Improving spam protection
Fastmail uses many tools that help catch and stop as much spam as possible. With a little help from you, you can virtually eliminate spam from your Inbox.
- Reducing spam
- Identifying legitimate mail
- Why do I get spam at all?
- Stopping virus mail
Adjust Fastmail settings
Every email that arrives at your account is assessed against a list of criteria and assigned a score to show how probable we think the message is spam. Since most people find false-positives (where we mistakenly think a real email is spam) are much worse than false-negatives (where a spam message slips through to your inbox), we are reasonably conservative with our cut-off level.
For ease of use, we provide four levels in the Settings → Spam Protection screen:
Aggressive, which adjust how we treat spam. This controls whether spam is moved to the Spam folder, or deleted, and whether mail from known spam hosts is blocked. If you'd like greater control, you can use the
Custom settings to refine the thresholds to your choice.
Note: if you lower the threshold for considering a message as spam, it's more likely that a legitimate message will be mistakenly classified, so be sure to check your spam folder every so often.
You can also choose to automatically mark spam as read, and (anonymously) share your spam reporting data with other spam-fighting companies.
If you forward mail to Fastmail from other systems, use the forwarding hosts field to enter a list of all domain names you're forwarding from. We can then use this information to determine the true sender of mail, which improves our spam detection for you.
When a spammer impersonates your email address, you can often end up with a lot of bounced mail being returned to you, bombarding you with backscatter spam. By default we move these mails into your Spam folder. You can adjust this setting to do nothing, or to discard these mails. If you send mail using non-Fastmail servers, you can add their hostnames to the SMTP hosts used field which ensures we don't incorrectly classify your mail as bounce spam.
Your personal spam database
Everybody's spam is different. When you report spam that's slipped through our filters, or non-spam that we've mistakenly classified, we feed this information into a database that's tuned just for you. We also automatically train this with spam you've deleted permanently from your spam folder, and non-spam you've moved to your Archive folder or replied to.
Once your personal database has seen more than 200 spam and more than 200 non-spam emails, we automatically start using it to classify your incoming mail. Because it's been trained by the exact messages you receive, your database is more accurate at classifying spam than our general database. However, it can only do so once it's been properly trained, which is why we have to wait until it has seen 200 of both spam and non-spam messages before it is activated.
If you go to the Spam Protection screen, you can see how many spam and non-spam emails have been reported so far.
How do we detect spam?
We perform a number of checks on incoming messages to see if they're spam. Check out the technical detail if you're interested in learning more.
Report spam and non-spam emails
If you get a spam message in your Inbox, help us out by selecting it and clicking the "Report Spam" button. Every so often, it's a good idea to check your Spam folder to see if anything you wanted has been accidentally classified as spam. If it has, select it and click the "Not Spam" button so we can learn from the mistake (the message will be moved to your Inbox).
Reporting spam/non-spam with an email client
There's no mechanism in the IMAP protocol for hooking into our spam reporting system directly. However, you can nominate special folders in your account which we'll scan once a day to learn spam/non-spam.
- Log in to your account at https://www.fastmail.com.
- Go to the Settings → Folders screen.
- Create a new folder called something like "Learn spam". Mark that folder's "Spam Learning" as "As spam", and set it to "Auto-purge after 7 days".
Then, in your email client, move any spam emails you receive into that folder. They will automatically be fed to the spam Bayes DB and later deleted.
Note: We recommend that you do not mark your Spam/Junk Mail folder to automatically learn "As spam". This can create a false positive feedback loop. Imagine an email is incorrectly classified as spam, put in your Spam/Junk Mail folder, and then learned as spam. That means future emails that aren't spam are now more likely to be incorrectly marked as spam, sent to your Spam/Junk Mail folder, and learned as spam. Only mark folders to learn "As spam" if they're folders you manually move email to.
Similarly, you can also use the properties on the folder to also explicitly teach the database what isn't spam by following the above steps, but setting the folder's "Spam Learning" to "not spam". This will increase the number of non-spam emails in your personal spam database.
Avoid using forwarding services
Fastmail does a lot of work at the SMTP stage (when email is transferred from an external system to Fastmail) to identify and block spam bots while letting legitimate mail through. If you use a forwarding service, we can't do these checks and more spam will get through.
If you forward email from an old email address, tell people to use your new Fastmail address instead and close down forwarding from the old system.
If you use your own domain, point the MX records for your domain directly at our servers (Enhanced/Premier or family/business accounts only).
If you send via an external server
If you regularly send email through a non-Fastmail server, then if any of those emails bounce, they will be classed as backscatter (a type of spam) as they did not pass through one of our servers.
To avoid this happening, go to the Settings → Spam Protection screen. In the "Backscatter SMTP Hosts" box, enter a list of hostnames that you regularly also send email through where replies might come to Fastmail.
For instance, if you use the ISP
iinet.com.au, and regularly send email through their SMTP server with your Fastmail email address as the
From address, then you should add
iinet.com.au to the Backscatter SMTP Hosts text box. This will ensure that any email sent via the
iinet.com.au SMTP server that bounces will correctly arrive at Fastmail and not be considered backscatter.
Add known senders to your contacts
Email from senders in your contact list get special treatment. They avoid greylisting and get a reduced spam score. If you use an email client (e.g. Outlook, Thunderbird, Apple Mail, etc.), you don't have to enter addresses into your Fastmail contact list manually: you can upload contacts in different formats on the Import & Setup screen.
To avoid spam checks on a complete domain, you can add a contact with the email address
*@domain.tld to your contact list in the "email" field. This will whitelist messages from all senders in this domain: preventing any message sent from that domain from being marked as spam. Entries in a shared contact group (for multi-user accounts) are also included.
If you don't want to clutter up your contacts with lots of whitelist entries (for example: legitimate mailing lists), create a single contact called "whitelist" and add each whitelist domain to that entry as extra addresses.
Where does spam come from?
Most spam these days is sent via automated servers or zombie PC's infected by viruses. The incoming spam can get to you via your main account email address, any aliases you use, wildcard aliases to your domain, or email forwarded to you from other accounts. The more addresses which end up in your Inbox, the higher the exposure you have to spam.
How do spammers get email addresses?
Some users find themselves receiving a lot of spam, even though they haven't told anyone else their email address. Often the assumption is that we've sold a list of email addresses.
We never sell email addresses. We never disclose email addresses at our site to anyone else.
There are several ways a spammer can get hold of your email addresses:
- Contact lists stolen from computers infected with viruses. This could be the addresses in any computer used by any person who has received an email directly or via forwarding from you (or where you are in the
Cclist). For this reason, you should not forward emails with long
Cclists directly to others, since that places people in jeopardy of getting their email address stolen.
- Address lists stolen from servers. Many corporate or government servers have been hacked over the last few years, and their lists of email addresses stolen.
- Purchased lists: Direct mail advertising and spammer organisations often sell address lists to others.
- Random and "dictionary" attacks: This is a problem if the email system for a domain doesn't prevent repetitious attacks to addresses at that domain. Fastmail has developed many techniques to stop the majority of these attacks on our customers, as long as you don't forward email from other accounts to your Fastmail account.
- Common words or names (or such words with an easy to guess number after them). If your email address is
firstname.lastname@example.org, you will probably get spam!
- Some spammers have been known to search online forums and websites for email addresses.
Because of the first issue (addresses stolen by viruses from computers of those who have received an email from you, even indirectly), and the fact that even most active but unused email addresses can be eventually guessed after thousands or millions of guesses, nearly all email addresses will get spam.
I still have too much spam
Even after reporting spam and setting up extra folders to learn spam for when you access your mail via a client and you have adjusted your settings, you're still getting spam. What can you do about it?
Is it legitimate mail? Is the mail from a mailing list you once subscribed to, or from a company you associated with at one time (many websites have an 'opt out' policy: unless you explicitly request to not receive email from them, they will continue to contact you). You can try unsubscribing from the mailing list or company newsletter: there should be a link at the bottom of the mail you received if it's a legitimate mail out.
How do I know if it's legitimate? Perhaps you don't remember ever having subscribed to such a mailing list or used the offending website.
- You can adjust your spam settings to
Customand configure it to add the spam score to the subject, even from a low score such as 1.0. This will show you how close to your spam cutoff the mails are coming.
- View the raw message to show you extra information about the headers. If you see
X-Spam-known-sender: yes- it means the sender is in your contacts.
X-Spam-score: 0.0- it means we haven't noticed anything suspicious about this email.
- You can adjust your spam settings to
Just make it stop
- Report it as spam. It can take a while of continually marking this kind of mail as spam before your personal spam database learns to distinguish this particular kind of mail from actual email you want to receive, but it's a good first step.
- Set up a rule to automatically file into a folder the offending mail, based on the sender or other message characteristics. The mail will still be sent to you, but you won't have to see it. It can be worth doing this initially to let you track the incoming mail and checking if there's anything you want to read. Afterwards you can set that folder to be learned as spam and teach your spam database quickly. A safer first step than automatically discarding, just in case there is mail you do want to see, and to test out the matching rule.
- Set up a rule to automatically discard the offending mail, based on the sender or other message characteristics.
Stopping virus mail
If Fastmail detects an incoming mail is carrying a virus in an attachment, the mail is discarded, preventing you from any risk of opening the infected mail.