Typo Traps



The worst blocklist to be on has always been one run by Spamhaus.

Up until fairly recently Spamhaus spam traps were only scraped traps. Addresses which never sign up for anything but sit on web-sites waiting for bots to scrape them then spam them. This was primarily B2B addresses.

Then two years ago, just before Christmas, Spamhaus woke up a load of zombie addresses as traps, they have since been known as “Zombie traps”, or “recycled traps”.

These are address that have been dormant for over 10 years and have probably been spammed from all angles for at least 5 of them. It seemed that in January 2011 Spamhuas just flicked a switch and anyone who hit them was blocklisted. This was primarily consumer addresses.

This Christmas Spamhaus activated a bizarre new type of Spamtrap: “Typo traps”.

These were simply any address at a few spelling variations of common consumer domains, eg: “ynail.com” instead of “ymail.com”.

This was first publicised when popular clothing chain “Gap” appeared on a Spamhaus list.

Even more notably, the listing did not actually cause any blocks, even though it was a dreaded Spamhaus block.

This was because Spamhuas listed their “zero IP” and not any address that would actually send an email.
This is the first time Spamhaus have activated a notification block like this. It may have been due to the ambiguity of the traps and that they were attained less through bad practice than bad luck in a well intentioned collection processes.

It could have been an indication that Spamhaus are trying to coax marketers into less short cuts to a big list, rather than immediate punishment; or it could be both!

Either way it is another thing we need to examine for when checking the health of lists.

More importantly it is a hole that needs filling in the way addresses are collected!

It is not difficult to get a typo address in a list. Any time someone has to type their email address there is a chance of a typo. In Gap’s situation, the addresses were being collected at the till of their retail outlets. So it was either bad spelling by the customer or till staff or it would have been when the records were typed in by hand, in bulk later on.

In that case the only way to avoid it is to be more careful.

What Gap should have done, is bought a few tablets and got customers to enter their details in a web-form with some validation (and an immediate welcome email of course).

When it comes to web forms, typo addresses are more frequent especially when people do not see value in supplying an email address but the site forces them to in order to get to the goal page. Sites which offer something for nothing are the most guilty, the incentives where the prize in on the next page tend to invite mistakes or even deliberate mis-types and made up addresses.

Site which offer finance like loan applications often force people to enter an email address as part of the credit-check, even though everyone knows and email address is not required for a credit check – these tend to invite made up addresses.

Even the best of sign-up experiences can leave room for typos in the email field.

The easiest way to avoid these is to ask people to type in the email address twice in two text boxes. This is commonly called “fat fingers” based on the concept that typos are most common when fingers are too big to hit one key at a time.

It’s a very simple process, underneath your email field add a second text box for users to retype their address into. Then when they hit “submit” trigger a bit of script to compare the two; if they are not the same, don’t submit the form and ask them to try again.

This of course means that the person enters in the typo again the list will still get the typo trap in.

An additional concept is to store a list of commonly mistyped domains and check against that as well.

If you’d like to build one yourself, here’s a starter list of a few typo domains:


Photo sharing site “Kicksend” have put a cheeky little script package upon Github and called it Mailcheck.

Typo traps do not cause blocklistings at the moment, so don’t panic – yet!

One day some typos will so it’s important to fix this sooner rather than later.

My advice for staying off blocklists is: Don’t buy data!

4 thoughts on “Typo Traps

  1. Great overview. Unfortunately, based on our experience helping thousands of leading marketers clean and update over 3 billion email address registrations, a double-entry system does not solve the typo problem. These days most individuals either use an auto-fill program or type their email address in the first box and then simply cut and paste their initial entry into the second box. So the typo just gets copied over.

    To avoid getting blocklisted by Spamhaus’s ever-growing universe of spamtraps, which now include typos, marketers need to use an email hygiene and correction service like SafeToSend™ – http://biz.freshaddress.com/SafeToSendDeliverabilitySolution.aspx

    SafeToSend™ eliminates bouncing emails from your list, corrects millions of registration errors, and flags toxic email addresses for removal to make your email file 100% guaranteed deliverable.

    A Spamhaus blocklisting can cost a company in the range of $100,000 to $1,000,000+ on a short term basis. Getting off their blocklists can cost even more if they require you to remove everyone from your list that hasn’t opened and clicked through in the last 3-6 months, which is a typical settlement deal they’ll agree to. The net result is that you can easily lose the ability to message 75+% of your file.

    Best to be proactive and clean and correct all of your email address registrations BEFORE putting them into your marketing database.


  2. Thanks Bill,
    While I’m not a fan of my blog being used for sales pitches!… it is a good point.
    People are lazy, so a few might copy and paste, however, not all of them, so it is a good first step and is pretty much free, depending the price of administering your web-site.
    It is also a good idea to have some scripting to catch the typos pre-submit, which again would not be that expensive.

    I expect in the future, these two practices may well end up being standard procedure for sign-up forms.

    Sadly I’ve recently heard of Spamhaus trying to force a company, who got caught with a typo trap, to implement double opt-in.
    Which is a concern. I’ve heard of a few of the more rigid anti-spam bods preaching about email marketing needing to be confirmed opt-in (COI) across the board but I hadn’t expected Spamhaus to push it in this instance;
    There is the chance, though, that the brand themselves were not being cooperative enough with Spamhaus and this was a consequence?


  3. We’ve also heard of Spamhaus forcing double opt-in on companies that have gotten on their radar screen. Best to be as diligent as possible in vetting, cleaning, and updating all of your opt-in registration sources to ensure your marketing program avoids any potential roadblocks.


Comments are closed.