Spamtrap

If you use email, you will have come across spam.  An irritant, and something that potentially costs you time and money.  Why, because you and your ISP spend time reading it and money on bandwidth to process it. 

Because spam has a much higher potential to carry malware than regular email, it is no longer just a nuisance, but could have a potentially devastating effect on your systems and business.   Again you and your ISP spend time and money buying and implementing malware detection and removal systems. 

A new addition to the armory are spamtraps.  Simply put, spam traps are dummy email addresses that are not used by any human and therefore receive only spam.   They are employed as a part of an overall anti-spam solution.  They can be unused existing mailboxes, or specifically created to trap spam.  The address owner can use the captured emails to identify spam sources and incorporate them in anti-spam measures. 

One point to emphasize is that managing spam can never be fully automated.  The identification of junk mail is a personal thing, and to be honest a bit hit-and-miss.   One person’s spam might be exactly what another is expecting.  Spammers often hijack real email addresses, making it appear as if an email has been sent from an address you know.   

ISPs can make their best efforts with industry-wide spammer lists, individuals can manage junk email settings and addresses in their email client.  It is inevitable that some email will be incorrectly held as spam and need to be manually verified.  

Email clients typically have spam filters and rule-based processing to filter out potential and actual junk mail. Most provide the opportunity to whitelist valid senders and blacklist known offenders.  But most people still need to check their junk-mail folder to see if any relevant stuff has been moved there by mistake.  How many times have you been asked to check your junk email folder if a mail you expect does not arrive?

Commercial organizations are increasingly moving toward allowing only email from known and approved senders to enter their systems, basically pre-approving and whitelisting correspondents, blocking everyone else, and restricting the type of email attachments that can be used. To learn more, have a look at SPF and DKIM.

The ideal solution would be for your internet service provider to recognize the “from” address as a known spam address and filter it into a junk mail folder before it reaches you.  What they need is a list of known spamming addresses.   They can be bought from commercial organizations who manage and maintain denial lists.  They are always out of date,  probably incorrect and certainly incomplete.   Some ISPs use these lists to block suspected spam.  A necessary part of the service is to allow you to check if any valid mail has been captured.    

Most spam originates in a mailing list.  The spammer creates their email template and sends it off to each address on a mailing list.   Mailing lists are traded on the Internet and are continually updated by robots scanning blogs, websites and the like to harvest email addresses. This is very much a scattergun approach and harvests lots of addresses that are not in use.     There is also an increased incidence of “spambait” websites where a seemingly attractive offer requires you to enter an email address.  You’ve just signed up for spam.  Occasionally, someone will sign you up.   The final category is typos.  Someone types the wrong email address, frrd@example.com rather than fred@example.com

A quick aside - will getting off mailing lists reduce your spam?  Unlikely.  Your address is already out there. Very often an unsubscribe request is ignored and merely confirms to the spammer that your address is a real one. At best a request only unticks the send mail box but leaves you on the mailing list. 

So what do ISPs and corporate email users do?  

Firstly, they only send mail originating from within their own domain.  The days of the “open relay” where an ISP would blindly send all mail it is asked to send or relay from wherever it comes are long gone.  Too many ISPs have seen their mail servers hijacked by spammers sending hundreds of thousands of spam emails. It takes a spammer less than a minute to find and start using an open relay server.

Currently, if you are suspected of sending spam, you will find that most ISPs will block your email, based on the input from the block lists, and from your activity with them.  Send more emails than the limit set by your ISP, and you will first receive a polite warning and have your outgoing emails blocked.   If you persist, you will be blocked and added to the universal block list.   If you use a mail system like AWeber or Mailchimp to send out bulk mailings to customers and prospects you need to discuss the amount of email you intend to send and the frequency of sending it with your ISP.

Another aside.  It is a lengthy and difficult task to remove the block. 

Secondly, this is where spamtraps come in.  

ISPs can add all sender addresses found in spamtraps to their blocking list.  Increasingly, users are being asked to upload the addresses added to the junk-email filters created in their email client to the blocking list. 

It is worth emphasizing that not all mailing list managers generate spam.  If they manage their lists properly and remove addresses on request or on email bounces, then the amount of spam they generate is reduced or eliminated. 

At an individual level, you could create an email alias, and use that address as a spamtrap by quoting it as your primary address when signing onto websites and mailing lists.  A mail client rule would move all mail sent to that address to the Junk folder.   Just remember to check your junk folder. 

The war against spam will continue to be waged. 

Further reading:
Email DeliverabilityEmail SecurityEmail Spam Prevention