Don’t Forget the “L”: How A Typo Spam Trap Can Destroy Your Email Deliverability

Is it possible that a company’s email deliverability can be impacted by a simple typo? The short answer is yes — if you get caught in a typo spam trap. Before you say “that sounds ridiculous,” let’s take a very short trip down memory lane.

How many of you remember the collapse of Amazon Web Services’ (AWS) S3 cloud storage service two years ago? For those unfamiliar, a simple typographical error in a routine maintenance command caused a major AWS outage that impacted hundreds of thousands of their customers’ websites and apps for over four hours. Because they own more than a third of the cloud services market, they impact a large number of other popular organizations, creating a massive domino effect of service disruptions.

SocketLabs was reminded of this incident recently when a similarly bizarre situation impacted a customers’ email deliverability. While their story is hard to believe, it provides some important lessons for any organization that relies on transactional email delivery to keep their business operating smoothly.

Typo Spam Trap 101: What Happens When a Recipient Accidentally Forgets the Letter “L” at the End of Gmail

As with the AWS situation, it all started with a typo. In this case, a person who wanted to sign up for an e-newsletter from Company XYZ, made a mistake when typing in the email address as part of the registration process. Specifically, the person forgot to include the letter “L” when they tried to type “Gmail”. So instead of entering the email address correctly as [email protected], the email address was entered as [email protected] No big deal right?

Well, there are email data security companies out there who count on there being “typing mistakes” just like this. These companies set up email honeypots and typo spam traps, which are essentially mailboxes that match common, or “easy-to-make” typos, such as “”. The reason? They want to receive the messages and treat them as “data samples” for analysis and experimentation. The purpose of this kind of email analysis is to identify cases where the senders are malicious and are conducting phishing and other types of abuse.

One of the many revenue models for these data security companies is essentially to use these “error mailboxes” to:

  1. capture samples of “real email”
  2. conduct analysis on the email
  3. identify domains that represent threats, and then
  4. sell the findings to internet security companies and mailbox providers. Some will even require a payment for spam trap removal.

What Happens When You Hit a Typo Spam Trap

The intended outcome of a typo spam trap is to serve the email community by flagging legitimate phishing scams and then alerting other participants in the internet world to be wary of domains or messages that are suspicious.

So, when the day finally came that Company XYZ wanted to send this person the marketing newsletter that had been requested, the email message that they sent – which was unfortunately addressed to a non-existent person at – was obviously NOT delivered to the person’s correct inbox. Instead, it was delivered to the data security company’s “” inbox. As is done with millions of similar messages that are captured, the data security company’s automated system then scanned the links in Company XYZ’s email newsletter message.

Following so far? Well here’s where it gets weird.

Unexplainably, the automated phishing scan that was conducted determined that the email newsletter had malicious intent – which in fact, it did not. However, this established a “false positive” report, stating the security company’s belief that the email newsletter sent by Company XYZ was a phishing attempt. What happened next was a security industry “multiplier effect” similar to the domino effect that caused the AWS situation to spiral out of control. The data security company took that single false positive result and initiated a ripple effect that made it several times worse. Their automated processes take suspicious email messages, identify their sending domain, and then alert their network of customers to suppress other similar messages that carry links from the same sending domain – thus they attempt to proactively prevent a phishing attack from spreading. This negative information about XYZ Company’s domain was rapidly shared across the email delivery world, as company after company received the data feeds.

Ready for the good news? Fortunately, while this situation could easily have caused significant link warnings or other email delivery headaches for XYZ Company, it didn’t. The reason it didn’t is that XYZ Company happens to have a stellar domain reputation. This incident highlights one of the key benefits of having a great domain reputation that’s based on a solid historical track record. Namely, that single pieces of negative information aren’t enough to persuade mailbox providers that a sender is “bad” and that email delivery should be questioned or interrupted. However, not every company has a strong enough reputation to withstand such a mistake. For those that don’t, an accidental incident like this could easily interrupt their short-term ability to deliver email successfully.

Lessons From Hitting a Typo Spam Trap

As with the AWS outage, there are important lessons to be learned from this unlikely turn of events. For organizations that rely on email deliverability, there are three key takeaways in particular:

  1. Domain reputation is king. The best defense against inadvertent threats is building and maintaining a strong domain reputation. Strange things may still occur, but they won’t be strong enough to slow you down. As a sender of email, you must be diligent to ensure that you’re always following best practices and putting your best foot forward.
  2. The email world is wild. This story shares just one small example of the jungle that corporate email must fight through before it reaches the inbox. Phishing attacks are so prolific that automatic processes like the one described above are absolutely necessary in order to combat the issue. Although a false positive occurred in this case, there are millions of accurate findings that are keeping the world safer. Again, following best practices with message design will help ensure that you’re not inadvertently swept up into the multitude of spam and phishing filters.
  3. Watch out for typos! They can cause unexpected consequences in an electronic world. Just ask us. Removing spam traps and bad addresses from your lists is one way to solve the underlying problem. You should also focus on improving your data collection process to keep from sending mail to bad addresses.

If you’d like more information on how to improve and protect your domain reputation, or how to optimize your email sending practices, just give us a call. The SocketLabs deliverability team can get you (or keep you) pointed in the right direction. We can help you survive and thrive in a crazy email world.