Improving spam protection

Fastmail uses many tools that help catch and stop as much spam as possible. With a little help from you, you can virtually eliminate spam from your Inbox.

Reducing spam

Adjust Fastmail settings

Every email that arrives at your mailbox is checked against a list of criteria and given a score to show how likely we think the message is to be spam. Since most people find false-positives (where we mistakenly think a real email is spam) are much worse than false-negatives (where a spam message slips through to your inbox), we are reasonably conservative with our cut-off level.

For ease of use, we provide two levels in the Settings → Mail rules → Spam protection screen: Standard and Aggressive. This controls whether spam is moved to the Spam folder, or deleted, and whether mail from known spam hosts is blocked. If you'd like greater control, you can use the Custom settings to refine further.

If you set your spam filter to Custom, you can personalize the spam scores at which you want messages to be moved to the Spam folder or permanently deleted to Trash. You can learn more about how spam scores are determined on the Spam filtering page. 

Note: if you lower the threshold for considering a message as spam, it's more likely that a legitimate message will be mistakenly classified, so be sure to check your spam folder every so often.

You can also choose to automatically mark spam as read, and (anonymously) share your spam reporting data with other spam-fighting companies.

If you forward mail to Fastmail from other systems, use the Forwarding hosts field to enter the SMTP servers you're forwarding from. We can then use this information to determine the true sender of mail, which improves our spam detection for you.

When a spammer impersonates your email address, you can often end up with a lot of bounced mail being returned to you, bombarding you with backscatter spam. By default we move these mails into your Spam folder. You can adjust this setting to do nothing or to discard these mails if you'd prefer. If you send mail using non-Fastmail servers, you can add their hostnames to the SMTP hosts used field, which will make sure we don't incorrectly mark your mail as bounce spam.

Your personal spam database

Everybody's spam is different. When you report spam that's slipped through our filters, or non-spam that we've mistakenly flagged, we feed this information into a database that's tuned just for you. We also automatically train this with spam you've deleted permanently from your Spam folder, and non-spam you've moved out of your Spam folder.

Once your personal database has seen more than 200 spam and 200 non-spam emails, we automatically start using it to filter your incoming mail. Because it's been trained by the exact messages you receive, your database is more accurate at marking spam than our general database. It can only do so once it's been properly trained, though, which is why we have to wait until it has seen 200 of both spam and non-spam messages before it is activated.

If you go to the Spam protection screen, you can see how many spam and non-spam emails have been reported so far.

How do we detect spam?

We perform a number of checks on incoming messages to see if they're spam. Check out the technical detail if you're interested in learning more.

Report spam and non-spam

If you get a spam message in your Inbox, help us out by selecting it and clicking the Report spam button. Every so often, it's a good idea to check your Spam folder to see if anything you wanted has been accidentally flagged as spam. If it has, select it and click the Not spam button so we can learn from the mistake (the message will be moved to your Inbox).

Report spam/non-spam on email clients

There’s no way to use our spam reporting system directly from a mail client. Instead, you can create special folders in your account for us to scan once a day to learn spam and not spam.

  1. Go to the Settings → Folders screen.
  2. Click Create folder. Name the folder something like "Learn spam".
  3. Click Show advanced preferences. Turn on the Scan this folder daily and learn any new messages option and choose as spam from the dropdown list. If you'd like, you can also set the folder to auto-purge after a certain number of days.
  4. Click Save.

Then, in your email client, move any spam emails you receive into that folder. They will automatically be fed to the our spam database (and later deleted, if you set the folder to auto-purge).

Similarly, you can also help train your personal spam filter and increase the number of non-spam emails by following the above steps, but setting the folder's spam learning to as not spam.

Note: We recommend that you do not mark your Spam/Junk Mail folder to automatically learn as spam. This can create a false positive feedback loop. Imagine an email is incorrectly classified as spam, put in your Spam/Junk Mail folder, and then learned as spam. That means future emails that aren't spam are now more likely to be incorrectly marked as spam, sent to your Spam/Junk Mail folder, and learned as spam. Only mark folders to learn as spam if they're folders you manually move email to.

See spam scores

For mail that's likely to be spam, you'll see a red badge with its spam score in the preview pane of our web interface:

spam-score-badge.png

It's possible to quickly view this information on some mail clients, too. Mac Mail can be set to include the X-Spam-score header with the details listed at the top of every email. To use this option:

  • Open Mac mail and select Mail from the menu bar.
  • Click Preferences.
  • Click Viewing.
  • Open the dropdown box next to Show message headers.
  • Click Custom.
  • Click the + symbol in the pop-up menu.
  • This will let you add text under "Header." Type X-Spam-score and click OK.

This will add the spam score to the headers of all emails, instead of only those most likely to be spam. The same can be done on Thunderbird:

  • Open Thunderbird and select Thunderbird from the menu bar.
  • Click Preferences.
  • Click General.
  • Click Config editor.
  • Click I accept the risk on the pop-up warning.
  • A search window will pop up. Type mailnews.headers.extraExpandedHeaders.
  • A menu will pop up that lets you add text next to Enter string value. Type X-Spam-score: here and click OK.

If your mail client doesn't support custom headers, the X-Spam-score header can still be viewed by opening the raw message.

Avoid using forwarding services

Fastmail does a lot of work when email is forwarded from an outside system to our servers to find and block spam bots while letting legitimate mail through. If you use a forwarding service, we can't do these checks, and spam is more likely to get through.

If you forward email from an old email address, tell people to use your new Fastmail address instead, and close down forwarding from the old system.

If you use your own domain, point the MX records for your domain directly at our servers.

Sending via external servers

If you regularly send email through a non-Fastmail server and any of those emails bounce, they will be flagged as backscatter (a type of spam), since they did not pass through one of our servers.

To keep this from happening, go to the Settings → Mail rules → Spam protection screen. In the Backscatter section, find the SMTP hosts used option. Enter a list of hostnames that you regularly also send email through where replies might come to Fastmail.

For instance, if you use the ISP iinet.com.au, and regularly send email through their SMTP server with your Fastmail email address as the From address, then you should add iinet.com.au to the Backscatter SMTP hosts used option. This will ensure that any email sent via the iinet.com.au SMTP server that bounces will correctly arrive at Fastmail and not be considered backscatter.

Identifying legitimate mail

Add known senders to contacts

Emails that come from senders in your contact list get special treatment. They avoid greylisting and get a spam score of 0. If you use an email client, you don't have to enter addresses into your Fastmail contact list manually. You can upload contacts in different formats on the Settings → Migration → Import screen.

You can also add entire domains to your contact list. This will ensure that mail sent from any address at this domain is not marked as spam. You can add a contact with the email address *@domain.tld to your contact list in the Email field. Entries in a shared contact group are also included.

If you don't want to clutter up your contacts with lots of domains (for example: legitimate mailing lists), create a single contact called Whitelist and add each domain to that entry as extra addresses in the Email field.

Why do I get spam at all?

Where does spam come from?

Most spam these days is sent through automated servers or zombie PC's infected by viruses. The incoming spam can get to you through your main account email address, any addresses you use, wildcard addresses to your domain, or email forwarded to you from other accounts. The more addresses which end up in your Inbox, the higher the exposure you have to spam.

How do spammers get email addresses?

Some users find themselves receiving a lot of spam, even though they haven't told anyone else their email address.

There are several ways a spammer can get hold of your email addresses, even if you haven't told other people about it:

  • Contact lists stolen from computers infected with viruses — This could be the addresses in any computer used by any person who has received an email directly or through forwarding from you (or where you are in the Cc list). For this reason, you should not forward emails with long Cc lists directly to others, since that places people in jeopardy of getting their email addresses placed on spam lists.
  • Address lists stolen from servers — Many corporate or government servers have been hacked over the last few years, and their lists of email addresses stolen.
  • Purchased lists — These are direct mail advertising and spammer organizations that sell address lists to others.
  • Random and "dictionary" attacks — This is a problem if a mail provider doesn't prevent repeated attacks to addresses at that domain. Fastmail has developed many techniques to stop the majority of these attacks on our customers, as long as you don't forward email from other accounts to your Fastmail account.
  • Common words or names (or such words with an easy to guess number after them) — If your email address is joe@example.com, you will probably get spam!
  • Some spammers have been known to search online forums and websites for email addresses.

Because of the first issue (addresses stolen by viruses from computers of those who have received an email from you, even indirectly), and the fact that even most active but unused email addresses can be eventually guessed after thousands or millions of guesses, nearly all email addresses will get spam.

I still have too much spam

Even when you've reported spam, set up extra folders to learn spam when using a mail client, and have adjusted your settings, you're still getting spam. What can you do about it?

  • Is it legitimate mail? Is the mail from a mailing list you once subscribed to, or from a company you associated with at one time? Many websites have an 'opt out' policy: unless you explicitly request to not receive email from them, they will continue to contact you. Legitimate newsletters and mailing lists usually include a link to unsubscribe at the bottom of their emails. You can use this to opt out.

  • How do I know if it's legitimate? If you don’t remember signing up for a mailing list, it can help to look at the raw message for extra information about the headers. To do so, click the Actions menu in the top right of the email, then Show raw message. If you see:

    • X-Spam-known-sender: yes - it means the sender is in your contacts.
    • X-Spam-score: 0.0 - it means we haven't noticed anything suspicious about this email.

     

  • Just make it stop

    1. Report it as spam. It can take a while of continually marking this kind of mail as spam before your personal spam database learns to distinguish this particular kind of mail from actual email you want to receive, but it's a good first step.
    2. Set up a rule to automatically file into a folder the offending mail, based on the sender or other message characteristics. The mail will still be sent to you, but you won't have to see it. It can be worth doing this initially to let you track the incoming mail and checking if there's anything you want to read. Afterwards you can set that folder to be learned as spam and teach your spam database quickly. A safer first step than automatically discarding, just in case there is mail you do want to see, and to test out the matching rule.
    3. Set up a rule to automatically discard the offending mail, based on the sender or other message characteristics.

Stopping virus mail

If Fastmail detects an incoming mail is carrying a virus in an attachment, the mail is discarded, preventing you from any risk of opening the infected mail.

Was this article helpful?
100 out of 132 found this helpful