The recycled spamtrap

Other common names

Inactive spam trap, reactivated spam trap

What is it ?

Recycled spamtraps are intended to punish "spammers who ignore themselves", i.e. senders who do not regularly maintain their files.

A recycled spamtrap is indeed an email address that really existed, that was probably even collected in the purest respect of the rules, but that was abandoned by its owner for months or even years. And the email service provider has regained control over it, to turn it into spamtrap.

Most often, the ESP passes the address through a deactivation phase, during which the sender is notified of the non-existence of the address (bounce). In most cases, a recycled spamtrap is therefore born this way:

  1. Activity : the email address exists and can receive emails.
  2. Inactivity : the email address does not exist and can't receive emails (a bounce is generated when an email is received).
  3. Wake-up : the email adddress is recycled into a spam trap.

But unfortunately, this is not always the case. By cross-referencing and advanced analysis of our server logs, we have already identified recycled spamtraps with a more pernicious origin, based on the following life cycle:

  1. Activity : the email address exists and can receive emails.
  2. Sleep : the email address is no longer used but it still exists and therefore does not generate a bounce when an email is sent.
  3. Wake-up : the email adddress is recycled into a spam trap.

These cases are much less frequent but formally confirmed on addresses managed by Microsoft (domains @hotmail.*, @msn.*, @live.* and @outlook.*)

Maintaining your address files therefore implies a rigorous cleaning of the bounces, but also a regular elimination of non-reactive addresses (those that never open your messages).

The duration of the inactivity and/or sleep phases before recycling into spamtrap varies between operators. However, it seems universally accepted that an address cannot be recycled into spamtrap less than 12 months after its activity phase.

Variant: recycled domains

Some security solution providers, such as Trend Micro, buy back domain names that have existed and then been abandoned, in order to give them a second life, and use them as trap domains. 

How to protect yourself against it?

As mentioned above, cleaning the bounces is imperative. This operation is automatically performed by OxiMailing, which feeds your NPAI list according to the rejection notifications generated by your campaigns. The 360° view available in OxiMailing allows you to easily extract the list of openers for all campaigns, and thus to get rid of non-reactive addresses.

However, all this requires that your address files are regularly routed in their totality, at least once a year, in order not to miss the inactivity or sleep phases of an address or domain. It is essential to avoid "digging up" a file or portion of a file that has been set aside for more than 12 months. This is excessively dangerous, not only because of the resulting bounce rate, but also because of the high risk of recycled spamtraps. After 18 months of inactivity, the file must be considered totally obsolete, and the idea of putting it back into service must be definitively abandoned.


Other types of spamtraps

 The typo trap

 The primitive spamtrap


 Back to the summary



Tags: spamtrap

Chuck Norris has counted to infinity. Twice.