Overnight, Gmail moved you to Spam. Microsoft SNDS turned red. Google Postmaster Tools flipped your domain reputation from High to Low and your spam-rate line went vertical. Somewhere in your last send, an address that should never have been on your list accepted mail — and a mailbox provider's trap network noticed.
The thesis, up front: you hit a spam trap, and the trap is the symptom, not the disease. A trap hit is not a warning shot. It is forensic proof that your list has been rotting for months and your acquisition pipeline leaks. The panic reflex — buy a fresh IP, blast an apology, "warm harder" — makes it worse. Recovery is roughly 80% list surgery and honest diagnosis, 20% technical re-warming. No amount of IP warming fixes a consent problem.
Read the crime scene first
Not all traps mean the same thing, and the type dictates your response.
Pristine traps are addresses that never opted in to anything. A provider or blocklist operator created them, seeded them where scrapers and list-sellers find them, and never handed them out. If you hit one, you did not "lose an old subscriber" — you mailed an address you had no business having. Pristine traps are the most damaging, and critically, email validation cannot catch them, because they resolve and accept mail perfectly. A pristine hit means a source in your pipeline is scraped, bought, guessed, or co-registered.
Recycled traps are real addresses that a person used, abandoned, and the provider reclaimed after roughly 6–12 months of dormancy — first bouncing (NXUSER / 550), then quietly reactivating as a trap. A recycled hit is more forgivable: you had a legitimate contact once and never sunset them. That is a hygiene failure, not a consent failure.
Typo traps are misspelled domains — [email protected], [email protected] — that a provider registered specifically to catch senders who accept whatever a form gives them. A typo hit means you have no validation at the point of capture.
You usually will not know which trap you hit — providers do not tell you. You infer it from the evidence:
- Google Postmaster Tools (
postmaster.google.com): domain reputation, IP reputation, spam rate, the feedback-loop dashboard, and the authentication panel. - Microsoft SNDS (
sendersupport.olc.protection.outlook.com/snds) plus the JMRP feedback loop for Outlook/Hotmail complaints. - Blocklists: Spamhaus (SBL/CSS/PBL), SURBL, Barracuda BRBL, UCEPROTECT L1–L3, and Validity.
The blocklist detail matters. A Spamhaus CSS listing is automatic — it fires on snowshoe and low-reputation IP patterns, often the fingerprint of sudden volume from a cold range. A Spamhaus SBL listing is heavier and frequently spamtrap-driven or manually curated: it means a human or a trap network flagged you specifically. CSS you can usually self-remove once behavior normalizes; SBL means the root cause had better be gone before you ask.
Freeze sending and quantify the blast radius
Stop every cold and bulk send now. Keep only transactional mail — password resets, receipts, the things a user is actively waiting for. Providers weight recent behavior heavily; every additional bad send during a reputation dip is a fresh data point telling Gmail you have not changed. You are not "staying top of mind," you are digging.
Then pull the numbers that decide everything:
- Complaint rate. Google's 2024 bulk-sender rules set a hard line: keep spam complaints under 0.10% and never spike above 0.30%, which triggers filtering. Over 0.10% is a targeting problem, not a content problem.
- Bounce rate. Keep it under 2%. A rising hard-bounce trend is your recycled-trap early warning.
- Spam rate in Postmaster, ideally under 0.10%, watched as a trend line, not a single day.
- Engagement, as a proxy for whether real humans want this. One caveat that matters since iOS 15 (2021): Apple Mail Privacy Protection auto-fires opens through a proxy, inflating open rates into noise. Use clicks and conversions as your real signal.
Now segment. Break the numbers down by acquisition source and by list age. The cohort carrying the traps is almost always the oldest, the least-engaged, or the one source you cannot cleanly tie to a signup. Find it before you cut, so you cut the right thing.
List surgery — cut before you rebuild
This is the part that actually recovers your reputation. Everything else is support.
Start with the mechanical removals: suppress all hard bounces permanently, strip role accounts (info@, admin@, postmaster@, abuse@), and drop any known parked or disposable-trap domains. Then apply a sunset policy: anyone with no open and no click in 90–180 days comes off active sending. Opens are unreliable post-MPP — which is exactly why "no click in 180 days" is the harder, more honest cut.
Identify the cohort in SQL before you touch anything:
-- Where are the stale, never-engaged addresses concentrated?
SELECT source,
COUNT(*) AS total,
COUNT(*) FILTER (WHERE last_click_at IS NULL) AS never_clicked
FROM subscribers
WHERE last_engaged_at < NOW() - INTERVAL '180 days'
GROUP BY source
ORDER BY never_clicked DESC;Then suppress — do not delete, so the audit trail survives:
UPDATE subscribers
SET status = 'suppressed',
suppressed_reason = 'sunset_no_engagement',
suppressed_at = NOW()
WHERE last_open_at IS NULL
AND last_click_at IS NULL
AND created_at < NOW() - INTERVAL '180 days';Re-verify what remains through a validation provider — ZeroBounce, Kickbox, NeverBounce, Emailable. Be clear-eyed about what that buys you: verification catches syntax errors, dead mailboxes, and *some* recycled traps that still bounce. It does not catch pristine traps, which accept mail cleanly. Verification is hygiene, not absolution.
Finally, the source audit — the real fix. Kill any segment you cannot tie to an explicit, logged opt-in. Purchased lists, co-registration, scraped data, "we collected these at a trade show" — gone. The rule that saves domains: it is cheaper to delete 40% of your list than to lose the sending domain. A defensible 60% outperforms a bloated, trap-laced 100% at every mailbox provider that matters.
Fix the leak that fed the trap
Surgery removes the traps you have; intake fixes stop the next one from seeding itself. Move to confirmed (double) opt-in going forward — a subscriber is not active until they click the confirmation link, which by definition a scraper bot and a typo address cannot do. Add a honeypot field (a hidden form input only bots fill) and a CAPTCHA to block automated signups that seed traps at scale. Rate-limit form submissions per IP. And run real-time validation at the point of capture, so gmial.com is rejected before it is ever stored.
Authentication and infrastructure hygiene
A reputation crisis is the worst possible time to discover a broken DKIM selector. Verify — do not assume — before you re-warm.
dig +short TXT evilmail.pro # SPF
dig +short TXT sel1._domainkey.evilmail.pro # DKIM public key
dig +short TXT _dmarc.evilmail.pro # DMARC policyWhat clean looks like:
SPF : v=spf1 include:_spf.evilmail.pro -all
DKIM : v=DKIM1; k=rsa; p=MIIBIjANBgkq... (2048-bit RSA)
DMARC : v=DMARC1; p=reject; rua=mailto:[email protected];
ruf=mailto:[email protected]; fo=1; adkim=s; aspf=sSPF must end in -all, DKIM must be 2048-bit and aligned to your From domain, and DMARC should sit at p=quarantine or p=reject with rua reporting on so you can watch alignment. If you were on a shared IP and it got tainted, move to a dedicated IP or a separate sending subdomain so your recovery is not hostage to a neighbor's behavior.
One more non-negotiable since February 2024: any domain sending 5,000+/day to Gmail or Yahoo must ship one-click unsubscribe per RFC 8058. Both headers, together:
List-Unsubscribe: <https://evilmail.pro/u/abc123>, <mailto:[email protected]>
List-Unsubscribe-Post: List-Unsubscribe=One-ClickMissing this alone can pin your reputation down no matter how clean your list is.
Re-warm on a schedule, driven by engagement
Now, and only now, you rebuild. Warm to your most-engaged segment first — people who opened or clicked in the last 30 days — and expand outward only as reputation climbs. The ramp on a dedicated IP:
Day 1: 50 Day 5: 5,000
Day 2: 100 Day 6-7: 10,000
Day 3: 500 Week 2: 20,000-50,000/day
Day 4: 1,000 Week 3+: double only on green metricsWatch Postmaster domain reputation climb Bad → Low → Medium → High across two to four weeks. Do not accelerate on a bad day. A complaint spike or a reputation dip means you step *back* a rung, not forward. Volume follows reputation; it never leads it.
On delisting: Spamhaus offers self-service removal (CSS and DBL self-removal, plus the SBL removal form). It only holds if the underlying behavior actually stopped. Request removal after the surgery and several clean sending days — not the moment you notice the listing. Remove too early, keep hitting traps, and you get re-listed and flagged as a repeat offender, which is far harder to escape than the first listing.
The recovery checklist
- 1.Freeze all cold and bulk sending; keep transactional only.
- 2.Pull Postmaster Tools, SNDS/JMRP, and blocklist status; identify CSS vs SBL.
- 3.Infer the trap type from the signature (recycled / pristine / typo).
- 4.Quantify complaint rate, bounce rate, spam trend; segment by source and age.
- 5.Suppress hard bounces and role accounts permanently.
- 6.Apply the 90–180-day no-engagement sunset (weight clicks, not opens).
- 7.Re-verify the survivors through a validation vendor.
- 8.Kill every source you cannot tie to logged opt-in.
- 9.Add confirmed opt-in, honeypot, CAPTCHA, and real-time validation to intake.
- 10.Verify SPF
-all, 2048-bit DKIM, DMARCp=reject, RFC 8058 one-click unsubscribe.
The domain reputation you spent a year building can be lost in a weekend, and the only insurance is a list you can defend address by address.


