What are Honeypot Email Addresses, and How to Avoid Them

What Is a Honeypot, and How Does it Affect Legitimate Email Senders?
Yurii Bitko Yurii Bitko 03 november 2022, 09:54 62
For beginners

Spam is a prominent problem on the internet. Spammers always try to flood random or targeted email addresses with shoddy requests to obtain money or steal identities. Hence, it’s necessary to know about the effective techniques to identify spammers, one of which is a honeypot trap.

A honeypot trap is a technique you employ to trick spammers into revealing themselves. It involves using a dormant email address not signed up to any email lists, so anyone sending messages to that address is likely a spammer. We dive deeper into this technique below.

What Are Honeypot Email Addresses?

honeypot-email-addresses-what-are-honeypot-email-addresses

Honeypots are special email addresses that people set up to lure and identify spammers. The name originates from real-life honeypots that attract animals. Just like a curious bear in pursuit of honey runs toward a honeypot, a spammer in pursuit of a victim runs toward a honeypot email address.

A honeypot address is never used by a real person, so it’s safe to assume that anyone sending messages to that address is likely a spammer, and it’s quite reasonable to blacklist their sender addresses to prevent any messages from them.

Email Honeypots vs. Spam Traps

The terms “honeypot email address” and “spam trap” are often used in place of each other. However, they don’t always have the same meaning.

Spam Trap

honeypot-email-addresses-email-honeypots-vs-spam-traps

A spam trap is a fake email address that mailbox service providers (MSPs) like Google, Yahoo and many others use to bait spammers. Types of spam traps include:

  • Expired email accounts. Some MSPs use abandoned email accounts or mailboxes on expired domains to identify spammers. A person that keeps sending messages to an abandoned email address or expired domain name is likely to be a spammer, and the MSP will block them in the long run.
  • Misspelled addresses. Spammers often purposely misspell real names to guess email addresses, e.g. John.Daniel@unione.io is spelled as John.Dainel@unione.io. MSPs detect such emails and send them to the spam folder, along with decreasing the sender’s reputation score.
  • Purchased list markers. Email lists available for sale often contain certain invalid email addresses. Using purchased lists is a very bad practice, so MSPs may block senders who send emails to such addresses.

Spam trap addresses do not need to actually exist. MSPs can implement scripts which will analyze SMTP logs and take appropriate actions for any attempts to send mail to a spam trap, even an unsuccessful one.

Honeypot

Unlike spam traps, a honeypot is always an existing email address. Thus, anyone can set up their own honeypot without the need to access the SMTP logs.

Note that a honeypot can also act as a spam trap when it’s a previously active email address that got abandoned and repurposed.

How Honeypot Addresses Get onto Email Lists

1. Purchased Email Lists

Purchasing email lists brings you far more headaches than benefits. For one, it’s impossible to determine that the addresses in that list have opted to receive marketing emails, and sending emails to those who haven’t opted constitutes spam.

People that create and sell email lists tend to include emails harvested from across the web, some of which are honeypots. Whenever you buy an email list, you risk sending emails to honeypot addresses and getting your sender reputation ruined.

2. Misspelled Addresses

Sometimes, people provide a purposely misspelled email address when registering on a subscriber list to claim certain instant benefits. These wrong addresses end up on email lists, and businesses that repeatedly send messages to them risk being dubbed spammers.

3. Scraping Email Addresses

One of the major ways trappers lure spammers to a honeypot email address is by adding these addresses to their websites and waiting for the spammers to deploy bots to scrape them. Scraping seems like a relatively cheap way to build up your email list, but you'll likely end up scraping honeypot addresses and getting blacklisted after sending a few messages to them.

Besides, email scraping is illegal in countries such as the United States, so it’s a bad marketing practice.

What Are the Consequences of Getting Caught in a Honeypot?

Getting Added to Spam Lists

If you send messages to a honeypot email, email service providers could mark your messages as spam and block your IP address from sending further emails to their users. This implies being added to a spammer list, which makes it difficult to send marketing or transactional emails even if your business is legitimate.

Brand Reputation Harm

A business is as good as its brand recognition. If your business becomes associated with spam, it’ll be hard to get customers to trust you. Being untrustworthy means people would avoid buying things from you, leading to decreased sales in the long run.

This is why we strongly advise against buying email lists. It may seem viable in the short term, but you risk sending emails to honeypots, spam traps, or unconsenting people. Doing so can make email service providers blacklist your brand and harm its reputation.

Reputation is vital for both the domain you’re sending emails from and the IP address of your email service provider. Any harm to either of them can lead to your brand being blacklisted.

How to Avoid Honeypot Email Addresses?

1. Never Purchase Email Lists

We’ve already said much about the harm that purchased email lists could bring to your business. You may end up on spam lists or harm your brand reputation. Besides, it’s prohibited by the law in some jurisdictions. Avoid paying for email lists to market your brand, and you’ll reduce your chances of falling victim to honeypot addresses.

2. Thou Shalt Not Harvest

Seriously, never ever use scripts to scrape, or harvest, addresses from web pages. It’s a guaranteed way of getting lots of honeypots and inactive addresses. And again, purchased lists usually swarm with harvested addresses.

3. Get Rid of Inactive Addresses

If a subscriber does not interact with your emails for a long time, what’s the use for keeping them on the list? You pay extra for emails that will probably never do any good for your business, and an abandoned address may be finally converted into a spam trap. Be sure to clear your lists of subscribers who have shown no activity for, say, half a year.

4. Monitor Your Deliverability

Deliverability is the ratio of your emails that end up in subscribers' inboxes. Monitoring your email deliverability helps you understand issues with your outgoing emails, such as being blacklisted, and helps you prevent them.

You should proactively monitor your deliverability rate and detect and correct any slight drop early. This is better than waiting till the rates have dropped noticeably and trying to correct things hastily.

Note that the IP address of your email service provider also affects your deliverability rates. ESPs like UniOne provide dedicated IP addresses to avoid being marked as spam due to the activities of other businesses using a shared IP.

5. Use CAPTCHA or Double Opt-In

CAPTCHA is a technology that enables you to repel bots from your subscriber forms. It’s an effective way to keep honeypot addresses or spam traps from getting into your email lists.

You can also use a double opt-in procedure, so that subscribers will receive a confirmation link after entering their email addresses in your subscription form, and they must click this link to complete the subscription. This method ensures that real addresses are signing up to your subscriber lists and not bots, and it helps subscribers detect when they misspell their email addresses.

6. Adhere to Compliance and Consent Laws

Compliance laws vary in different countries, but one thing they have in common is consent. It's essential to get explicit consent before sending marketing emails to any address. If a prospect hasn't provided consent to receive emails, do not send them any. A honeypot email doesn't provide consent, so following this rule means you won’t be sending messages to one.

It’s also essential to adhere to GDPR data protection laws if you’re sending emails to European residents.

7. Clean Your Email Lists Regularly

Even when you try your best to follow the aforementioned steps to avoid honeypot addresses, they can slip into your email lists occasionally. Thus, you should regularly check your email list to identify addresses that look like honeypots and delete them. There are also email list cleaning and verification services that can help you do this automatically:

Conclusion

Honeypotting is an effective technique to identify and block spammers. But legitimate businesses can get caught in the trap if they send messages to honeypot addresses unintentionally. It’s important to know what honey potting is and how to avoid falling victim to it.

Messaging honeypot addresses can get your sender IP address or domain to be added to a blacklist, which will harm your brand’s reputation. We’ve described how such addresses find their way into email lists and outlined the measures you should take to avoid interacting with them. Adhere to these rules, and you won’t need to worry about your emails getting to the intended recipients.