Spam is a huge problem on the internet. FastMail has a number of features that help catch and stop as much spam as possible. With just a little help from you, you can virtually eliminate spam from your Inbox.
Turn on advanced spam filtering
- Go to the Advanced -> Spam / Virus protection screen and switch from "Basic" to "Normal", "Aggressive" or "Custom" level filtering. Note: Only subscription accounts get advanced filtering, free accounts only get "Basic" filtering.
Report spam and non-spam emails
- If you report more than 200 spam and 200 non-spam emails, it will activate your personal bayes database. This will significantly increase the accuracy of the spam filter in separating out spam from legitimate email sent to your account
- See the bottom of the Advanced -> Spam / Virus protection screen to see how many spam and non-spam emails you've reported. See below for details on increasing these values
- If you use IMAP mostly, setup auto-reporting on folders. See below for more details
Avoid using forwarding services
- FastMail does a lot of work at the SMTP stage (when email is transferred from an external system to FastMail) to try and identify spam bots and block them while letting legitimate through. If you use a forwarding service, we can't do these checks, and more spam will get through.
- If you forward email from an old email address, tell people to use your @fastmail.fm/etc address instead and close down forwarding from the old system
- If you use your own domain, point the MX records for your domain directly at our servers (Enhanced or family/business accounts only)
Add known senders to your address book
- Email from senders in your address book get special treatment. They avoid greylisting and get a reduced spam score
- If you use an email client (e.g. Outlook, Thunderbird, Apple Mail, etc). You don't have to enter addresses manually, you can upload from many different address book formats on the Address Book screen.
- To avoid spam checks on a complete domain you just need to add an entry '*@domain.com' in your Address Book to whitelist mails from senders in this domain.
- The checking will occur on the SMTP MAIL FROM envelope, the "From" header, and the "Sender" header
As mentioned above, reporting spam and non-spam to your personal bayes database will significantly help improve the accuracy of spam protection. There's different ways to do this if you use the web interface or an email client.
Note that the spam protection system takes sometime in learning your account so initially you might receive a few false-positives (eg non-spam that incorrectly ends up in the Junk Mail folder) or false-negatives (eg spam that incorrectly ends up in the Inbox folder).
Just continue Reporting spam and Reporting non spam as described below, and you should see the system becoming better at handling them and greatly improving in accuracy. So much so that we've even begun advertising our regular email addresses on websites to try and get more spam. It means if the spam protection ever gets worse, hopefully we'll be one of the first to know, and be able to deal with it quickly.
When you use the "Report Spam" or "Report non-spam" buttons, emails get learnt to a per-user bayes database, but unfortunately that database is only effective after 200 spam *and* 200 non-spam emails have been learnt. Before that, it uses a "Global" bayes database. You can see how much spam and non-spam you've learned, and whether your account is using the "Global" or "User" bayes database on the Advanced -> Spam / Virus protection screen.
If you're still using the "Global" database, we recommend you use the "Report spam" and "Report non-spam" actions on all emails to try and build your own personal bayes database (eg report at least 200 spam emails *and* 200 non-spam emails). This will always be much more accurate than the "Global" one.
If you have lots of reported spam email, but not many non-spam emails, you can learn a lot of emails in one go. Just go to a folder that you know contains only non-spam emails, and use the "Select all in folder" action to select all emails in that folder, and then use the "Report non-spam" action to report all those emails as non-spam in one go.
If you use an IMAP client mostly, login to the web interface, go to the Advanced -> Folders screen and set you Inbox folder to have "Spam Learning" as "As non-spam" (you can do the same for any other legtimate mail folder you have, such as saved/archived email folders).
Then create a new folder called something like "Learn spam". Mark that folder's "Spam Learning" as "As spam", and set it to "Purge > 7 days old". Then from your IMAP client, drag any spam emails you receive into that folder to learn them and delete them. That way you'll be able to train your bayes db automatically via your IMAP client which will improve your spam filtering over time.
The vast majority of spam these days is sent via automated servers or zombie PC's infected by viruses. The incoming spam can get to you via your main account email address, any aliases you use, wildcard aliases to your virtual domain, or email forwarded to you from others, forwarding services, or other email account forwarding you have configured. So the more addresses which end up in your Inbox, the higher the exposure you have to spam.
Some users find themselves receiving a lot of spam, even though they haven't told anyone else their email address. Often the assumption is that we've sold a list of email addresses.
We NEVER sell email addresses. We never disclose email addresses at our site to anyone else.
But how do the spammers get one of your email addresses anyway? They can do this in one of several ways:
Address books stolen from computers infected with viruses. This could be the address book in any computer used by any person who has received and email directly or via forwarding from you (or where you are in the CC list). This is why you should not forward emails with long CC lists directly to others, since that is placing many people at jeopardy at getting their email address stolen.
Address lists stolen from servers. These are the well-known instances in the past few years where someone hacked into a corporate or government server and stole an address list or other personal information.
Purchased lists: Direct mail advertising and spammer organizations often sell address lists to others.
Random and "dictionary" attacks: This is especially a problem if the email system for a domain doesn't prevent repetitious attacks to huge numbers of addresses at that domain. FastMail has developed various techniques to eliminate the vast majority of these attacks to FastMail customers, as long as you don't forward email from other accounts to your FastMail account.
Another big problem is common words or names (or such words with an easy to guess number after them). If your email address is john @ domain.x, you will probably get spam!
Some spammers have been known to search online forums and websites for email addresses.
Because of the first issue (addresses stolen by viruses from computers of those who have received an email from you, even indirectly), and the fact that even most active but unused email addresses can be eventually guessed after thousands or millions of guesses, nearly all email addresses will eventually get spam. The only real way to keep this from happening would be to use a very long random email address, and change it every time you sent an email. But then no friends could send you an email! So spam filtering (and other techniques at the FastMail servers) is required to keep away nearly all of the huge quantity of incoming spam.