Outgoing Spam Filtering

Spam From Another FastMail.FM User

If you received an email you think was spam, forward the entire email (with complete headers) to "abuse@fastmail.fm". We'll analyse it to see if the relevant FastMail.FM addresses exist and/or have been locked and send a report back to you.

In general though, a FastMail.FM user has not sent you spam, even though it may appear that they have. FastMail.FM's mail servers are secured, and require a valid FastMail.FM user login to use them. Guest users may not send more than 80 items in one hour (an "item" is one message to one recipient) and are automatically locked out of their account if they break this quota. Spammers often use unsecured "open relays" for sending spam, as discussed here.

So, why could you have an unsolicited commercial email in front of you that contains one of FastMail.FM's domains in an address in the header? This is due to header forging. A forged header occurs when a spammer uses one email server to send an email, but inserts the address of another email system in the header of that message. That causes the email you look at to appear to come from a different place than where it actually came from. Unfortunately there is nothing we can do to stop people that use other sites' insecure mail servers to forge headers to make it appear that the message came from FastMail.FM.

There is also another common reason. Some spammers send emails with invalid email addresses such as:

From: Some Spammer

To: Spam Recipients

Subject: Yes, this is spam

Since "Some Spammer" is not a valid email address, our SMTP tries to fix it. In this case, it sees 2 email addresses in both the 'From' and 'To' headers, both without domains, so it turns them into:

From: Some@fastmail.fm, Spammer@fastmail.fm

To: Spam@fastmail.fm, Recipients@fastmail.fm

Subject: Yes, this is spam

Again, this has nothing to do with fastmail.fm. The @fastmail.fm part has just been added to make it a valid email address. But don't fret! It's actually possible to automatically parse headers of an email and send reports to the real source of the problem. And better still, there's a service you can use that does this for you! The service is SpamCop, and we strongly recommend using them instead of reporting Spam directly.

Email Blocking

If a site is blocking email from FastMail.FM, please send a link to this help entry to postmaster@<thesite.com>, webmaster@<thesite.com>, abuse@<thesite.com> and support@<thesite.com>. You'll have to do it from a non-FastMail.FM account obviously...

Showing Sender's IP

If you send an email via the FastMail.FM web-interface, one email header are added: 'X-Sasl-Enc', which includes two parts, separated by a space. These include a cryptographically secure encrypted version of your username. They allow us to correctly tell the account name an email was sent from if an email is reported as spam to us. These cannot be decoded by anyone but us. That way we can check who sent a particular mail in case of abuse. We can still track abusers, but don't give out the IP address of our customers.

Note that if you send via the SMTP server, then a standard Received: header is added, which will contain your IP address.

Opt-in Mailing

The terms of service you signed up to specifically prohibit 'unsolicited commercial email'. Remember that even one complaint of an unsolicited email where the email clearly shows that it's 'commercial' is enough to break the terms of service, so you need to be careful.

An important first point: "it's impossible to purchase a list, and meet these terms. A user may have solicited communication from some company, but they didn't solicit it from you, they solicited it from the company you are purchasing the list from. Any time you purchase a list and email the address on it, you will always get complaints of unsolicited commercial email, and will be even open to legal action in some jurisdictions!

If you wish to use your FastMail.FM account for drumming up business, you may do so as long as it is to people that you have evidence of solicited communication with from your company. To ensure you have the necessary evidence, you will need to request a "confirmation email" from the person signing up. Your opt-in confirmation should be short and simple and contain some key information to confirm the source of the opt-in. The subject should be something like:

Subject: Confirmation of subscription to <list name> for <email address>

The text should be something like:

We have received a request to subscribe your email address, <email address>, to the <list name> mailing list. To confirm that your email address should be added to this list, click 'reply' and then click 'send', leaving the subject and message unchanged. If you do not want to sign up for this list, simply delete this message.

The request details are as follows:

Date: <date and time>

Email Address: <email address>

Request source: <url>

From IP: <source ip>

The all important details section shows the date and time that the opt-in request was made, the address that is being signed up, the URL that the request was made from, and the IP address of the PC that clicked that URL.

If you use this confirmed opt-in strategy, including providing the details of the source of the opt-in, and avoiding any advertising or promotion in the message itself, we would be happy for you to use your FastMail.FM address in future messages to that user. So that we can confirm this in the case that one of your recipients claims that they did not opt-in, you should ensure that you do the following:

Send the confirmation email from your FastMail.FM account. Use your FastMail.FM to receive the confirmation. Keep all confirmations as long as the subscriber remains on your list, and allow us to access these confirmations when we make a request.