The Anatomy of a SpamTrap

The Anatomy of a SpamTrapIn one of my previous blogs, I mentioned how old emails can eventually be turned into a ”spamtraps” email addresses. To some this may be a foreign term, so I thought that this would be a good topic to discuss this week.

So what exactly is a spamtrap? Simply put, it is an email address designed only to receive spam. It is not meant to function as a regular email address, meaning that the owner of such an address will never use it to solicit email communications, and thus any email received by that spamtrap will be immediately be considered unsolicited.

There are a number of ways spamtraps work. In one scenario, just as a fur trapper will lay out traps for animals, owners of spamtrap addresses will publish these secret addresses in hidden locations on the Web. This enables mechanisms such as email harvesters or ”bots” to find the email. No legitimate sender would ever be encouraged to send email to a spamtrap.

You might ask, ”if spamtraps are so secret and so hidden, how does one it end up in my contact list when I’m a legitimate sender and don’t harvest email addresses?” The other way spamtraps are created is from old, abandoned email addresses that were valid at one time. Here’s an example.

Back in 2002, I created a new email address at Yahoo which we’ll say was I used the address for awhile, but decided a year later to switch to a different email address. After abandoning my Yahoo account, Yahoo temporarily disabled my account after a certain amount of time. Eventually, Yahoo permanently deactivated the email address, thus resulting in a hard bounce if someone tried to email it. However, after about 18 months in this state, Yahoo again reactivated that account – not for me, but now as a spamtrap.

Yahoo and other ISPs use this tactic as a way to identify senders that use poor list hygiene practices. They will also sometimes use old, outdated domains as spamtrap domains. For example, back in 2001, AT&T Broadband subscribers were given the email domain AT&T eventually deprecated, or retired that domain, and today subscribers have email addresses that end in As AT&T no longer uses the domain for legitimate communications, they could consider any email sent to that domain as unsolicited.

So, that is essentially how spamtraps are created and used. Hopefully an email ”moral” can be gained from this information, or in other words:

  • Remove old emails. If you have emails in your list that are over 2 years old, chances are you may also have spamtraps
  • Track who is opening and reading your messages. If you are sending to a subscriber that hasn’t opened or read an email in more than 6 months, most likely they are not interested in your message, and even worse, they could be a spamtrap.
  • Be extremely careful when purchasing email lists – better yet, don’t buy them at all. There is no way to verify (other than the word of the list owner) how old an email address is.


Jaren Angerbauer
Director of Deliverability
Drink Responsibly, Drive Responsibly, Email Responsibly


5 Responses

  1. Jacqui says:

    I will be sharing this blog with current and future clients – very useful email managment advice.

    As always, even as an mobileStorm employee, I learn something useful about the digital marketing realm via our blogs.

  2. Eydie says:

    Sometimes people have a friend's old email address still sitting around (it remains in an Inbox or Outbox, for example). Sometimes the email addy in question uses an old domain, such as your example. When they try to do a search to find that friend's email address, they might come across the old one, and send that address a message.

    In either case, Jaren, would the legitimate sender be put on some kind of spammer watchlist, for having sent messages to this old/outdated address?

    I ask because I have an old email that I don't often use, but it's still a good repository for business-related senders whose messages only ocassionally are imporant–and so I I don't want them clogging up my other addys. In this case, the address hasn't been abandoned, but the domain name has changed (even though the old domain name works).


  3. Jaren Angerbauer says:

    Hi Eydie,

    Even though you are still using the old domain, you are still using the email address, and as such not an issue at the ISP level. The problem arises when senders send to invalid emails at an old domain. This "double whammy" will definitely send red flags up at the ISP.

    Let me know if that answers your question. Thanks.

  4. tinagleisner says:

    Thanks for a better description that I've been able to piece together on my own.

Leave a Reply

Your email address will not be published. Required fields are marked *


Choose your Industry

Select your industry to view the many features and services we provide for organizations like yours: