Spam Checking

As mentioned on the smtp checks page, FastMail.FM performs many checks at the time an email is received to stop spam. While these tests are very effective, they can't stop all spam, and some still enters the FastMail.FM system.

After FastMail.FM receives the email, we perform a number of checks based on the content of the email to try and determine if the email is spam. These checks are controlled by the settings on the Options -> Spam/Virus protection screen.

'Spam Protection' Radio Buttons

Unsolicited Commercial Email ("spam", or UCE) can be a major problem making it difficult to sort out your important emails from junk mail. However, spam can often be identified by looking for telltale signs such as mention of pornography, formatting used by certain bulk-email software, and the presence of known spam servers in the headers. By enabling the spam protection option, FastMail.FM automatically searches for these signs and performs various actions depending how 'spammy' the message is.

The following levels are available:

  • Basic - all users have this basic level of spam protection. If a message comes from a host or network known to be a common source of spam, then the message is rejected.

  • Normal - most users will want this level of protection. It contains a sensible combination of actions that will file probable spam into a folder called 'Junk Mail'. Messages that are just possibly spam are marked with a 'Spam Score' in their subject. A higher score means that the message is more 'spammy'. If email comes from people in your address book, then it will be less likely to be recognised as spam. Probable backscatter is also filed into the 'Junk Mail' folder.

    Unfortunately, the spam checking takes a significant amount of CPU time to run, so we can only provide this for users who pay a yearly subscription.

  • Aggressive - a more aggressive level of filtering. Spam checking is a bit more strict than the 'Normal' setting, and mails that have a very high probabitlity of spam or are backscatter are discarded. Useful if you receive a lot of spam in your account.

  • Whitelist Only - an extremely aggressive level of protection. With this level of spam protection enabled, only email from people who are in your address book will reach you. Everything else will be discarded. Use with caution.

  • Custom - whatever you like! Custom spam protection consists of the same elements as Normal, but you are able to configure the behaviour of the individual elements. This includes the spam score thresholds that are used for deleting / filing / marking messages, the folder that messages are to be filed to, the way in which messages are marked, and the special treatment of messages from people in your address book.

Spam Score

When spam protection is enabled, FastMail.FM automatically searches each message for characteristics that are typical of spam and assigns a 'spam score' using the SpamAssassin engine. Research by SpamAssassin shows that 99.5% of messages that score over 5.0 are spam.

The assigned score is placed in the header of incoming emails. FastMail.FM may take some actions based on the value of the spam score, depending on how you have configured the spam protection.

Advanced users can also define additional actions (reject, file, or forward) in the Define Rules screen, by selecting 'Spam Score >=' as the field to Look In, and entering the spam score theshold into the 'For Text Matching' field.

The main types of checks done by SpamAssassin are:

  • Bayes database: compares tokens found in the message with a local database, and computes a probability that this message is spam. The database is updated using high-scoring and low-scoring messages as examples. This method will adapt to evolutions in the structure of spam, but not revolutions.

  • Razor: Creates a checksum of the message and compares it to recently reported spam in a global database; if they match, it's spam!

  • DNSBL: Check all servers in the SMTP path for open relays, open proxies, and blacklisted hosts in many blacklists, each one weighted differently depending on past results

  • Header and body checks: Various checks for common spam phrases like "This is not spam!" and "This is sent in compliance with bill S1618"

  • Structure: Checks whether it's HTML mail, has an embedded form, contains formatting errors, etc

Discarding Spam

Discard mail without a trace

If you select the discard mail checkbox, then messages that have a spam score greater than or equal to the threshold will be silently discarded, via the sieve "discard" command. You won't see them in any of your folders, or in the trash, and the sender will not receive a bounce or reject message.

It is usually wise to set this threshold larger than the spam score on any real message (i.e. not spam) that you have ever received!

Filing Spam

File probable spam to the given folder

If you select the file mail checkbox, then messages that have a spam score greater than or equal to the threshold will be placed in the indicated folder. You can choose whatever folder you like, but it is easier to empty if you file to "Junk Mail".

Spam Subject Marking

Change the subject of suspected spam

If you select the change subject checkbox, then messages that have a spam score greater than or equal to the threshold will have their subject modified according to the value you select in the drop down list.

The possible values are:

  • None - the subject is unchanged, but the X-Spam header will be set

  • {SPAM ###} - at the start of the subject the word SPAM will be added, and also a simple graph representing how spammy the message is. The graph ranges from _____ (hardly spammy at all) to ##### (very spammy).

  • {SPAM 99.9} - at the start of the subject the word SPAM will be added, and also the spam score for this message. The score will always have two digits to the left of the decimal point, so if you are using this form then you can sort a folder by subject, and the messages will be in order of spam score.

  • {SPAM 99.9 ###} - at the start of the subject the word SPAM, the spam score for this message, and a graph (as described above) will be added.

  • Custom - you can specify what text you want to be added before and after the original subject, and you can specify the format of the spam graph.

There is a side effect of selecting subject marking. The threshold that you specify will be used to set the (deprecated) X-Spam header. If you are using X-Spam in the Define Rules screen, or in a custom sieve script, you should be very careful of changing this threshold!

FastMail.FM has for many years added an "X-Spam-hits" header to show which SpamAssassin rules were triggered by an email. Unfortunately previously finding the scores of each of those hits involved looking up a table at the spamassassin website. Now those scores have been added directly to the X-Spam-hits header immediately after each hit.

So a header like this:

  • X-Spam-hits: BAYES_99 3.5, EXTRA_MPART_TYPE 1.091, HTML_MESSAGE 0.001, SPAMMY_XMAILER 1 X-Spam-score: 5.5

Shows that BAYES_99 had a score of 3.5, EXTRA_MPART_TYPE a score of 1.091, etc. Adding these all up gives the final score of 5.5 (always rounded to 1 decimal place).