Spam Trap the address that exists to catch you

The three kinds of spam trap

Not all traps are created equal. The category tells you something about how the trap got onto your list and how bad the consequences are.

• Pristine traps. Addresses that mailbox providers and outfits like Spamhaus create from nothing and seed across the web (in scraped directories, in honeypot pages, in fake guestbook entries). They have never been used by a human. The only way you got one onto your list is by buying, scraping, or appending data. Hitting a pristine trap is the most damaging signal there is.
• Recycled traps. Real addresses that were abandoned by their owners years ago. The mailbox provider eventually re-purposes them as traps. Hitting these means you're sending to a list that hasn't been cleaned in a long time. Damaging, but not as catastrophic as pristine because at least the address was real once.
• Typo traps. Common typos of real provider domains (gmial.com, hotnail.com, yahho.com). Receivers register these and route them straight to a trap. Hitting these means your signup form isn't validating email addresses, or you're processing data from old CSVs without a sanity pass.

Why one hit can be catastrophic

Spam traps work because they're a high-confidence signal. Bounce rate can be ambiguous (the recipient could have changed jobs); complaint rate can be noise (someone in a bad mood). A pristine spam trap can't be ambiguous. The address never opted in to anything. There's no way to send to it accidentally if your list was clean. So mailbox providers weight trap hits much more heavily than other signals.

At Gmail, anecdotally, a single pristine trap hit on an established domain can drop you from High to Medium reputation overnight. Spamhaus listings can follow. The recovery window is weeks at minimum.

Where spam traps come from (on your end)

The traps were planted by the receiver. They got onto your list because of choices you made. Common entry routes:

• Bought or rented lists. The fastest path to a trap is buying a list. Vendors who promise "100,000 verified B2B contacts" are almost certainly selling lists seeded with pristine traps to detect resale.
• Scraped data. If you scraped emails from LinkedIn, conference attendee lists, or directory sites, you scraped what others scraped before you. The trap operators know this.
• Long-dormant lists. An old list you stopped emailing two years ago will have collected recycled traps as addresses got abandoned and re-purposed. Restarting that list is high-risk.
• No confirmed opt-in. Single opt-in plus a form that doesn't validate the email gives you typo traps and gives competitors a way to sabotage you.
• Append services. "We'll fill in missing emails from your CRM" services pull from the same data sources that contain trap addresses.

How to keep traps off your list

• Double opt-in. Send a confirmation email; only add to the list after the user clicks. This single change eliminates almost all trap-acquisition routes.
• Validate email syntax and MX records at signup. Typo traps are mostly preventable at the form layer.
• Suppress dormant addresses. If a subscriber hasn't opened or clicked in 6 to 12 months, stop sending. They'll either come back via an explicit re-engagement campaign or graduate to suppression.
• Never buy, rent, or append. No exceptions. The economics of list-buying assume the buyer eats the deliverability damage. Don't be the buyer.
• Run hits against known suppression lists. Hashed-suppression services exist for unsubscribes and complainers; use them before sending to anything that touched a third party.

What to do after you hit one

If you're seeing a sudden reputation drop and you can't pin it on a complaint rate or hard bounce spike, a trap hit is the likely cause. The recovery path:

• Stop sending to the segment you most recently added. That's where the trap probably came from.
• Audit the acquisition source for that segment. If it was a bought list, an old CSV, or an append job, suppress the whole batch.
• Slow your overall volume and lean on your most-engaged subscribers for 7–14 days while reputation recovers.
• If Spamhaus listing follows, follow their delisting procedure honestly; don't try to mass-pressure them.

How sendmsg.io handles trap risk

We can't detect a pristine trap before you hit it (nobody can, by design). What we do is catch the slope, not the cliff. Cortex tracks per-segment engagement, hard bounce rate, and complaint patterns in real time. If a new segment shows the signature of a problematic list (low engagement, mid-high bounces, scattered complaint geography), the segment gets graduated throttle and a soft-pause before it can do damage to the rest of your domain's reputation. The principle is upstream: cap the blast radius before the receiver does it for you at much higher cost.

The defence that actually works is the one before send: confirmed opt-in and no bought lists. That's not a sendmsg.io product feature; it's a procurement discipline. We can build the platform to limit the damage when discipline slips, but it can't substitute for the discipline.