Spam traps

Spam traps are email addresses operated by blocklist organizations, ISPs, and anti-spam networks. They're designed to catch senders who don't maintain clean lists. Sending to one is a strong signal that you're either buying lists, scraping addresses, or not removing bounced addresses.

There are two main types:

• Pristine traps — addresses that were never used by a real person. They were created solely to be planted on websites and forums where scrapers would collect them. If you have one, you got it from scraping or a purchased list.
• Recycled traps — old addresses that were once real but were abandoned, deactivated, and then repurposed as traps. If you have one, you haven't cleaned your list in a long time.

The consequences are serious and fast:

• Blocklisting. Your sending domain or IP gets added to blocklists like Spamhaus, Barracuda, or SORBS. Once listed, a large percentage of your emails go directly to spam — not just for the trap address, but for everyone you send to.
• Delisting is slow. Getting off a blocklist requires filing a request, proving you've cleaned your list, and waiting. It can take days to weeks.
• ISP throttling. Gmail, Outlook, and Yahoo independently monitor trap hits. They may throttle or block your domain without telling you.

Spam traps are, by design, hard to detect — they look like normal email addresses. We want to be transparent about exactly what our detection covers and where the limits are.

What we catch:

• Honeypot patterns — local parts that contain explicit trap-like strings: spamtrap, honeypot, blackhole, spam-sink, and similar. These are the most obvious traps, typically found in scraped lists.
• Recycled trap risk — role-based addresses (postmaster@, abuse@, admin@, webmaster@) at ISP and telco domains (Comcast, Verizon, AT&T, BT, etc.). ISPs commonly recycle these abandoned system addresses as traps.
• Known trap operator domains — domains operated by anti-spam organizations like SpamCop, Project Honey Pot, and similar. Any address at these domains is flagged.

What we cannot catch:

• Pristine traps at normal-looking domains — addresses that were never real, planted by anti-spam organizations on scraped lists. These are designed to be indistinguishable from real addresses. No pattern-based detection can reliably identify them because there is no pattern — that is the point.
• Recycled traps at non-ISP domains — abandoned addresses at regular company or personal domains that anti-spam organizations have quietly reactivated. Without a proprietary database of known trap addresses, these are invisible at the validation layer.

When we detect a potential trap, the penalty is -20 points. Combined with other signals (gibberish detection, domain age, abuse patterns), flagged addresses typically score in the "risky" or "invalid" range.

Some providers claim proprietary databases of known trap addresses. We do not have one today — our detection is pattern-based. We believe being clear about what we catch and what we miss is more useful than a vague "99% accuracy" claim that no one can independently verify. Anti-spam organizations intentionally prevent reliable identification of their traps; any provider claiming near-perfect detection is making a claim that cannot be tested.

• Never buy email lists. Purchased lists are the #1 source of pristine traps.
• Use double opt-in. A spam trap can't confirm a signup. If you require confirmation, traps can't enter your list.
• Remove unengaged subscribers. If someone hasn't opened or clicked in 6-12 months, remove them. Recycled traps come from abandoned addresses.
• Verify at signup. Real-time verification catches many trap patterns before they enter your database.
• Clean your list regularly. Run bulk validation every 3-6 months. Lists decay, and decay is where recycled traps live.