Earlier this month I spent a week in sunny Toronto for the Fall M³AAWG meeting, featuring a variety of sessions and conversations around all things anti-abuse. At any industry event like this, spam traps are usually a popular topic of discussion (check out this post for a primer on spam traps and why they matter). Senders want to know how to avoid or get rid of them, while many blacklist operators consider them a necessary evil to help identify poor sending practices. One of the most hotly-debated questions regarding spam traps surrounds how to remove them from your list. Many senders and solution vendors claim to be able to identify and remove spam traps, while trap operators go to great lengths to keep their traps anonymous. Let’s look at a couple of the most commonly-cited ways of identifying spam traps and how effective they really are.
List Validation & Hygiene Vendors
As mailbox providers have made it harder to reach the inbox, list hygiene services have become a booming segment of the industry. While some employ dubious methods, even prompting a warning from Spamhaus, there are a number of services that are considered reputable and are commonly used by legitimate marketers and even ESPs. For our discussion, let’s focus on these more reputable vendors.
As a basic rule, list validation services will take your file of contacts and provide a grade or score for each record. The data will indicate whether the email address is confirmed valid, confirmed invalid, or somewhere in between. Most of these vendors claim (some more prominently than others) to be able to identify spam trap addresses. Therefore, if you believe or know you have traps in your list, you should be able to purchase these services and solve your problem, right?
Not so fast, hot shot. Spam traps are secret by nature – if you know an address is a spam trap, then it has lost its effectiveness. As a result, trap operators make efforts to ensure traps are not identified by any outside party, including validation services. The traps identified by these services may have been actively used in the past, but at this point have likely been abandoned by their operator. Even those traps that are still in use would represent only a fraction of the spam traps that exist in the wild. So you may clean a few traps off your list, but you’re not going to solve any major spam trap issues using one of these services.
Effectiveness grade: F
Segmentation and isolation
Over the years I’ve run across many senders (and even some vendors) who believe that identifying spam traps in your list is as simple as pinpointing the time of the trap hits and/or the affected message(s) and/or the group that contains the traps. These senders will often slice up affected lists, sending to smaller and smaller segments of contacts until they have isolated a very small number of records that are, or may be, traps. They can then remove these bad apples from the list and go on sending willy-nilly to the rest of the recipients.
In reality, there are a couple of problems with this approach. First, most trap operators or blacklist admins aren’t going to provide you with the type of data that is required for this process. If you are considered a relatively trustworthy sender, you might get very limited data about trap hits – a date or a subject line, perhaps – but this is almost always just a sample of the full data set. If you get details on a single trap hit, there are likely 10 or 20 or 100 more hits that you can’t see. Trying to narrow down your list based on incomplete data is not likely to generate accurate results.
Effectiveness grade: D
Nullification
Similar to the previous method, this process involves using data provided by the trap operator to isolate and remove affected recipients. This is most often implemented by senders who use highly targeted segments and who may be sending to only a few dozen or hundred recipients at a time. Because of the small segment size, the sender often finds it more appealing to simply remove the entire list that was targeted on the specific day or with the specific message identified as hitting traps.
While removing the entire recipient list could be a slightly more effective solution, this method suffers from the same deficiency as the last: lack of data. This method is only effective if the trap operator provides the full list of trap hits with timestamps – which is extremely unlikely. So even if you suppress the list of recipients called out for one hit, you are likely to be missing the lists that contain additional traps. .
Effectiveness grade: C-
As you can see, none of these methods are especially effective at resolving spam trap issues, and it’s for a simple reason: they address the symptoms (spam traps) instead of the underlying problem (poor list acquisition or hygiene practices). Many trap operators will recommend reconfirming your contact database, the only truly effective method to remove spam traps from your database. However, you’re likely to lose some valid recipients in the process so most senders will only do this as a last resort. We’ve found that a better solution is a hybrid approach that includes both engagement and confirmation elements.
Engagement-based list cleanup
One fact we know about spam traps is that they don’t open email (with very few exceptions). As such, excluding recent openers and clickers from your confirmation efforts will help minimize potential losses to your list. Once you’ve identified those recipients who haven’t engaged in the past 6-12 months, you can temporarily suppress them from further mailings, then send them a confirmation request. Those who engage with the confirmation request can be returned to your active mailing list, and the rest should remain suppressed.
Effectiveness grade: A
It’s nearly impossible to isolate and remove spam traps from your database, so it’s best to stop them from getting there in the first place. Getting clear permission for all new recipients and using an engagement-based list hygiene process can all but eliminate the risk of spam traps in your list and make sure you never need to put these methods to the test.
– BG
Earlier today, VMG (the mailbox provider formerly known as Oath) announced 
In other blacklist-related news, it appears the Spamcannibal blacklist has shut down. The domain (don’t go there, really) now presents a number of nefarious redirects instead of the blacklist content. No official announcement has been provided, but the Spamcannibal list was considered among the less-reliable blacklists by many in the industry. If the shutdown is permanent, the impact is likely to be minor as the list was not widely used for inbound mail filtering.
