Improving spam protection

FastMail has a number of features that help catch and stop as much spam as possible. With just a little help from you, you can virtually eliminate spam from your Inbox.

Report spam and non-spam emails

If you get a spam message in your Inbox, help us out by selecting it and clicking the "Report Spam" button. Every so often, it's a good idea to check your Spam folder to see if anything you wanted has been accidentally classified as spam. If it has, select it and click the "Not Spam" button so we can learn from the mistake (the message will be moved to your Inbox).

Everybody's spam is different. When you report spam that's slipped through our filters, or non-spam that we've mistakenly classified, we feed this information into a bayes database that's tuned just for you. We also automatically train this with spam you've deleted permanently from your spam folder, and non-spam you've moved to your Archive folder or replied to.

Once your personal database has seen more than 200 spam and 200 non-spam emails, we automatically start using it to classify your incoming mail. Because it's been trained by the exact type of messages you receive, it is normally significantly more accurate at classifying spam than our general database. However, it can only do so once it's been properly trained, which is why we have to wait until it has seen 200 of each type of message before it is activated.

If you go to the Advanced → Spam/Virus Protection screen, you can see how many spam and non-spam emails have been seen so far, and whether the global or personal bayes DB is currently being used to filter your mail.

Reporting spam/non-spam with an email client

There's no mechanism in the IMAP protocol for hooking into our spam reporting system directly. However, you can designate special folders in your account which we'll scan once a day to report spam/non-spam.

  1. Log in to your account at https://www.fastmail.fm.
  2. Go to the Advanced → Folders screen.
  3. Set your Inbox folder to have "Spam Learning" as "As non-spam" (you can do the same for any other legitimate mail folder you have, such as Archive).
  4. Create a new folder called something like "Learn spam". Mark that folder's "Spam Learning" as "As spam", and set it to "Purge > 7 days old".

Then, in your email client, move any spam emails you receive into that folder. They will automatically be fed to the bayes DB and later deleted.

Avoid using forwarding services

FastMail does a lot of work at the SMTP stage (when email is transferred from an external system to FastMail) to identify and block spam bots while letting legitimate mail through. If you use a forwarding service, we can't do these checks and more spam will get through.

If you forward email from an old email address, tell people to use your new FastMail address instead and close down forwarding from the old system.

If you use your own domain, point the MX records for your domain directly at our servers (Enhanced/Premier or family/business accounts only).

Add known senders to your address book

Email from senders in your address book get special treatment. They avoid greylisting and get a reduced spam score. If you use an email client (e.g. Outlook, Thunderbird, Apple Mail, etc.), you don't have to enter addresses manually, you can upload from many different address book formats on the Import & Export screen.

To avoid spam checks on a complete domain, you can add a contact with the email address *@domain.tld to your Address Book. This will whitelist messages from all senders in this domain.

If you send via an external server

If you regularly send email through a non-FastMail server, then if any of those emails bounce, they will be classed as backscatter (a type of spam) as they did not pass through one of our servers.

To avoid this happening, go to the Advanced → Spam/Virus Protection screen. In the "Backscatter Whitelist Hosts" box, enter a list of hostnames that you regularly also send email through where replies might come to FastMail.

For instance, if you use the ISP iinet.com.au, and regularly send email through their SMTP server with your FastMail email address as the From address, then you should add iinet.com.au to the Backscatter Whitelist Hosts text box. This will ensure that any email sent via the iinet.com.au SMTP server that bounces will correctly arrive at FastMail and not be considered backscatter.

Make our filtering more aggressive

Every email that arrives at your account is assessed against many criteria and assigned a numerical score to indicate how likely we think the message is to be spam. Since most people find false-positives (where we mistakenly think an email is spam when it was really legitimate) are much worse than false-negatives (where a spam message slips through to your inbox), we are reasonably conservative with our cut-off level.

By default, anything with a score of 5.0 or greater is considered spam. However, you can tweak this by going to the Advanced → Spam/Virus Protection screen, where you can fine-tune the score at which messages are automatically filtered into your spam folder, or even deleted immediately. Remember though, if you lower the threshold for considering a message as spam, it's more likely that a legitimate message will be mistakenly classified, so be sure to check your spam folder every so often.

Where does spam come from?

The vast majority of spam these days is sent via automated servers or zombie PC's infected by viruses. The incoming spam can get to you via your main account email address, any aliases you use, wildcard aliases to your domain, or email forwarded to you from other accounts. The more addresses which end up in your Inbox, the higher the exposure you have to spam.

How do spammers get email addresses?

Some users find themselves receiving a lot of spam, even though they haven't told anyone else their email address. Often the assumption is that we've sold a list of email addresses.

We never sell email addresses. We never disclose email addresses at our site to anyone else.

There are several ways a spammer can get hold of your email addresses:

Because of the first issue (addresses stolen by viruses from computers of those who have received an email from you, even indirectly), and the fact that even most active but unused email addresses can be eventually guessed after thousands or millions of guesses, nearly all email addresses will eventually get spam.