Spam filtering

Fastmail has robust spam filtering options that can be customized to a user's needs. We can stop many spam emails before they even arrive in our servers, and most remaining spam messages are caught and filed into Spam for an individual user to check.

Custom spam protection settings

Spam protection settings can be controlled on the Settings → Filters & Rules screen. Selecting Advanced options gives complete control over when messages are:

  • discarded immediately, without you ever seeing the message.
  • delivered to your Spam folder, or another folder of your choosing.

These are determined by a message's spam score: a number that shows how likely the message is to be spam. By default, we move anything with a score of 5 or higher to your Spam folder.

Enabling Fighting Spam lets us report incorrectly categorized emails to our partner organizations which provide us with spam feeds. This includes both false negatives (emails you report as spam) and false positives (emails relayed to the spam folder, which you report as not spam.) If you do not enable this, reporting emails as spam or not spam will still train your personal spam database.

You can also specify how to deal with backscatter.

 

The spam checking process

As mentioned on the SMTP checks page, Fastmail performs many checks at the time an email is received to stop spam. While these tests are very effective, they can't stop all spam, and some still enters the Fastmail system. After Fastmail receives the email, we perform a number of checks based on the content of the email to try and determine if the email is spam.

Each message we receive is analyzed using SpamAssassin and assigned a spam score.

The main types of checks done by SpamAssassin are:

  • Content filter: Email is checked with our content filter, which adds headers as detailed in our email delivery page. SpamAssassin checks for these headers, and adds a ME_VADE score as appropriate. Our content filter checks the email against a wide and rapidly changing set of rules to set a category and score for the email. Our content filter uses data from Fastmail and other major providers to quickly update these rules to deal with current and emerging threats.
  • Bayes database: Compares tokens found in the message with a local database to tell if this message is spam. The database is updated using high-scoring and low-scoring messages as examples. The Bayes database can be trained to be personalized for your account by marking messages as "spam" or "not spam".
  • Razor: Creates a checksum of the message and compares it to recently reported spam in a global database; if they match, the message is classified as spam.
  • DNSBL: Checks all servers in the SMTP path for open relays, open proxies, and blacklisted hosts in many blacklists, each one weighted differently depending on past results.
  • Header and body checks: Various checks for common spam phrases like "This is not spam!" and "This is sent in compliance with bill S1618".
  • Structure: Checks whether it's an HTML email, has an embedded form, contains formatting errors, etc.

Forwarding hosts

In Show advanced preferences, you can specify "Forwarding hosts". Forwarding hosts are other services that you forward mail through and trust, for example, your university alumni account. This can help you receive mail from this service more reliably.

In most cases, SpamAssassin will only look at the most recent service through which an email is transferred. This is because it is difficult to verify message headers once an email has been passed through more than one network (for instance, through forwarding). This means that if a message is forwarded without the forwarding service being added to your Forwarding hosts, then the service you forward messages through will be checked against RBL's (Realtime Block Lists).

By specifying the forwarding services as trusted hosts, we can scan back through them to find out the real source of the email. Internally, we have a list of trusted hosts for all users (for common mail providers).

You can add to this list (for your account) by specifying the domain names in the "Forwarding hosts" field on the Settings → Spam Protection screen under Show Advanced Preferences. For instance, you may have an email address at your old university and forward all the email that arrives in this account to Fastmail. In this case, you would want to add the domain of the university to the trusted hosts list. Doing this will allow us to check back through those forwarding headers to find the true source (originating IP address) of the message.

Being a "trusted" system doesn't mean we don't spam check the message, it just means that we check back through the Received headers to find what server delivered the email to that service, rather than using that service's IP address.

Fastmail does support ARC, a new standard designed to solve the problems with email forwarding and authentication. However, few other services currently support ARC, so it's still necessary to add forwarding hosts to your Fastmail account to help us detect legitimately forwarded messages more accurately.

Trusted hosts

If you have certain hosts you don't want to subject to regular spam filtering, you can "whitelist" them. By adding the domain to your contacts using a wildcard alias (*@trusted-domain.com), all mail coming from that domain will be automatically accepted. By adding this alias to your contacts, you are marking the domain as trusted.

Whitelisting a domain only works if we detect that the message was actually sent from the domain that is whitelisted. If a message has forged headers to make you believe it is coming from the whitelisted domain, it will still be detected as spam.

Spam check headers

The Fastmail system adds the following headers to spam checked email.

  • X-Spam-score — aggregate spam score. A number with 1 decimal place. At "Normal" spam protection level, scores <5.0 are considered not-spam, scores >= 5.0 are considered spam.
  • X-Spam-hits — shows which SpamAssassin rules were triggered by an email and the score of each rule that hit.

    So a header like this:

    X-Spam-score: 5.5

    X-Spam-hits: BAYES_99 3.5, EXTRA_MPART_TYPE 1.091, HTML_MESSAGE 0.001, SPAMMY_XMAILER 1

    shows that BAYES_99 had a score of 3.5, EXTRA_MPART_TYPE a score of 1.091, and so on. Adding these all up gives the final score of 5.5 (always rounded to 1 decimal place).

  • X-Spam-source — information gathered from the Received headers that shows the calculated source of the message. This may not be the server Fastmail received the email from if you have trusted hosts set up.

  • X-Spam-charsets — character sets found in the message, either in message headers, or in the content-type headers for each section of the message.
  • X-Spam-known-sender — information on whether the sender of the message was found in the address book. If this is "yes", then the email will not be moved to the Spam folder.
  • X-Spam-sender-reputation - a score of between 0 and 1000 based on your past interaction with the sender of the message. The score will be used if we can verify if the email is coming from the sender in the From: address. The score is calculated on either the domain or on the complete email address. This score will be applied to the ME_SENDERREP* SpamAssassin tags, and will be based on your personal reputation for the sender.

    The possible SpamAssassin tags for this are:

    • ME_SENDERREP_TAG_ALLOW - Very good reputation, tagging only.
    • ME_SENDERREP_TAG_HAM - Good reputation, tagging only.
    • ME_SENDERREP_TAG_NEUTRAL - Neutral message, tagging only.
    • ME_SENDERREP_TAG_SPAM - Poor reputation, tagging only.
    • ME_SENDERREP_TAG_DENY - Very poor reputation, tagging only.
    • ME_SENDERREP_ALLOW - Very good reputation, scoring.
    • ME_SENDERREP_HAM - Good reputation, scoring.
    • ME_SENDERREP_NEUTRAL - Neutral reputation, scoring.
    • ME_SENDERREP_SPAM - Poor reputation, scoring.
    • ME_SENDERREP_DENY - Very poor reputation, scoring.

Not all headers may be added on each message.

Was this article helpful?
3 out of 6 found this helpful