait for the user to confirm that it was entered correctly and in good faith. However, sending that verification mail means Tony hits the spam trap IMMEDIATELY, not when the next newsletter goes out.

Hard to believe the situation is this twisted, so please fill in the gaps if I've missed something.

I suppose the advantage to the verification mail hitting the trap first is that you are mailing to one user instead of the whole list, so connecting the signup to the time of the report you might have a chance to zero in on the bad address. But the damage is done.

Link to comment
Share on other sites

9 hours ago, John Campbell said:

Let's say a visitor enters any rubbish in the form, and, bad luck for Tony, it happens to be identical to a spam trap's address.

The randomish nature of spam trap email addresses makes it extremely unlikely that a visitor would enter the address in the form.

Link to comment
Share on other sites

There are spam traps and there are spam traps, it can depend on how they're set up. Some are email addresses hidden on websites where only web crawlers and nosey people who view the page source would find them. Others, of a different kind of sneaky nature, are based on real email addresses that were once active and legitimate recipients of email but have been disabled or fallen into disuse - these will catch you out if you don't look after your mailing list carefully.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...