Improving spam protection

Fastmail offers many tools to catch and stop as much spam as possible. On this page, we'll go over some steps you can take to improve your spam protection even further. 

You can edit your spam protection settings via your Settings → Mail rules → Spam protection screen.

Reducing spam

Adjust spam protection settings

Every email that arrives at your mailbox is checked against a list of criteria and given a score to show how likely we think the message is to be spam. Since most people find false positives (where a message is mistakenly flagged as spam) are much worse than false negatives (where a spam message slips through to your inbox), we are reasonably conservative with our cut-off level.

For ease of use, we provide two levels in the Settings → Mail rules → Spam protection screen: Standard and Aggressive. This controls whether spam is moved to the Spam folder or deleted, and whether mail from known spam hosts is blocked. If you'd like greater control, you can use the Custom settings to refine further.

To adjust your spam protection settings:

  1. Go to the Settings → Mail rules → Spam protection screen.
  2. In the Spam protection section under Protection level, you can select one of four options: Off, Standard, Aggressive, and Custom.
    • The Standard and Aggressive options have preset spam filtering levels.
    • Selecting the Off option would turn your spam filtering off, which means all messages will arrive in your Inbox (even messages that would've been flagged as spam).
    • Selecting the Custom option allows you to set your own spam filtering levels. You can personalize the spam scores at which you want messages to be moved to the Spam folder or permanently deleted to Trash. Please see the Spam filtering page to learn more about how spam scores are determined. Do note that if you lower the threshold for considering a message as spam, it's more likely that a legitimate message will be mistakenly classified, so be sure to check your Spam folder every so often.
  3. You can choose to have your spam messages automatically marked as read. To enable this, you can toggle on the Mark spam as read option.
  4. You can also choose to anonymously share your spam reporting data with other spam-fighting companies. To enable this, toggle on the Share spam data with spam-fighting companies option.
  5. If you forward mail to Fastmail from other systems, use the Forwarding hosts field to enter the SMTP servers you're forwarding from. We can then use this information to determine the true sender of mail, which improves our spam detection for you.

Backscatter

When a spammer impersonates your email address, you can often end up with a lot of bounced mail being returned to you, bombarding you with spam. This is known as backscatter. By default, we move these emails into your Spam folder. However, this setting can be adjusted to your preference.

To adjust your backscatter settings:

  1. Go to the Settings → Mail rules → Spam protection screen.
  2. In the Backscatter section under With bounce spam, you can select one of three options: Do nothing, Move, or Discard.
    • Selecting the Do nothing option will allow backscatter to go into your Inbox.
    • Selecting the Move option will allow you to send backscatter to a specific folder (or label).
    • Selecting the Discard option will automatically discard backscatter messages.
  3. If you send mail using non-Fastmail servers, you can add their hostnames to the SMTP hosts used field, which will make sure we don't incorrectly mark your mail as bounce spam. For more on this, please see the Sending via external servers section.

Your personal spam database

Everybody's spam is different. When you report spam that's slipped through our filters, or non-spam that we've mistakenly flagged, we feed this information into a database that's tuned just for you. We also automatically train this with spam you've deleted permanently from your Spam folder, and non-spam you've moved out of your Spam folder.

Once your personal database has seen more than 200 spam and 200 non-spam emails, we automatically start using it to filter your incoming mail. Because it's been trained by the exact messages you receive, your database is more accurate at marking spam than our general database. However, it can only do so once it's been properly trained, which is why we have to wait until it has seen 200 of both spam and non-spam messages before it is activated.

On the Spam protection screen in the Personal spam filter section, you can see how many spam and non-spam emails have been reported so far.

How do we detect spam?

We perform a number of checks on incoming messages to see if they're spam. Check out the technical detail if you're interested in learning more.

Report spam and non-spam

If you get a spam message in your Inbox, you can report it as spam by selecting the message and clicking the Report spam button. Every so often, it's a good idea to check your Spam folder to see if any legitimate messages have been accidentally flagged as spam. If it has, select the message and click the Not spam button to mark it as not a spam message. (Marking a message as "not spam" will move the message to your Inbox.) Reporting messages as spam and non-spam will help with training the spam filters.

Report spam/non-spam on email clients

There’s no way to use our spam reporting system directly from a mail client. Instead, you can create special folders in your account for us to scan once a day to learn spam and non-spam.

  1. Go to the Settings → Folders screen.
  2. Click Create folder. Give the folder a descriptive name for your own reference. (You can name the folder something like "Learn spam", or whatever you prefer.)
  3. Click Show advanced preferences. Turn on the Scan this folder daily and learn any new messages option and choose as spam from the dropdown list. If you'd like, you can also set the folder to auto-purge after a certain number of days.
  4. Click Save.

Then, in your email client, move any spam emails you receive into that folder. The messages will automatically be fed to our spam database (and later deleted, if you set the folder to auto-purge).

Similarly, you can also help train your personal spam filter and increase the number of non-spam emails by following the above steps, but setting the folder's spam learning to as not spam.

Note: We recommend that you do not mark your Spam/Junk Mail folder to automatically learn as spam. This can create a false positive feedback loop. Imagine an email is incorrectly classified as spam, put in your Spam/Junk Mail folder, and then learned as spam. That means future emails that aren't spam are now more likely to be incorrectly marked as spam, sent to your Spam/Junk Mail folder, and learned as spam. Only mark folders to learn as spam if they're folders you manually move email to.

See spam scores

For mail that's likely to be spam, you'll see a red badge with its spam score in the preview pane of our web interface:

spam-score-badge.png

It's possible to quickly view this information on some mail clients, too. Mac Mail can be set to include the X-Spam-score header with the details listed at the top of every email. To use this option:

  • Open Mac mail and select Mail from the menu bar.
  • Click Preferences.
  • Click Viewing.
  • Open the dropdown box next to Show message headers.
  • Click Custom.
  • Click the + symbol in the pop-up menu.
  • This will let you add text under "Header." Type X-Spam-score and click OK.

This will add the spam score to the headers of all emails, instead of only those most likely to be spam. The same can be done on Thunderbird:

  • Open Thunderbird and select Thunderbird from the menu bar.
  • Click Preferences.
  • Click General.
  • Click Config editor.
  • Click I accept the risk on the pop-up warning.
  • A search window will pop up. Type mailnews.headers.extraExpandedHeaders.
  • A menu will pop up that lets you add text next to Enter string value. Type X-Spam-score: here and click OK.

If your mail client doesn't support custom headers, the X-Spam-score header can still be viewed by opening the raw message.

Avoid using forwarding services

Fastmail does a lot of work when email is forwarded from an outside system to our servers to find and block spam bots while letting legitimate mail through. If you use a forwarding service, we can't do these checks, and spam is more likely to get through.

If you forward email from an old email address, tell people to use your new Fastmail address instead, and close down forwarding from the old system.

If you use your own domain, point the MX records for your domain directly at our servers.

Sending via external servers

If you regularly send email through a non-Fastmail server and any of those emails bounce, they will be flagged as backscatter (a type of spam), since they did not pass through one of our servers.

To keep this from happening, go to the Settings → Mail rules → Spam protection screen. In the Backscatter section, find the SMTP hosts used option. Enter a list of hostnames that you regularly also send email through where replies might come to Fastmail.

For instance, if you use the ISP iinet.com.au, and regularly send email through their SMTP server with your Fastmail email address as the From address, then you should add iinet.com.au to the Backscatter SMTP hosts used option. This will ensure that any email sent via the iinet.com.au SMTP server that bounces will correctly arrive at Fastmail and not be considered backscatter.

Identifying legitimate mail

Add known senders to contacts

Emails that come from senders in your contact list will not get flagged as spam. They avoid greylisting and get a spam score of 0. If you use an email client, you don't have to enter addresses into your Fastmail contact list manually. You can upload contacts in different formats on the Settings → Migration → Import screen.

You can also add entire domains to your contact list. This will ensure that mail sent from any address at this domain is not marked as spam. You can add a contact with the email address *@domain.tld to your contact list in the Email field. Entries in a shared contact group are also included.

If you don't want to clutter up your contacts with lots of domains (for example: legitimate mailing lists), create a single contact called Whitelist and add each domain to that entry as extra addresses in the Email field.

Why do I get spam at all?

Where does spam come from?

Most spam these days is sent through automated servers or botnets. The incoming spam can get to you through your main account email address, any addresses you use, wildcard addresses to your domain, or email forwarded to you from other accounts. The more addresses which end up in your Inbox, the higher the exposure you have to spam.

How do spammers get email addresses?

Some users find themselves receiving a lot of spam, even though they haven't told anyone else their email address.

There are several ways a spammer can get hold of your email addresses, even if you haven't told other people about it:

  • Contact lists stolen from computers infected with viruses — This could be the addresses in any computer used by any person who has received an email directly or through forwarding from you (or where you are in the Cc list). For this reason, you should not forward emails with long Cc lists directly to others, since that places people in jeopardy of getting their email addresses placed on spam lists.
  • Address lists stolen from servers — Many corporate or government servers have been hacked over the last few years, and their lists of email addresses stolen.
  • Purchased lists — These are direct mail advertising and spammer organizations that sell address lists to others.
  • Random and "dictionary" attacks — This is a problem if a mail provider doesn't prevent repeated attacks to addresses at that domain. Fastmail has developed many techniques to stop the majority of these attacks on our customers, as long as you don't forward email from other accounts to your Fastmail account.
  • Common words or names (or such words with an easy to guess number after them) — If your email address is joe@example.com, you will probably get spam!
  • Some spammers have been known to search online forums and websites for email addresses.

Because of the first issue (addresses stolen by viruses from computers of those who have received an email from you, even indirectly), and the fact that even most active but unused email addresses can be eventually guessed after thousands or millions of guesses, nearly all email addresses will get spam.

I still have too much spam!

Even when you've reported spam, set up extra folders to learn spam when using a mail client, and have adjusted your settings, you're still getting spam. What can you do about it?

  • Is it legitimate mail? Is the mail from a mailing list you once subscribed to, or from a company you associated with at one time? Many websites have an 'opt out' policy: unless you explicitly request to not receive email from them, they will continue to contact you. Legitimate newsletters and mailing lists usually include a link to unsubscribe at the bottom of their emails. You can use this to opt out.

  • How do I know if it's legitimate? If you don’t remember signing up for a mailing list, it can help to look at the raw message for extra information about the headers. To do so, click the Actions menu in the top right of the email, then Show raw message. If you see:

    • X-Spam-known-sender: yes - it means the sender is in your contacts.
    • X-Spam-score: 0.0 - it means we haven't noticed anything suspicious about this email.

     

  • How do I make the spam stop?

    1. Report the unwanted messages as spam. It can take a while of continually marking this kind of mail as spam before your personal spam database learns to distinguish this particular kind of mail from actual email you want to receive, but it's a good first step.
    2. Set up a rule to automatically file into a folder the offending mail, based on the sender or other message characteristics. The mail will still be sent to you, but you won't have to see it. It can be worth doing this initially to let you track the incoming mail and checking if there's anything you want to read. Afterwards you can set that folder to be learned as spam and teach your spam database quickly. A safer first step than automatically discarding, just in case there is mail you do want to see, and to test out the matching rule.
    3. Set up a rule to automatically discard the offending mail, based on the sender or other message characteristics.

Stopping virus mail

If Fastmail detects an incoming mail is carrying a virus in an attachment, the mail is discarded, preventing you from any risk of opening the infected mail.

Was this article helpful?
118 out of 153 found this helpful