Back to Blog Home
Sep 04, 2023

Why Email Honeypots Are Dangerous Spams to Avoid

The term “email honeypot” sounds like a phishing thing, doesn’t it? Like a chain email or the sort of thing that a scammer would send out to try and lure in victims.

email-honeypots


In fact, an email honeypot is the opposite. ISPs (Internet Service Providers) set up an email honeypot to try and catch spammers in the act.

The problem is that even innocent, well-meaning senders can find themselves triggering honeypots if they’re not careful.

So, let us tell you all about email honeypots, what they are, how they work, and how you can avoid them:

Understanding Email Honeypots

Email honeypots, also known as “spam traps”, are inactive or fake email addresses designed to catch out spammers.

Let’s imagine that the authorities know that a lot of contraband is being sold in a certain area. So, they set up traps. They put undercover officers on the streets and hire “snitches” to tell them about illegal activity. If someone approaches these officers or snitches offering contraband, they will get punished.

Email honeypots act in a similar way. They are either explicitly designed by ISPs to catch bad senders or are inactive email addresses (‘snitches’) that have been ‘recruited’ to report to the ISPs when they get hit up by bad senders.

How does this catch spammers? Well, spammers are known for buying or scraping email lists rather than gathering emails ethically. So, by seeding the internet with email honeypots, ISPs can identify indiscriminate (‘spammy’) senders.

Threats Posed by Email Honeypots

If you keep triggering honeypots, you will likely make the ISPs very suspicious of you. And they will retaliate in several ways:

Email Deliverability Impact

The first thing an ISP will do if it identifies you as a potential spammer is lower your deliverability. Your ‘deliverability’ refers to your ability to get emails into the inbox quickly and efficiently.

You might find that your emails get diverted to spam or that the ISP delivers the user a spam warning when they try to open your email. All in all, your emails will struggle to reach pole position in the inbox.

This doesn’t just affect your emails. It can affect your entire domain. So if, for example, you have a hosted phone system attached to your domain, you may find it harder to reach your customers through VoIP calls.

Senders’ Damaged Reputation

With each honeypot you trigger, your sender reputation will drop. Your sender reputation is the score ISPs use to determine your validity as a sender. A high sender score means that the ISPs will prioritize your emails and give you the gold star treatment. A low sender score means that the ISPs will treat your emails with suspicion and may refuse to deliver them at all.

Again, a low sender reputation can bleed into your domain reputation. This has a direct effect on things like your cloud call center and even your SEO. So, if your sender reputation suffers, your ranking on Google could drop along with it.

Risk of Being Blacklisted

Persistent spammers (or even those who, with the best intentions, keep hitting honeypots) are liable to get blacklisted. A blacklist is just what it sounds like, a list of IPs and domains which aren’t to be trusted.

ISPs, mailbox providers, and so on use blacklists to block potential spammers from their systems. So, even if you haven’t done anything to upset a particular ISP or mailbox provider, being on a blacklist can still get you blocked by them.

You can test your deliverability for issues and check whether or not you are on blacklists, but it’s better not to get into that position in the first place.

Legal Repercussions

Some email honeypots are deliberately placed in email lists for sale. If you buy up these email lists and send emails to the honeypots, you could find yourself in breach of data protection regulations designed to make sure that nobody has their email address sold on without their consent. This can lead to serious legal repercussions.

span

Identify and Avoid Email Honeypots

It’s not always easy to spot a honeypot, but there are a few things you can do to identify and avoid them:

Key Indicators

There is no real way to identify an email honeypot simply by looking at it. The only real way to detect an email honeypot is to monitor how it behaves:

  1. Is it active? If an address is valid but never sends or receives an email, chances are that it’s a honeypot.
  2. Do your emails to it bounce? Bounced emails are a key indicator of a honeypot.
  3. How engaged is the user? Users who never open or otherwise engage with your emails could be honeypots.

Best Practices to Avoid Triggers

Having identified an email honeypot, the best thing to do is scrub it from your list. To avoid triggering any more honeypots, you should:

  1. Never, ever buy email lists. Purchasable email lists are usually crawling with honeypots.
  2. Don’t scrape email lists from third parties. Again, scraped addresses are rarely, if ever, clean of honeypots.
  3. Monitor your emails closely and move any disengaged addresses to a segment of their own. If they can’t be brought back by a re-engagement campaign, either send them to a ‘dormant’ segment or scrub them from your list.
  4. Use email service providers to host your email operation. ESPs help you to manage your email list, segment low-activity users, and regularly clean out inactive or disengaged addresses from your lists.
  5. Use email authentication and verification protocols when gathering addresses.

Importance of Updated and Clean Email Lists

Practicing good list hygiene is crucial to protect your email lists from honeypots. No matter how diligent and ethical you are when collecting email addresses, you can still fall into honeypots if you don’t regularly clean and update your lists.

The reason for this is that when an address is inactive for a certain amount of time, the ISPs may repurpose it as a honeypot. So, addresses that may once have had perfectly valid users attached may become honeypots, putting you at risk.

So, you need to constantly monitor your email engagement and sweep for disengaged, inactive, or unverified addresses. When you find these, either move them to a re-engagement list to try and verify their validity or delete the addresses from your list. If you’re unsure about a particular address, you can move them to a low-send or ‘suppression’ list to be cautious.

Consequences Of Interacting With Email Honeypots

As we’ve covered above, triggering honeypots can lead to a low sender score and limited deliverability. This can have several real-life impacts on your emailing:

More Spam Filtering

The whole point of email honeypots is to weed out spammers. So, if you keep triggering honeypots, the ISPs will start filtering your emails as spam. This means that your emails are likely to either be sent to the spam folder or blocked entirely.

Affected Email Campaigns

Lower deliverability means that fewer people will read or even see your emails. For those that do get into inboxes and engage user interest, the ISPs may warn the user that your email may contain spam.

The net result is that your email campaign will not be seen by its intended audience. This means that your email campaign won’t achieve its goals, and you will likely have wasted a lot of time and resources on something totally ineffective.

Broken Recipient Trust (And Engagement)

Ultimately, ISPs set up honeypots to provide good customer service. When they warn customers of spam, they have a customer's best interests at heart — and customers know that.

So, getting sent to the spam folder or having spam warnings pop up when people go to open your emails is not a good look. It’s likely to make your recipients think twice about interacting with your emails.

This kind of thing not only reduces engagement with your emails. It also reduces overall trust in your brand. This has impacts beyond the email sphere. It can cause people to disconnect from all of your content and back away from your brand in real life. This results in a loss of profits and a major blow to your overall reputation.

This can even go as far as to affect entire regions. For example, back in the 2010s, Saudi Arabia had a big problem with spammers. As a result, many Middle Eastern countries began to filter anything that came from a .sa domain. You can see below the statistics for spammers from Middle Eastern domains in 2011:

middle-east-spam-domains-2011

Image sourced from kaspersky.com

The good news is that this trust can be regained. Since implementing strict spam controls, .sa domains are now one of the more trusted regional domains in the Middle East.

Protection Against Email Honeypots

So, how can you protect yourself against email honeypots? Here are some ways:

Spam Filtering and Email Authentication

Two of the best ways to avoid honeypots are to have excellent spam filtering protocols and to authenticate all email addresses you gather.

By filtering spam, you can prevent invalid email addresses from infiltrating your lists. And email authentication ensures that every email on your list is valid. Secure emails providers such as Mailfence offer spam filtering as a free feature part of their services.

There are established authentication protocols that you should be using, including SPF, DKIM, and DMARC. Axigen can help you to apply these protocols to your emails.

You can also validate email addresses by using two-factor verification. For example, when someone subscribes to your email list, set up an automated verification email to be sent to their email address.

The user will have to go to their inbox and click on the verification link to complete the sign-up process. This authenticates that there genuinely is an active user on the other end of that address.

Monitoring Email Metrics and Performance

As we’ve mentioned above, constantly monitoring email metrics and performance is one of the best ways to protect yourself from email honeypots. It will show you when users disengage or go inactive. This, in turn, helps you to manage and clean your email lists, prioritizing the most active and engaged users and flagging inactive addresses that could turn into honeypots.

Additionally, staying updated with industry reports and trends, such as The Email List Decay Report for 2023, can provide valuable insights into email list health and decay rates, allowing you to proactively address any potential issues.

Working Only With Reputable Email Service Providers

Good email service providers are great protection against honeypots. A reputable provider will help you to keep your sender score and deliverability high. It will also monitor your email performance and metrics and help you to manage and organize your email lists.

With a good ESP, you can maintain an active, engaged email list that’s free of honeypots. You’ll be able to easily spot potential honeypots and clean them from your list.

Case Study

Let’s look at how brands have battled honeypots to boost deliverability:

Printerprix Goes From 14% Gmail Deliverability to 100%

Printerprix, a multinational e-commerce company, was struggling with low deliverability rates. Gmail deliverability was hovering around the 0-14% mark, and Outlook/Hotmail deliverability was about 25%.

When they hired a firm to look into this, it was found that Printerprix was suffering from a high bounce rate and a high spam complaint rate. Their IP had been blacklisted, and the ISPs were penalizing their sends. This was largely due to a poorly authenticated, rarely-cleaned email list that was triggering honeypots right, left, and center.

To fix the problem, Printerprix was advised to set up full authentication protocols, rigorously clean their email list, and adopt a ‘halo’ sending strategy until their sender reputation improved.

A ‘halo’ strategy involves only sending to the most active and engaged users until the ISPs take notice of your increased engagement rate and boost your sender score.

Following this, Printerprix continuously tested their engagement and conversion rates, mapping them against their deliverability score, and introduced stringent email hygiene procedures going forward.

The result went from extremely low deliverability to 100% deliverability in Gmail and Outlook/Hotmail in a very short amount of time.

Of course, it’s better to have great deliverability and good list hygiene from the start. This is why a reliable ESP is essential. These platforms can help you monitor engagement, flag up inactive addresses (which may be potential spam traps), authenticate your emails, and keep your lists clean from the get-go.

Avoid Email Honeypots With Good Email Practices

Regular email list cleaning should be a standard procedure. Although you’ll need to retain all your email records as part of your SOX compliance checklist, keeping your email list clean and honeypot-free helps you to stay on the right side of the internet authorities (the ISPs).

Even senders with the best will in the world can fall foul of email honeypots. But with the right mail server software like Axigen, a good ESP, and good email list management practices, you can avoid honeypots and maintain a great sender reputation.