A spamtrap is an address that is used to capture spam sent to it in order to provide information on what spam is being sent and from where. Spamtraps do not belong to real users, they are decoys set up to catch spammers, monitor and collect spam.

When using spamtraps in automated systems, in order to prevent legitimate email from being invited, a spamtrap e-mail address is never published where a human can find it. Normally spamtrap addresses are obtained by spammers through the use of automated e-mail address harvesters, through ‘dictionary attacks’ on mail servers, buying lists from other spammers, or importing lists from generic address CD-ROMs sold by spammers around the Internet. Almost all CD-ROMs of ‘targetted’ or ‘opt-in’ email addresses are laden with spamtraps belonging to various anti-spam systems.

Because spamtraps do not belong to a real user they can never “opt-in” to any bulk email advertising list since it is impossible for the spamtrap address to give or to confirm consent. As the address is never visible to humans, no sender would be encouraged to send messages to the email address for any legitimate purpose. Since no e-mail is solicited by the owner of this spamtrap e-mail address, any e-mail messages sent to this address are immediately considered unsolicited.