The Internet Blacklist

Like many providers, we use domains strategically to protect your online privacy and security. Yesterday, our domain was mistakenly added to a blacklist provided by Google. This particular blacklist is used by most web browsers. While blacklists were not put in place to lock out sites like Fastmail, misclassified instances like this do happen.

The listing is not an indication that Fastmail was compromised in any way, and there was no leak of personal information. However, it did result in webmail users having problems accessing their email for a few hours, and seeing an alarming red warning message.

If you experienced this yesterday, you saw a bit of the normally-invisible fence built in to browsers. They work to block sites trying phish your private information or install malware on your device. Since Fastmail is not at all in this category, we were able to resolve the misunderstanding quickly.

How we wound up on a blacklist

Our primary domain is — this is where we host our website and the interface to your mail, calendars and contacts. When you open an email attachment, we use a different domain ( for additional security. Browsers separate information by domain, so this ensures that a malicious attachment cannot gain access to the personal information or other data in your account.

To protect your privacy, we also load images via Requesting an image on your behalf means your IP address (which can often be used to determine your physical location), cookies and device information are hidden from the sender of the email.

While we don’t know exactly why was added to the blacklist, we think someone opened an attachment from a phishing email and reported it.

How we resolved the immediate issue

As soon as we realised what was happening, we reached out to contacts at Google, who helped address the issue quickly. We are grateful for their support in expediting removal from the blacklist, so our service was once again available to all our customers.

What we’re doing to ensure seamless service in future

As privacy and security champions, we know that the internet’s protective ecosystem mostly works — and it’s crucial to protect users from the very real threat of phishing. However, mistakes can happen, and ensuring uninterrupted service for our customers is a top priority for us.

Abuse of trusted providers like Fastmail is an expected part of providing service, and we devote a lot of effort to making sure one user’s bad behaviour doesn’t impact other customers. We are moving to unique subdomains of for each session, so the impact of any future issue can be limited. We are registering on the public suffix list, a community-maintained service that lets browsers know that content on different subdomains are not related and should not be given any special privileges.

Blacklists for safe browsing are there to do good. However, in working to protect you, they can cast a net too wide. We stay connected with the communities who are involved in protecting the internet so we can resolve situations like this quickly should they arise.

We apologise if you were affected by this issue. Stay safe, and as ever, thanks for using Fastmail.

Older post Better Product Experiences Through Skilled Support Writing
Newer post Fastmail’s 2018 in Review
How Fastmail + Morgen Power Tom’s Productivity

Fastmail is happy to partner with other tools and services, like Morgen, that help our customers make better use of their valuable time.

How Ellane Uses Fastmail to Balance Business and Personal Email

Fastmail provides peace of mind by protecting your data and upgrading your email experience. Ellane supports her unique workflow using rules, folders, aliases, and more.

Customize and Optimize Your Inbox: How Paul Uses Fastmail

Learn more about Paul, a graphic designer and entrepreneur, and why he loves using color, folders, data syncing, and aliases.