Improving spam protection

Fastmail uses many tools that help catch and stop as much spam as possible. With a little help from you, you can virtually eliminate spam from your Inbox.

Adjust Fastmail settings

Every email that arrives at your mailbox is checked against a list of criteria and given a score to show how likely we think the message is to be spam. Since most people find false-positives (where we mistakenly think a real email is spam) are much worse than false-negatives (where a spam message slips through to your inbox), we are reasonably conservative with our cut-off level.

For ease of use, we provide three levels in the Settings → Spam Protection screen: Basic, Standard and Aggressive, which adjust how we treat spam. This controls whether spam is moved to the Spam folder, or deleted, and whether mail from known spam hosts is blocked. If you'd like greater control, you can use the Custom settings to refine further.

Note: if you lower the threshold for considering a message as spam, it's more likely that a legitimate message will be mistakenly classified, so be sure to check your spam folder every so often.

You can also choose to automatically mark spam as read, and (anonymously) share your spam reporting data with other spam-fighting companies.

If you forward mail to Fastmail from other systems, use the forwarding hosts field to enter a list of all domain names you're forwarding from. We can then use this information to determine the true sender of mail, which improves our spam detection for you.

When a spammer impersonates your email address, you can often end up with a lot of bounced mail being returned to you, bombarding you with backscatter spam. By default we move these mails into your Spam folder. You can adjust this setting to do nothing or to discard these mails if you'd prefer. If you send mail using non-Fastmail servers, you can add their hostnames to the SMTP hosts used field, which will make sure we don't incorrectly mark your mail as bounce spam.

Your personal spam database

Everybody's spam is different. When you report spam that's slipped through our filters, or non-spam that we've mistakenly flagged, we feed this information into a database that's tuned just for you. We also automatically train this with spam you've deleted permanently from your Spam folder, and non-spam you've moved out of your Spam folder.

Once your personal database has seen more than 200 spam and 200 non-spam emails, we automatically start using it to filter your incoming mail. Because it's been trained by the exact messages you receive, your database is more accurate at marking spam than our general database. It can only do so once it's been properly trained, though, which is why we have to wait until it has seen 200 of both spam and non-spam messages before it is activated.

If you go to the Spam Protection screen, you can see how many spam and non-spam emails have been reported so far.

How do we detect spam?

We perform a number of checks on incoming messages to see if they're spam. Check out the technical detail if you're interested in learning more.

Report spam and non-spam

If you get a spam message in your Inbox, help us out by selecting it and clicking the Report Spam button. Every so often, it's a good idea to check your Spam folder to see if anything you wanted has been accidentally flagged as spam. If it has, select it and click the Not Spam button so we can learn from the mistake (the message will be moved to your Inbox).

Report spam/non-spam on email clients

There’s no way to use our spam reporting system directly from a mail client. Instead, you can create special folders in your account for us to scan once a day to learn spam and not spam.

  1. Go to the Settings → Folders screen.
  2. Click Create Folder. Name the folder something like "Learn spam".
  3. Click Show Advanced Preferences. Tick off the option for spam learning and set it to learn any new messages as spam. If you'd like, you can also set it to auto-purge after a certain number of days.
  4. Click Save.

Then, in your email client, move any spam emails you receive into that folder. They will automatically be fed to the our spam database (and later deleted, if you set the folder to auto-purge).

Similarly, you can also help train your personal spam filter and increase the number of non-spam emails by following the above steps, but setting the folder's spam learning to not spam.

Note: We recommend that you do not mark your Spam/Junk Mail folder to automatically learn as spam. This can create a false positive feedback loop. Imagine an email is incorrectly classified as spam, put in your Spam/Junk Mail folder, and then learned as spam. That means future emails that aren't spam are now more likely to be incorrectly marked as spam, sent to your Spam/Junk Mail folder, and learned as spam. Only mark folders to learn as spam if they're folders you manually move email to.

See spam scores

For mail that's likely to be spam, you'll see a badge with its spam score in the preview pane of our web interface:

Spam badge

It's possible to quickly view this information on some mail clients, too. Mac mail can be set to include the X-Spam-score header with the details listed at the top of every email. To use this option:

This will add the spam score to the headers of all emails, instead of only those most likely to be spam. The same can be done on Thunderbird:

If your mail client doesn't support custom headers, the X-spam-score header can still be viewed in the raw message.

Avoid using forwarding services

Fastmail does a lot of work when email is forwarded from an outside system to our servers to find and block spam bots while letting legitimate mail through. If you use a forwarding service, we can't do these checks, and spam is more likely to get through.

If you forward email from an old email address, tell people to use your new Fastmail address instead, and close down forwarding from the old system.

If you use your own domain, point the MX records for your domain directly at our servers.

Sending through an outside server

If you regularly send email through a non-Fastmail server and any of those emails bounce, they will be flagged as backscatter (a type of spam), since they did not pass through one of our servers.

To keep this from happening, go to the Settings → Spam Protection screen. In the Backscatter SMTP Hosts box, enter a list of hostnames that you regularly also send email through where replies might come to Fastmail.

For instance, if you use the ISP, and regularly send email through their SMTP server with your Fastmail email address as the From address, then you should add to the Backscatter SMTP Hosts box. This will ensure that any email sent via the SMTP server that bounces will correctly arrive at Fastmail and not be considered backscatter.

Update your contacts

Emails that come from senders in your contact list get special treatment. They avoid greylisting and get a spam score of 0. If you use an email client, you don't have to enter addresses into your Fastmail contact list manually. You can upload contacts in different formats on the Settings → Import & Setup screen.

You can also add entire domains to your contact list. This will ensure that mail sent from any address at this domain is not marked as spam. You can add a contact with the email address *@domain.tld to your contact list in the Email field. Entries in a shared contact group are also included.

If you don't want to clutter up your contacts with lots of domains (for example: legitimate mailing lists), create a single contact called Whitelist and add each domain to that entry as extra addresses in the Email field.

Where does spam come from?

Most spam these days is sent through automated servers or zombie PC's infected by viruses. The incoming spam can get to you through your main account email address, any aliases you use, wildcard aliases to your domain, or email forwarded to you from other accounts. The more addresses which end up in your Inbox, the higher the exposure you have to spam.

How do spammers get email addresses?

Some users find themselves receiving a lot of spam, even though they haven't told anyone else their email address.

There are several ways a spammer can get hold of your email addresses, even if you haven't told other people about it:

Because of the first issue (addresses stolen by viruses from computers of those who have received an email from you, even indirectly), and the fact that even most active but unused email addresses can be eventually guessed after thousands or millions of guesses, nearly all email addresses will get spam.

I still have too much spam

Even when you've reported spam, set up extra folders to learn spam when using a mail client, and have adjusted your settings, you're still getting spam. What can you do about it?

Stopping virus mail

If Fastmail detects an incoming mail is carrying a virus in an attachment, the mail is discarded, preventing you from any risk of opening the infected mail.