Spam traps – what you need to know | dotdeliverability series part one

dotmailer deliverability series, part one – Tom Corbett, our lead on Best Practice and Deliverability is back to kick off another blog series, dedicated to helping your marketing emails get to the inbox.

Deliverability tends to keep email marketers up at night more than any other topic. This is down to the fact that it is a bit of a black box, so what better subject to create an entire blog series around? In our first instalment, we’ll look at one of the biggest bugbears of the email marketer, and one the biggest drivers of poor sender reputations – the spam trap.

What are spam traps?

In short, a spam trap is a ‘honeypot’ – an email address that is never used to opt-in to commercial emails but used solely to collect unsolicited emails, marking the sending IP, message content or volume of any email it receives as spam. This information is then passed onto a variety of spam filtering systems.


Why is this bad?

Getting flagged by a spam trap can lead to having your IPs blacklisted, lower sender reputation and ultimately not getting your emails to your recipients. The knock on effect is fewer opens, fewer clicks and unltimately fewer sales. If you’re hitting a spam trap, it’s a sign that you are emailing people who didn’t actively sign up to your email list.

How do I know if a spam trap is on my lists?

If you know the provenance of every email address on your list, which means each and every person has actively opted-in and you have never purchased data, used partner data or let any other third party (such as ssales people) upload data into your email database then you are probably fine. Without continually monitoring you list acquisition processes and looking at your list behaviour (i.e. address, IP, engagement per account, etc.) you’ll never really know if you’ve picked up a SPAM trap.

Required Reading: Check out our friend Laura Atkins’ definitive guide to all the different spam traps.

How do they end up on marketing lists?

A spam-trap very rarely has someone actively managing it, or submitting it (maliciously or otherwise) to an email list – so how did they get on your list?

Data Purchasing

Purchased lists are still the biggest cause of being caught in a spam trap by legitimate email marketers. Companies often buy in a tonne of data in the hope of substantially increasing their brand reach for a specific campaign. Aside from being very cold, the marketer has no idea how these addresses were collected. Frequently, these emails are scraped or harvested from forums and webforms by bots, with no quality assurance as to whether these emails are actually owned by human beings or not. Some spam traps are purposefully seeded in known harvesting ‘hotspots’, in order to capture errant harvesters.

Poor List Hygiene

Often, a spam trap might exist under an entire domain – that is, an address that was never assigned, under a domain that accepts all incoming email regardless of address. An address could even exist as an expired email address, that’s been reactivated as a spam trap. Another common technique for developing a spam trap is using address and domain typos.

Not updating/maintaining your suppression list

A suppression list, is far more effective for maintaining a clean data list, versus just deleting records, given that it removes a lot of the ‘human error’ factor in signing up or re-subscribing potential spam traps. A common error happens however, when migrating between email service providers – the suppression list is left behind, and when that company starts emailing on the new platform, all of those old addresses will start receiving again.

clean up

Mitigating traps

The best cure has always been prevention. Stop spam traps making their way onto your data lists in the first instance.

Duty of care

If you’re going to buy your data, observe your duty of care – make sure the list has contextual relevance to your company, and obtain assurances from the owner that the list was collected properly and opted-in to receive third party data.  These assurances should be further backed up by spot-checking the process and asking for examples of the data capture and privacy statements throughout the life of the list.

If you are a dotmailer user, make use of our Watchdog and Global Suppression List to identify and quickly discount bad data before paying for it.

Better Collection

Web forms are still by far the cleanest, and smartest way to collect email addresses. We’ve written two blogs on the best tactics that marketers should look to use when setting up webforms:

In addition, look to other touch points where you can exchange an online experience for an email such as a social login requirement in order to comment on a blog article, a log-in to access specific content or email capture to access free Wi-Fi.


Confirmed and double opt-ins

Currently many sign-up forms and ‘new subscriber’ widgets automatically will send a confirmation email to new registrants, to let them know they’ve subscribed and offer an unsubscribe link. This is known as a confirmed opt-in, and just makes sure that the email address is valid, prior to adding to a list.

A double opt-in is the next level up, and asks for a user action – usually a link click – to confirm the user’s identity and activity on that account. Aside from these methods targeting only the people who really want to hear from you, it reduces the likelihood of malicious bots (or people) entering spurious email addresses (and thus reduced bounced sends), and few overall spam complaints.

dotmailer clients can read how to create a double opt-in here.

Honey, I think I’ve got traps

You’ve been stung, and it’s come in the form of a CAN-SPAM or blacklist notification. So now what?

Audit your database

Reconfirming your entire database can be a costly exercise, especially if you’ve already had your sender IP blacklisted. Consider segmenting your database and contextually reconfirming your list in small, targeted conversations. It may be painstaking, but going address to address in many cases is the only way to ensure a clean list.


When in doubt, take a leaf out of Windows Recovery mode and ‘go back to the last known working configuration’. That is, if a massive change occurred recently to the database, such as an influx of new subscriptions or a new purchase of data, strip them out, and scrutinise.

Beg Forgiveness

If you’re caught, own up. ISPs and anti-spam services such as Norton, Symantec, Hotmail/Outlook place the burden of duty upon the sender, in proving that they did everything in their power to ensure they were consensually emailing legitimate opt-ins, and if there was a problem, the sender did everything in their power to rectify – including binning bad data that you may have paid a lot of money for. A conversation with a spam-trap operator or ISP can be a long and drawn out process, especially when looking at having your reputation reinstated. Metaphorically speaking, your company may be on ‘bended knee’ for a long time.

Moral of the Story: Make sure your data is clean, first time around!

In our next issue of the deliverability series, we’ll be looking at the Global Suppression List – what it is, and how it can help your business maintain clean databases. logo