Catch More Spam with Zombies
by J.D. Falk
Director of Product Strategy, Receiver Services
On the Word to the Wise blog this week, Laura Atkins just finished publishing a series about zombies — not zombie computers or zombie blacklists, but zombie email addresses. These are once-valid addresses which have been literally abandoned by their users, yet remain on marketers’ subscriber lists more or less forever. In the past, abandoned mailboxes would eventually fill up, resulting in error replies to delivery attempts; now that storage with the most popular mailbox providers has become more or less infinite, that hardly ever happens anymore.
In the comments for part 2 of Laura’s series, there’s a bit of a debate about abandoned addresses being turned into spam traps. I can’t remember where or when I first heard of this method, but I recall using it myself around 2003 — and chances are pretty good that the mailbox provider I worked for at the time is still using those same traps. I can clearly remember the shock that went through the room when a colleague mentioned the practice at a conference a few years later. That same surprise is evident in the comments today; it’s clear that for some segment of the community, there’s a lot of fear, uncertainty, and doubt regarding spam traps. This may be exacerbated because, for those of us who operate spam trap networks (or want to), there’s very little in the way of published best practices.
Some research we’ve recently undertaken here at Return Path reveals that spam trap addresses are chosen in a myriad of ways, often depending on what type of spam the operators are trying to catch.
To catch bot spam, recycled addresses or domains often work best. These are addresses or domains which once belonged to a real, active user, and then were abandoned — the “zombies” of Laura’s articles. The spam trap operators we spoke to all agreed that it’s best if the address or domain reject all mail (550 user unknown, or similar) for a period of months or (preferably) years before being recycled as a spam trap.
If you’re operating a spam trap network with a “one strike and you’re blacklisted” policy (which we don’t recommend), you need a very clean mail stream — no recycled addresses at all, no matter what. Chances are, you’ll also have to “seed” the addresses in various ways, to make sure they get picked up by the spammers.
Many B2B spammers still use web scrapers and other address harvesters (which is illegal under CAN-SPAM & other laws), so to catch them you can seed addresses on blog comments or business-related web forums. (I suspect that some of the comments we get on the Return Path blogs are actually address seeding.)
It’s worth clarifying (particularly in light of the comments on Laura’s article) that we’ve never heard of any mailbox provider turning all abandoned accounts into spam traps. Most accounts eventually fade away, according to local longevity policies. And even when an address or a domain does get recycled into a spam trap, it’s only after mail has been rejected with a 500 series SMTP reply for what the operator considers to be a sufficiently long period of time — the shortest I’ve heard of is six months. They’re trying to catch spammers, not to punish legitimate marketers, quiet discussion lists, or users with typos in their address books.
We’ll publish more of our spam trap research in coming months, including statistics taken from our own trap networks.
What’s worked for you? What hasn’t? Any crazy ideas you’ve been pondering? Let us know in the comments.