In my previous post I was explaining how to check if your IP is listed in Blacklist. If you missed it please click here.
Today I want to talk about how actually those Black List providers know that someone is sending spam.
Usually most of the smaller RBLs are just querying the database of the big guys for the latest results and findings. But someone actually is making a decision if certain IP address is the source of spam.
As you already guessed from the title they are using SPAMTraps.
Basics
The term SPAMTrap consists of two words “spam” and “trap”. It is the analogy with the hunter who are using traps to catch wild animals. Spam analyst use spamtraps the same way as hunter to identify the sources of unsolicited email.
SPAMTrap types
- Classic SPAMTraps
- Message-id SPAMTraps
- Dead email addresses SPAMTraps
- Typo addresses SPAMTraps
- Seeded SPAMTraps
- Live SPAMTraps
Let’s briefly go over each of them.
Classic SPAMTraps
Are the email addresses which were never intended to receive emails. Sometimes this are addresses which catch all emails at the domain or they are created/enabled after the domain owner is analyzing the rejection logs. This type of traps tells the trap owner that someone is randomly creating email addresses or is obtaining/buying list from someone who is. Classic SPAMTraps are extremely useful in identifying who is sending email without permission.
Message-id SPAMTraps
This type of email addresses are obtained by scraping. A lot of address scrapers are looking for strings which contain “@” sign. Among the real email addresses they also are getting the message-ids. Some malware also scrapes email addresses as well as the message-ids from infected machines. As this type of email addresses are never entered by user it tells to the trap owner that sender is either scraping the addresses or obtaining/buying list from someone who is. All emails sent to this type of traps is pure spam.
Dead email addresses SPAMTraps
This type of email addresses were valid at some point. Then they were disabled for more then a year and then enabled again as a spam traps. Dead email addresses SPAMTraps mostly tell the trap owner that sender is using poor practices as the senders who are not buying emailing list and are removing bounces will not hit these traps.
I must mention that email senders who hit this kind of traps are not necessarily the spammers. It might be old correspondents who still tries to send a legit email messages. This makes pretty overwhelming for trap owner to identify/analyze/define whether the sender who hit the trap is not a spammer.
Typo addresses SPAMTraps
These are domains which are very similar to common well known email domains. Emails sent to this type of traps are usually legit email messages.
For the trap owner it very problematic to separate the spam from real correspondence.
Seeded SPAMTraps
This type of SPAMTraps are email addresses that are seeded in various places.
Usually they are hidden on websites and tells the owner that sender is scraping the address or is buying the list from someone who is.
This kind of traps are very useful for identifying who is sending email without the permission and who do not care about unsubscribe requests.
Live SPAMTraps
These are the addresses which belong to real users and owners are making blocking decisions based on the spam they receive.
Usually this addresses are never used to sign up for commercial mail. But if they receive commercial mail it is definitely spam.
As you can see each type of the SPAMTrap tells its owner that sender is sending emails to people who did not asked to receive the email.
To sum up I want to say that most of the SPAMTraps can receive legitimate email messages and it all depends on the trap owners honor and scrupulosity.
Thanks a lot for reading.
If you have any questions please leave them in a comment section below.
