Improving spam protection
Fastmail uses many tools that help catch and stop as much spam as possible. We have personalized spam filters that learn what you do and don't want to see in your inbox. By reporting messages as spam and not spam, you can have an inbox full of messages you want, instead of sifting through spam.
- Reducing spam
- Identifying legitimate mail
- Why do I get spam?
- Stopping virus mail
Adjust Fastmail settings
Every email that arrives at your account is reviewed by our spam filtering service and given a score to show how likely we think it is that the message is spam. Since most people find false-positives (where we mistakenly think a real email is spam) are much worse than false-negatives (where a spam message slips through to your inbox), we are reasonably moderate with our cut-off level.
We allow you to customize how aggressive your spam filtering is. We provide three preset options in the Settings → Spam Protection screen:
Aggressive, which change how we treat spam. This controls whether spam is moved to the Spam folder or deleted. Mail from known spam hosts is blocked. If you'd like even more control, you can use the
Custom settings to refine how you'd like your spam to be treated.
If you do raise the level of your spam filtering, it's more likely that a message you wanted to receive will be mistakenly marked as spam, so be sure to check your spam folder every so often.
You can also choose to automatically mark spam as read, and if you click show advanced preferences, you have the option to (anonymously) share your spam reporting data with other spam-fighting companies.
If you forward mail to Fastmail from other email accounts, use the forwarding hosts field to enter a list of all domain names you're forwarding from. We can then use this information to determine the true sender of mail, which improves our spam detection for you.
When a spammer impersonates your email address, you can often end up with a lot of bounced mail being returned to you, bombarding you with backscatter spam. By default we move these messages into your Spam folder. You can adjust this setting to do nothing, or to discard these mails. If you send mail using non-Fastmail servers, you can add their hostnames to the SMTP hosts used field which ensures we don't incorrectly classify your mail as bounce spam.
Your personal spam filter
Everybody's spam is different. When you report spam that's slipped through our filters, or non-spam that we've mistakenly marked as spam, we feed this information into a filter that's tuned just for you. Messages that you delete from your Spam folder also are reported as spam to train your filter, and messages that you move from Spam to another folder or reply to are reported as non-spam.
Once your personal spam filter has seen more than 200 spam and more than 200 non-spam emails, we automatically start using it to filter your incoming mail. Because it's been trained by the exact messages you receive, your filter is more accurate at finding spam than our general filter. However, it can only do so once it's seen enough spam and non-spam messages.
If you go to the Spam Protection screen, you can see how many spam and non-spam emails have been reported so far.
How do we detect spam?
We perform a number of checks on incoming messages to see if they're spam. Check out the technical details if you're interested in learning more.
Report spam and non-spam emails
If you get a spam message in your inbox, you can help train our spam filters by selecting it and clicking the Report Spam button. Every so often, it's a good idea to check your Spam folder to see if anything you wanted has been accidentally marked as spam. If it has, select it and click the not spam button so we can learn from the mistake. This will also move the message to your inbox.
Reporting spam/non-spam with an email client
When you report a message as spam on your email client, it doesn't immediately train our spam filters. However, you can create special folders in your account which we'll scan once a day to learn spam/non-spam.
- Log in to your account at https://www.fastmail.com.
- Go to the Settings → Folders screen.
- Create a new folder called something like "learn spam". Mark that folder's "Spam learning" as "As spam", and if you'd like, you can also set it to "Auto-purge older than 7 days".
Then, in your email client, move any spam emails you receive into that folder. They will automatically be fed to our spam filter, and later deleted if you have the folder set to auto-purge.
We do not recommend that you mark your Spam/Junk Mail folder to automatically learn "As spam". This can create a false positive feedback loop. Imagine an email is incorrectly classified as spam, put in your Spam/Junk Mail folder, and then learned as spam. That means future emails that aren't spam are now more likely to be incorrectly marked as spam, sent to your Spam/Junk Mail folder, and learned as spam. Only mark folders to learn "As spam" if they're folders you manually move email to.
Avoid using forwarding services
If you forward email from an old email address, tell people to use your new Fastmail address instead and close down forwarding from the old account.
If you use your own domain, point the MX records for your domain directly at our servers.
If you send through an external server
If you regularly send email through a non-Fastmail server and any of those emails bounce, they will be marked as backscatter (a type of spam) since they did not pass through one of our servers.
To avoid this happening, go to the Settings -> Spam Protection screen. In the "SMTP hosts used" box in the Backscatter section, enter a list of hostnames that you regularly also send email through where replies might come to Fastmail.
For instance, if you use the ISP
iinet.com.au, and regularly send email through their SMTP server with your Fastmail email address as the
From address, then you should add
iinet.com.au to the Backscatter SMTP Hosts text box. This way, any email sent through the
iinet.com.au SMTP server that bounces will correctly arrive at Fastmail and not be considered backscatter.
Add known senders to your contacts
Email from senders in your contact list get special treatment. They avoid greylisting and get a reduced spam score. If you use an email client (like Outlook, Thunderbird, or Apple Mail), you don't have to enter addresses into your Fastmail contact list manually. Instead, you can upload contacts on the Import & Setup screen.
To avoid spam checks on a whole domain, you can add a contact with the email address
*@domain.tld to your contact list in the email field. This will whitelist messages from all senders in this domain, which means that messages sent from any address at that domain will not be marked as spam. Contacts in a shared contact group (for multi-user accounts) are also included.
If you don't want to clutter up your contacts with lots of whitelist entries (for example: legitimate mailing lists), create a single contact called "whitelist" and add each whitelist domain to that entry as extra addresses.
Where does spam come from?
Most spam these days is sent through automated servers or zombie PC's infected by viruses. The incoming spam can get to you through your main account's email address, any aliases you use, or email forwarded to you from other accounts. The more addresses which end up in your inbox, the more likely you are to get spam.
How do spammers get email addresses?
Some people find that they receive a lot of spam, even though they haven't told anyone else their email address. This causes them to think that we may have sold their email address. We never sell email addresses!
There are a lot of ways a spammer can get ahold of your email addresses:
- Contact lists stolen from computers infected with viruses. This could be the addresses in any computer used by any person who has received an email directly, or through forwarding from you. For this reason, you should not forward emails with long
Cc:lists directly to others, since that places people in jeopardy of getting their lists of email addresses stolen.
- Address lists stolen from servers Many corporate or government servers have been hacked over the last few years, and their lists of email addresses stolen.
- Purchased lists Direct mail advertising and spammer organizations often sell address lists to others.
- Random and "dictionary" attacks This is when spammers automate sending to thousands of addresses at a domain. This is a problem if the email system for a domain doesn't prevent repetitious attacks to addresses at that domain. Fastmail has developed many techniques to stop the majority of these attacks on our customers, as long as you don't forward email from other accounts to your Fastmail account.
- Common words or names (or such words with an easy to guess number after them). If your email address is
email@example.com, you will probably get spam!
- Some spammers have been known to search online forums and websites for email addresses.
If you'd like to check whether an email address has been compromised in some way or placed on any spamming lists, we advise visiting [Haveibeenpwned] (https://haveibeenpwned.com/). Enter your commonly used email addresses and the tool will return a list of any breaches or spam lists the email address appears in.
Almost all email addresses will get spam at some point. The longer your email address has been around, the more likely you are to get spam.
I still have too much spam!
Even after taking all of the actions listed above, you're still getting spam. What can you do about it?
Is it legitimate mail? Is the mail from a mailing list you once subscribed to, or from a company you used to have an account with? You can try unsubscribing from the mailing list or company newsletter. There should be a link at the bottom of the mail you received if it's from a real organization.
How do I know if it's legitimate? Maybe you don't remember ever having subscribed to such a mailing list. View the raw message to show you extra information about the headers. If you see *
X-Spam-known-sender: yes- it means the sender is in your contacts. *
X-Spam-score: 0.0- it means we haven't noticed anything suspicious about this email.
If the sender is in your contacts and/or the spam score is low, it's most likely a legitimate message.
- Just make it stop
- Report it as spam. You may have to do this a number of times before your personal spam filter learns to tell spam apart from non-spam, but it's a good first step.
- Set up a rule to automatically sort it into a folder the offending mail, based on the sender or other parts of the message. The mail will still be sent to you, but you won't have to see it.
- Set up a rule to automatically discard the mail you don't want to see, based on the sender or other parts of the message.
Stopping virus mail
If we detect that an incoming message has a virus in an attachment, the mail is discarded, preventing you from any risk of opening the infected message.