The Spamhaus Project


Unravelling the myths of spamtraps clicking links

Unravel the myths of spamtraps clicking links and learn how to leverage these metrics to better understand your deliverability problems.

by Tom BartelNovember 01, 20236 minutes reading time

For digital marketers, spamtrap opens and clicks present a consistent challenge to email deliverability and reputation. And despite their good intention, they are perceived only to wreak havoc with engagement metrics. But are interactions on spamtraps the real problem? We know the issues run much deeper. Join Validity‘s Tom Bartel and Melinda Plemel from Spamhaus Technology to unravel the myths and uncover the truth about spamtraps clicking links.Did someone say spamtrap? Where?! Yes, spamtraps are feared by most marketers today. Not only because of the threat of having your IP blocked if an email hits multiple traps, multiple times, but also because of the perceived interference they cause with campaign metrics – opens and clicks. Unfortunately, we believe that much of the ‘spamtrap-clicking’ fear stems from the continued degradation of email performance signals for senders. For example, Apple’s Mail Protection Privacy (MPP) was designed to protect consumers by masking their IP address, yet MPP brought with it the so-called death of the open rate, further blurring a previously relied upon metric. And it’s the knowledge of the degradation of the open rate as a metric that fuels the fear of spamtraps clicking links today, foreboding the additional loss of clicks as a useful performance metric.

With the growing deployment of tools to protect receivers from malicious activity, marketers are left questioning their shrinking pool of signals. But are spamtraps and other tools taking the blame for poor deliverability practices?

The first rule of deliverability

When dealing with deliverability challenges, the first rule to remember is that it is not about you as the sender. It’s about spam, miscreants, and the email-borne threats that mailbox providers and other receivers continue to battle. Spam is as prevalent as ever, which means protecting mailboxes and providing a clean and safe inbox experience is their primary focus. But what does it mean for senders?

The truth about opens and clicks

Over the years, deliverability challenges and reputation signals have become increasingly complex for the sender. Email signals, which were once straightforward indicators of recipient engagement, have evolved.

In the early days, the open rate was a very simple and direct recipient signal. But spammers ruin everything; requiring mailbox providers to introduce anti-abuse protection, performance optimization and consider consumer privacy implications. Where the open rate metric was once a reliable tool for diagnosing campaign performance, it has become blurred and perhaps even unusable as a measure of campaign effectiveness.

Similarly, clicks were once a relatively pure signal for measuring campaign success. Yet, due to the volume of emails that systems have to protect users from – spam, phishing, and malware – they are forced to identify and investigate malicious links. This further adds to the devaluation of clicks as a metric for campaign performance. The question remains: ‘Do marketers need to worry about spamtraps?’

Spamtraps are not the problem

Most spamtraps fall into three categories: typos, recycled and pristine. As it sounds, typo spamtraps are email addresses with a misspelled domain name similar to legitimate mailbox provider domains. Recycled spamtraps are email addresses that were once valid but are now no longer used. Although they make up the majority of spamtraps, they are of less concern when it comes to spamtraps clicking links.

Pristine traps are a different story. Designed to catch specific abuse, they are typically utilized by researchers undertaking detailed investigations. These are incidents where an email should never have reached its destination, which will undoubtedly have suspicious links. These are also email addresses you do not want in your database. And yes, there could likely be a click. Researchers will investigate every detail to determine whether the emails sent to these essentially fake email addresses are malicious – including links. Nevertheless, this category of spamtrap represents a small percentage overall and should not interfere with data analysis and campaign performance.

In fact, spamtraps can be an invaluable tool for deliverability specialists. In their various forms, spamtrap metrics are indicators of overall list hygiene. By embracing these signals as pathways to investigation, senders can identify the real problem rather than merely addressing the symptoms.

What is the real problem?

In an ironic twist, the second rule of deliverability is that it IS actually all about you: the sender. Ultimately you are measured by your behaviour, and despite any opens and clicks generated by spamtraps during investigations of malicious activity, high rates of spamtrap hits are a strong indicator that you have a list acquisition and or hygiene issue. Don’t blame the signal. And don’t discard the signal due to minimal “non-human interaction”. Instead of wasting hours, days, weeks hunting for spamtraps, stop and use the signal to identify any flaws in your process that are allowing spamtraps into the system.

More importantly, you need to go back to the deliverability basics. It’s about permission and expectation for recipients, delivering on that promise, and not over sending!

Consent is the single most impactful step senders can take. And to be clear, when we say consent, we mean, “freely given permission, with an affirmative action taken by recipients to confirm they opt-in to receive email communications from a sender”.  We recommend following M3AAWG’s sender best practices for obtaining Confirmed Opt-In (COI):

  1. End user provides their email addresses to the sender.
  2. A confirmation message is sent to recipient informing them they must take action to complete their subscription, such as clicking a link or replying to the email.
  3. The recipient must take the prescribed action, such as clicking a link or replying to an email, to confirm they consent to receive future messages before any subscription messages are sent to them.

By employing COI, you can have confidence in the quality of the data entering your system. Where you have a database that has fallen into a state of disrepair – no sunset policy, poor bounce management – use tools to refine your data. Such tools may include list validation or a permission pass campaign to reconfirm opt-in status for your contacts.

Maximise all deliverability signals

There is value in every deliverability data point you have at your fingertips. And while it’s true opens, clicks, and other deliverability signals have become blurred, when viewed holistically with all deliverability data points, they still provide valuable insight – including spamtraps. Instead of fearing spamtrap opens and clicks, leverage them as a signal for investigation to better understand the root cause of your deliverability problems.