Recycled spamtraps

Spamtraps strike fear into the heart of senders. They’ve turned into this monster metric that can make or break a marketing program. They’ve become a measure and a goal and I think some senders put way too much emphasis on spamtraps instead of worrying about their overall data accuracy.

Recently I got a question from a client about the chances that any address they were currently mailing would turn into a recycled spamtrap. Assuming both a well behaved outbound mail server and a well behaved spamtrap maintainer the answer is never. Well behaved spamtrap maintainers will reject every email sent to one of their spamtrap feeds for 6 – 12 months. Some reject for longer. Well behaved mail servers will remove addresses that consistently bounce and never deliver.

Of course, not everyone is well behaved. There are maintainers who don’t actively reject mail, they simply pull the domain out of DNS for years and then start accepting mail. Well behaved mail servers can cope with this, they create a fake bounce when the get NXDomain for an address and eventually remove the address from future mailings. There have been cases in the past where spamtrap maintainers purchase expired domains and turn them into spamtraps immediately. No amount of good behaviour on the part of the sender will cope with this situation.

On the flip side some MTAs never correctly handle any undeliverable address when the reason is anything other than a direct SMTP response. Generally these are built on the open source MTAs by people who don’t realise there are mail failures outside of SMTP failures.

There are three general cases where recycled spamtraps will show up on a list.

  1. A list has been improperly bounce handled.
  2. An address has not been mailed for more than a year.
  3. Someone signs up an address that’s a recycled spamtrap (same as how a pristine trap will get added to a list)

ESPs have to worry about recycled spamtraps in another common case. A new customer brings over a list and decides to retry addresses that their previous ESP marked as bounced. (It happens. Regularly.)

Recycled addresses are a sign that there is a problem with the long term hygiene of a list. As with any spamtrap, they’re a sign of problems with data collection and maintenance. The traps aren’t the problem, they’re just a symptom. Fix the underlying issue with data maintenance and traps cease to be an actual issue.

Related Posts

Incentivizing incites fraud

There are few address acquisition processes that make me cringe as badly as incentivized point of sale collection. Companies have tried many different ways to incentivize address collection at the point of sale. Some offer the benefit to the shopper, like offering discounts if they supply an email address. Some offer the benefits to the employee. Some offer punishments to the employee if they don’t collect addresses from a certain percentage of customers.
All of these types of incentive programs are problematic for email collection.
listshoppingcart
On the shopper side, if they want mail from a retailer, they’ll give an address simply because they want that mail.  In fact, asking for an address without offering any incentive is way more likely to get their real address. If they don’t want mail but there is a financial incentive, they’re likely to give a made up address. Sometimes it will be deliverable, but belong to another person. Sometimes it will be undeliverable. And sometimes it will be a spamtrap. One of my delivery colleagues occasionally shares addresses she’s found in customer lists over on her FB page. It’s mostly fun stuff like “dont@wantyourmail.com” and “notonyour@life.com” and many addresses consisting of NSFW type words.
On the employee side there can also be abuses. Retailers have tried to tie employee evaluations, raises and promotions to the number of email addresses collected. Other retailers will actively demote or fire employees who don’t collect a certain number of addresses. In either case, the progression is the same. Employees know that most customers don’t want the mail, and they feel bad asking. But they’re expected to ask, so they do. But they don’t push, so they don’t get enough addresses. Eventually, to protect their jobs, they start putting in addresses they make up.
Either way, incentivizing point of sale collection of information leads to fraud. In a case I read about in the NY Times, it can lead to fraud much more serious than a little spam. In fact, Wells Fargo employees committed bank fraud because of the incentives related to selling additional banking products at the teller.

Read More

Organizational security and doxxing

The security risks of organizational doxxing. 
These are risks every email marketer needs to understand. As collectors of data they are a major target for hackers and other bad people. Even worse, many marketers don’t collect valid data and risk implicating the wrong people if their data is ever stolen. I have repeatedly talked about incidents where people get mail not intended for them. I’ve talked about this before, in a number of posts talking about misdirected email. Consumerist, as well, has documented many incidents of companies mailing the wrong person with PII. Many of these stories end with the company not allowing the recipient to remove the address on the account because the user can’t prove they own the account.
I generally focus on the benefits to the company to verify addresses. There are definite deliverability advantages to making sure email address belongs to the account owner. But there’s also the PR benefits of not revealing PII attached to the wrong email address. With Ashley Madison nearly every article mentioned that the email address was never confirmed. But how many other companies don’t verify email addresses and risk losing personally damaging data belonging to non customers.
Data verification is so important. So very, very important. We’ve gone beyond the point where any big sender should just believe that the addresses users give them are accurate. They need to do it for their own business reasons and they need to do it to prevent incorrect PII from being leaked and shared.

Read More

It's not about the spamtraps

I’ve talked about spamtraps in the past but they keep coming up in so many different discussions I have with people about delivery that I feel the need to write another blog post about them.
Spamtraps are …
… addresses that did not or could not sign up to receive mail from a sender.
… often mistakenly entered into signup forms (typos or people who don’t know their email addresses).
… often found on older lists.
… sometimes scraped off websites and sold by list brokers.
… sometimes caused by terrible bounce management.
… only a symptom …

Read More