Typo Traps



The worst blocklist to be on has always been one run by Spamhaus.

Up until fairly recently Spamhaus spam traps were only scraped traps. Addresses which never sign up for anything but sit on web-sites waiting for bots to scrape them then spam them. This was primarily B2B addresses.

Then two years ago, just before Christmas, Spamhaus woke up a load of zombie addresses as traps, they have since been known as “Zombie traps”, or “recycled traps”.

These are address that have been dormant for over 10 years and have probably been spammed from all angles for at least 5 of them. It seemed that in January 2011 Spamhuas just flicked a switch and anyone who hit them was blocklisted. This was primarily consumer addresses.

This Christmas Spamhaus activated a bizarre new type of Spamtrap: “Typo traps”.

These were simply any address at a few spelling variations of common consumer domains, eg: “ynail.com” instead of “ymail.com”.

This was first publicised when popular clothing chain “Gap” appeared on a Spamhaus list.

Even more notably, the listing did not actually cause any blocks, even though it was a dreaded Spamhaus block.

This was because Spamhuas listed their “zero IP” and not any address that would actually send an email.
This is the first time Spamhaus have activated a notification block like this. It may have been due to the ambiguity of the traps and that they were attained less through bad practice than bad luck in a well intentioned collection processes.

It could have been an indication that Spamhaus are trying to coax marketers into less short cuts to a big list, rather than immediate punishment; or it could be both!

Either way it is another thing we need to examine for when checking the health of lists.

More importantly it is a hole that needs filling in the way addresses are collected!

It is not difficult to get a typo address in a list. Any time someone has to type their email address there is a chance of a typo. In Gap’s situation, the addresses were being collected at the till of their retail outlets. So it was either bad spelling by the customer or till staff or it would have been when the records were typed in by hand, in bulk later on.

In that case the only way to avoid it is to be more careful.

What Gap should have done, is bought a few tablets and got customers to enter their details in a web-form with some validation (and an immediate welcome email of course).

When it comes to web forms, typo addresses are more frequent especially when people do not see value in supplying an email address but the site forces them to in order to get to the goal page. Sites which offer something for nothing are the most guilty, the incentives where the prize in on the next page tend to invite mistakes or even deliberate mis-types and made up addresses.

Site which offer finance like loan applications often force people to enter an email address as part of the credit-check, even though everyone knows and email address is not required for a credit check – these tend to invite made up addresses.

Even the best of sign-up experiences can leave room for typos in the email field.

The easiest way to avoid these is to ask people to type in the email address twice in two text boxes. This is commonly called “fat fingers” based on the concept that typos are most common when fingers are too big to hit one key at a time.

It’s a very simple process, underneath your email field add a second text box for users to retype their address into. Then when they hit “submit” trigger a bit of script to compare the two; if they are not the same, don’t submit the form and ask them to try again.

This of course means that the person enters in the typo again the list will still get the typo trap in.

An additional concept is to store a list of commonly mistyped domains and check against that as well.

If you’d like to build one yourself, here’s a starter list of a few typo domains:


Photo sharing site “Kicksend” have put a cheeky little script package upon Github and called it Mailcheck.

Typo traps do not cause blocklistings at the moment, so don’t panic – yet!

One day some typos will so it’s important to fix this sooner rather than later.

My advice for staying off blocklists is: Don’t buy data!