I’ve put my business cards in quite a few fish-bowl drawings, because the amount of personal information I’ll give away for a free chili-cheese burrito is astounding.
At some point, the proprietor of such a card-collecting eatery might pay her angsty nephew to hand jam those email addresses into a spreadsheet. Odds are that one of those addresses is going into that list with a typo. The same thing happens with a single opt-in webform (huzzah for double opt-in).
You might think most of these typo addresses are going to bounce when you send to them, so no big deal—typos are merely a minor annoyance and occasional source of hilariousness. And when they bounce, you’ll just clean them up then.
You’d be mostly right to think that. If you fat-finger the top-level domain, you’re going to get a bounce. If you mess up anything to the left of the @ symbol, chances are you’re going to get a bounce there, too.
But what if you fat-finger the domain? This past month, I was doing some big data wrangling for our Email Genome Project, and I saw something funky going on with fat-fingered domains of large ISPs and freemail providers—specifically, email to these typos wasn’t bouncing. We actually had great delivery to these domains, which was unnerving.
Typosquatting domains sit around sites like Gmail, Yahoo!, Hotmail, Comcast, etc., and many of them love to accept all the mail they can get. For example, just in November, MailChimp users successfully sent 100,000 emails to addresses at Gmai.com, Gmial.com, Gmil.com, and 15 other Gmail imposters.
I’m not saying that my doppelganger doesn’t have a gmai.com address, but I’d be willing to bet that while these sites accept all the email sent to them, they deserve slim to none of it.
In November alone, our users sent approximately one million emails to typosquatting domains.
Don’t navigate to these sites, please. I’ve done it for you. The creepy stylins of gmai.com:
It’s mighty good of them to thank you for your typo.
Who owns these sites? Darned if I know. Many of them have anonymized their WHOIS information. What if your doctor fat-fingers the email address your blood work results are going to? The hard-working folks at Gmai.com will know all about your iron deficiency.
Perhaps these sites are collecting email addresses, correcting the typos, and creating lists to sell. That’s bad.
Now that they have your content, they could copy it, correct the typo address, and send a customized phishing attack to one of your subscribers. That’s worse.
Why don’t we correct these typos for you? Even if we could identify all these domains and pass judgment on whether or not a particular email address is intentional, correcting the address gets into permission issues. On a single opt-in list, someone might have intentionally given a bad email address. From a data-science perspective, these typos are an excellent signal of list quality—and they’re useful in “scoring” campaigns before they go out the door (hint, hint).
So look out for typos, and seriously consider going double opt-in. After all, if you’re not careful, you may end up in a coma…cast. *rimshot*
RT @benchestnut: Comacast and Gmai: all your typo email are belong to us http://t.co/oj8QdCNV
Comacast and Gmai: all your typo email are belong to us: I’ve put my business cards in quite a fe… http://t.co/rSR4E4Pq via @MailChimp
Could MailChimp gives us an option to have you review our lists and auto fix the domains if it thinks it’s wrong and then show us which ones it will correct and we then can continue or not . Just a Suggestion…
Good suggestion. We certainly are thinking through the implications of offering features such as this. As the Email Genome Project evolves, we’ll know more about what’s possible and advisable.
Scary – Double check your email address when you sign up for things. You might end up on a list you don’t want to be: http://t.co/jsFSXig3
MailChimp Email Marketing Blog – Comacast and Gmai: all your typo email are belong to us http://t.co/O6Nb1YnO via @zite
MailChimp Email Marketing Blog – Comacast and Gmai: all your typo email are belong to us http://t.co/dNJR9wLp
RT @MailChimp: MailChimp Blog | Comacast and Gmai: all your typo email are belong to us http://t.co/l4KPeIV2
Great post! thx
Be careful out there. Double check for email typos. Learn what could happen http://t.co/jgVkUQBH
Great post John! Another alternative is to use a service like ours at LeadSpend to identify and remove these invalid addresses, either on your registration form or at least before you mail to them. Even though addresses at these typo domains are technically deliverable, they are clearly invalid.
John, perhaps a real time email validation tool that covers a point of registration will not only assist in correcting these typo’s, but as well as help block malicious and problematic email.
Thank you – I will go back through my list to double check on email addresses – I want to “save my list” from the phishers!
Amazing! Email addresses with typos (such as @Gmial.com) getting delivered to shady domain squatters. http://t.co/6MRcLMIp
As far as mail mistakenly send to user@gmai.com is concerned I have tried to track down where the email is delivered to. The gmai.com domain is assigned the following mail exchanger in the DNS: nullmx.domainmanager.com.
nullmx.domainmanager.com. maps to the host: mta.dewile.net.
mta.dewile.net. maps to IP Address 208.67.174.100
Consulting ARIN, the responsible party for this IP address is:
Rick Wesson of Support Intelligence.
I sent Rick an email asking what is done to the email received for the gmai.com domain but have not received any response.
Interestingly enough Mr Wesson appears to be a security consultant and has served on the ICANN board.
This post inspired me to blog about an issue I have – one of my domains keeps getting legitimate emails from an organization with a similar domain: http://www.mikeschroll.com/blog/2012/01/19/typo-email-are-belong-to-me/