I would be interested as well in having a great spamtrap seeding recipe. (:
In my experience, it's quite random whether an address will be picked or not by the spammers you want. Email addresses that have appeared in leaks seem to work quite well, But that's nearly impossible. The places where you publish them are quite variable as well. Some sites yield an important influx of spam, even if it only appeared once. In other cases they don't seem to have noticed. There's a difference between spammers frequency, too. This very email address I use for mailop has landed in the list of some spammer. I received 3 spams there in 2025. 3 in 2024. 7 in 2023. 15 in 2022, 11 in 2021. 10 in 2020. 20 in 2019. 64 in 2018. Shouldn't we have expected the spam to *increase* over time? On the other hand, a different email address (which admittedly, is on a public bug tracker from which it could be crawled), received over 5100 spam emails (plus 38 bounces since it seems to have been spoofed at one point). And another address, which never existed before, received ~10400 bounces when a spammer decided to use it as from (and Return-Path). That mailbox has started receiving phishing emails after that. on the topic of leaving email addresses for crawlers, 4 years ago I changed a page that contained an email address to point to a spamtrap instead. It was designed to let me identify hen it was crawled and from which IP address. 4 years later, it was only crawled to send spam¹ a dozen of times (5 in 2022, 1 in 2023, 3 in 2024, 3 in 2025), by 10 different IP addresses. It received 64 emails. I do intend to set up more spamtraps at some point, but it continues getting delayed. Maybe 2026 will be the year. I don't know how succeful that will be, but I already got some additional ideas from this thread. Maybe in some months (or next January?) I will have some news to share on how it went. Regards (and Happy New Year) ¹ based on the number of unique addresses that received emails On 2026-01-06 at 17:02 +0000, Denny Watson wrote: > On 1/4/2026, Daniel Colquitt via mailop wrote: > > Hi there, > > > > I’m running a small low-volume self-hosted mail server. Since my > > mail volume is small, I’m considering setting up spamtraps to help > > train my spam filter. Is this still effective? If so, are there any > > tips or short tutorials on seeding spamtraps (i.e., getting the > > spamtrap address used by spammers)? I’ve done a quick web search, > > but almost all of the hits are aimed at spammers trying to avoid > > spamtraps. > > Seeding traps to guard against your own platform; > > 1 RFC-2142 > 2 Seed traps onto your web pages. > Historically harvesting bots don't actually parse HTML, > putting them in comments is fine. > 3 Put a garbage header into you outbound mail with trap addresses > Message-IDs might also work well, provided that M-IDs are a > catchall > sub-domain. > 4 Review your inbound logs for addresses that are currently being > rejected for unknown users. > > ... larger trap farms use other methods, but based on what you > presented, this should be fairly good. > _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
