Improving spam protection

Fastmail uses many tools that help catch and stop as much spam as possible. With a little help from you, you can virtually eliminate spam from your Inbox.

Adjust Fastmail settings

Every email that arrives at your account is assessed against a list of criteria and assigned a score to show how probable we think the message is spam. Since most people find false-positives (where we mistakenly think a real email is spam) are much worse than false-negatives (where a spam message slips through to your inbox), we are reasonably conservative with our cut-off level.

For ease of use, we provide four levels in the Settings → Spam Protection screen: Basic, Standard and Aggressive, which adjust how we treat spam. This controls whether spam is moved to the Spam folder, or deleted, and whether mail from known spam hosts is blocked. If you'd like greater control, you can use the Custom settings to refine the thresholds to your choice.

Note: if you lower the threshold for considering a message as spam, it's more likely that a legitimate message will be mistakenly classified, so be sure to check your spam folder every so often.

You can also choose to automatically mark spam as read, and (anonymously) share your spam reporting data with other spam-fighting companies.

If you forward mail to Fastmail from other systems, use the forwarding hosts field to enter a list of all domain names you're forwarding from. We can then use this information to determine the true sender of mail, which improves our spam detection for you.

When a spammer impersonates your email address, you can often end up with a lot of bounced mail being returned to you, bombarding you with backscatter spam. By default we move these mails into your Spam folder. You can adjust this setting to do nothing, or to discard these mails. If you send mail using non-Fastmail servers, you can add their hostnames to the SMTP hosts used field which ensures we don't incorrectly classify your mail as bounce spam.

Your personal spam database

Everybody's spam is different. When you report spam that's slipped through our filters, or non-spam that we've mistakenly classified, we feed this information into a database that's tuned just for you. We also automatically train this with spam you've deleted permanently from your spam folder, and non-spam you've moved to your Archive folder or replied to.

Once your personal database has seen more than 200 spam and more than 200 non-spam emails, we automatically start using it to classify your incoming mail. Because it's been trained by the exact messages you receive, your database is more accurate at classifying spam than our general database. However, it can only do so once it's been properly trained, which is why we have to wait until it has seen 200 of both spam and non-spam messages before it is activated.

If you go to the Spam Protection screen, you can see how many spam and non-spam emails have been reported so far.

How do we detect spam?

We perform a number of checks on incoming messages to see if they're spam. Check out the technical detail if you're interested in learning more.

Report spam and non-spam emails

If you get a spam message in your Inbox, help us out by selecting it and clicking the "Report Spam" button. Every so often, it's a good idea to check your Spam folder to see if anything you wanted has been accidentally classified as spam. If it has, select it and click the "Not Spam" button so we can learn from the mistake (the message will be moved to your Inbox).

Reporting spam/non-spam with an email client

There's no mechanism in the IMAP protocol for hooking into our spam reporting system directly. However, you can nominate special folders in your account which we'll scan once a day to learn spam/non-spam.

  1. Log in to your account at
  2. Go to the Settings → Folders screen.
  3. Create a new folder called something like "Learn spam". Mark that folder's "Spam Learning" as "As spam", and set it to "Auto-purge after 7 days".

Then, in your email client, move any spam emails you receive into that folder. They will automatically be fed to the spam Bayes DB and later deleted.

Note: We recommend that you do not mark your Spam/Junk Mail folder to automatically learn "As spam". This can create a false positive feedback loop. Imagine an email is incorrectly classified as spam, put in your Spam/Junk Mail folder, and then learned as spam. That means future emails that aren't spam are now more likely to be incorrectly marked as spam, sent to your Spam/Junk Mail folder, and learned as spam. Only mark folders to learn "As spam" if they're folders you manually move email to.

Similarly, you can also use the properties on the folder to also explicitly teach the database what isn't spam by following the above steps, but setting the folder's "Spam Learning" to "not spam". This will increase the number of non-spam emails in your personal spam database.

Avoid using forwarding services

Fastmail does a lot of work at the SMTP stage (when email is transferred from an external system to Fastmail) to identify and block spam bots while letting legitimate mail through. If you use a forwarding service, we can't do these checks and more spam will get through.

If you forward email from an old email address, tell people to use your new Fastmail address instead and close down forwarding from the old system.

If you use your own domain, point the MX records for your domain directly at our servers (Enhanced/Premier or family/business accounts only).

If you send via an external server

If you regularly send email through a non-Fastmail server, then if any of those emails bounce, they will be classed as backscatter (a type of spam) as they did not pass through one of our servers.

To avoid this happening, go to the Settings → Spam Protection screen. In the "Backscatter SMTP Hosts" box, enter a list of hostnames that you regularly also send email through where replies might come to Fastmail.

For instance, if you use the ISP, and regularly send email through their SMTP server with your Fastmail email address as the From address, then you should add to the Backscatter SMTP Hosts text box. This will ensure that any email sent via the SMTP server that bounces will correctly arrive at Fastmail and not be considered backscatter.

Add known senders to your contacts

Email from senders in your contact list get special treatment. They avoid greylisting and get a reduced spam score. If you use an email client (e.g. Outlook, Thunderbird, Apple Mail, etc.), you don't have to enter addresses into your Fastmail contact list manually: you can upload contacts in different formats on the Import & Setup screen.

To avoid spam checks on a complete domain, you can add a contact with the email address *@domain.tld to your contact list in the "email" field. This will whitelist messages from all senders in this domain: preventing any message sent from that domain from being marked as spam. Entries in a shared contact group (for multi-user accounts) are also included.

If you don't want to clutter up your contacts with lots of whitelist entries (for example: legitimate mailing lists), create a single contact called "whitelist" and add each whitelist domain to that entry as extra addresses.

Where does spam come from?

Most spam these days is sent via automated servers or zombie PC's infected by viruses. The incoming spam can get to you via your main account email address, any aliases you use, wildcard aliases to your domain, or email forwarded to you from other accounts. The more addresses which end up in your Inbox, the higher the exposure you have to spam.

How do spammers get email addresses?

Some users find themselves receiving a lot of spam, even though they haven't told anyone else their email address. Often the assumption is that we've sold a list of email addresses.

We never sell email addresses. We never disclose email addresses at our site to anyone else.

There are several ways a spammer can get hold of your email addresses:

Because of the first issue (addresses stolen by viruses from computers of those who have received an email from you, even indirectly), and the fact that even most active but unused email addresses can be eventually guessed after thousands or millions of guesses, nearly all email addresses will get spam.

I still have too much spam

Even after reporting spam and setting up extra folders to learn spam for when you access your mail via a client and you have adjusted your settings, you're still getting spam. What can you do about it?

Stopping virus mail

If Fastmail detects an incoming mail is carrying a virus in an attachment, the mail is discarded, preventing you from any risk of opening the infected mail.