Certainly not with all spam traps, but if someone is reviewing the data, and 
trying to decide what to do with a sample, an "Open" message might get sent in 

But a reply should never be sent, and so a classical SpamTrap would not pass a 
COI test.

... unless it had gathered dust for a very long time, or the new domain's owner 
didn't follow the (Reject for 6 months to a year) BCP.

Just MHO.

Michael J Wise
Microsoft Corporation| Spam Analysis
"Your Spam Specimen Has Been Processed."
Got the Junk Mail Reporting 
Tool<http://www.microsoft.com/en-us/download/details.aspx?id=18275> ?

-----Original Message-----
From: mailop <mailop-boun...@mailop.org> On Behalf Of Stefano Bagnara
Sent: Wednesday, March 7, 2018 4:39 PM
To: Aaron C. de Bruyn via mailop <mailop@mailop.org>
Subject: Re: [mailop] Hat color of list washers / validators

On 8 March 2018 at 01:02, Laura Atkins 
<la...@wordtothewise.com<mailto:la...@wordtothewise.com>> wrote:

> [...]

> Sure, we agree. But there are folks who don’t agree with us. Some of

> those folks run spamtrap networks that feel blocklist data. I think

> it’s important to acknowledge that. At one point you could do COI and

> still get on a blocklist because you sent to a spamtrap.

That's why we need to find someone that is able to share real bits on the 
issues (who's who).

We can't expect a provider to fix a bad habit (or to publicly explain there was 
a bug) if no one talks about it and people keep buying its services ignoring 
those issues.

If they feed a blocklist like that and I buy a blocklist that is fed that way 
I'd be very disappointed.

If they do that sistematically then they will create a lot of false positives 
and blocklist users will start complaining.. so I really hope/guess we're 
talking about a bug.

> At one point you could do COI and

> mail to folks who’d only opened an email in the past few weeks and

> still get on a blocklist because you sent to a spamtrap. This affected

> real senders who weren’t spamming.

Just to make this more interesting, I think this may have a slighly different 
"story" that may be "right".

2014: I collect the addr...@example.com<mailto:addr...@example.com> email 

2015: the example.com domain expires, is bought by the spamtrap network that 
starts returning 511 this will become a spamtrap for 365 days.

2017: I decide to send an email to that address for the first time, I hit the 
spamtrap. Some network doesn't report back your first hit, instead they 
sometimes make opens/clicks, I don't know if they do that to simulate traffic 
or for some other reasons.. (hint: I saw clicks/opens from antivirus/antispam 
cloud providers IP spaces, but I don't know the reasons).

2 weeks later I send a second email only to people that opened in the last 
month, and addr...@example.com<mailto:addr...@example.com> is reported, 
correctly, as a spamtrap hit.

So, it was COI, and I was writing only to openers from the last month, and 
still I hit a "3 years old repurposed spamtrap".

Let's take into consideration that spamtrap network have to do their homework 
to avoid being identified easily, so if they never do opens/clicks they already 
put a big flash on them. So I think it is OK for a spamtrap to open/click or 
even reply to an email, but it is important that the email address has been in 
a "user unknown" state for at least 1 year (or something similar).



mailop mailing list


mailop mailing list

Reply via email to