Your guide to spam trap cleaning services for email lists

Green envelope on a white envelope background.

Ever wondered how a spam trap cleaning service works?

It’s simple. Think of it as an automated cross-checking process from one list to another.

The email address that’s being checked is cross-referenced against domains / IP addresses or email addresses that are known to be spam traps, spam senders, or associated with reporting incoming mail as spam. Depending on the capacity of the infrastructure used to make the check, the cross-checking will take place in just fractions of a second.

Attention gets paid to 'triggering a spam trap' but in reality it's not spam traps that are the problem. It's malicious spam trap activity. At Email Hippo, advanced cleaning takes place too, to use heuristics and other techniques to detect domains that are associated with malicious spam trap activity. (See article links below for more information about malicious spam traps).

Spam trap traffic helps build black lists

Blacklist definition for malicious spam traps

Public lists name and shame mail server IP addresses and/or domains associated with sending spam. These lists are referred to by systems managers, subscribers and applications like ours that have a specific, automated need for staying up to date.

On the lists, each entity is identified by an IP address and / or an email address. That data creates a unique reference that acts like a fingerprint for a mail server when it goes online. There are a number of sites that collate lists of spam-sending entities. Spamhaus is the most well known and established of these sites.

There is no universal classification of ‘what is spam’

The IP addresses and email addresses on these blacklists change all the time. That’s because lists are maintained by multiple organisations and individuals, who have different views on what is spam. There isn’t a single, universal standard so there are different criteria for getting on to lists. Criteria include the speed and number of emails or server requests sent and spam reports filed, whether the server is set up securely, or even spam reports in a specific country that result in a ‘country block’ for an IP address.

We refer to a list of known spam traps and cross-check the email addresses you submit for checking with the details on blacklists. We also carry out advanced checks to determine whether an email address is associated with malicious activity. If we get a match, we’ll flag it as a ‘spam trap’ and where relevant, provide more detailed classification about the reason why.

As spam trap email addresses aren’t static, it stands to reason that the IP addresses accused of sending to them change too. That’s why it’s important to verify email addresses frequently, and remove old and dormant emails from your data.

Getting listed and removed from a blacklist

IP addresses appear and disappear from blacklists, depending on the list and what triggered their inclusion on it. Having an occasional recipient mark your email as spam is highly unlikely to result in a spam-listed IP address. Sending high volumes of emails that result in rapid and numerous spam reports may result in your IP being listed.

Generally speaking, it’s possible to have any genuine, good-intent IP address removed from a blacklist, by contacting the list manager and going through their processes to assure them you aren’t a serial spammer. This might include improving the security of your server as you may be on a list due to being vulnerable to cyber attacks.

There are a small number of exceptions to the general IP blacklist way of working. We think of them as malicious spam traps and have written a couple of blogs about these (see links below).

Malicious spam trap activities

In a nutshell, the majority of spam trap blacklists are lists maintained in good faith to make the internet a better place.

Ironically, a handful of lists actively harvest IP addresses, hold them to ransom and charge for removal. We think the threat of innocently having your IP address added to one of these malicious blacklists is a genuine nuisance and a disturbance to 'business as usual.'

That’s why we identify domains associated with malicious spam traps, call them out as known spam traps and also give additional information that identifies the trap owner. It’s important that you don’t mail malicious spam traps and that you clean email addresses associated with them from your lists.

Further reading;

Malicious spam traps: UCE Protect,  Email on Deck and MagicSpam

Download our free guide to spam traps

Static email list checking service using CORE from Email Hippo and a realtime email validation using the Email Hippo MORE API.

 

What To Read Next

Email Hippo shortlisted for Tech South West logo
Auth0 and Email Hippo logos on a crowd scene background Auth0 logo is the property of Auth0.
Illustration of the DNA of Email Hippo Trust Score.