Fastmail and Spam handling

I’m thinking of moving my email to Fastmail, I have several domains, one of which I’ve had for about 25 years.

The amount of spam I receive is what you’d expect after that length of time.

How is Fastmail with Spam identification? Does anyone have issues?

It works pretty well. Has facility to “learn” and how all that works is well documented.

and their rules work well to capture those persistent spammers.


I have two domains with several addresses which date back to the mid 90s hosted at Fastmail and their spam filtering has been outstanding in my experience.


I’ve been using Fastmail for nine years. It has been excellent on handling spam until about a month ago and I’m now getting a number of false negatives (spam in my inbox instead of in my spam folder). I’m not sure what’s changed but I’m not happy with their current spam filtering.

1 Like

I have been happy with Fastmail’s spam filtering. It can also be tuned. I end up with virtually no spam in my inbox. If you listen to MacGeekGab they had a couple discussions during July about spam filtering in general and Fastmail’s capabilities were discussed a bit.

How does fastmail spam handling compare to gmail’s? I’ve been pretty happy for the most part with gmail spam filters.

I used Spamassassin for a few years in the early 2000s on our company email server and replaced that with a Barracuda spam firewall. Both did a good job but neither has been able to match Google.

I have occasionally blocked a vendor that won’t honor an unsubscribe request, but I can’t remember the last time I received any real spam in my inbox.

I am having a hard time thinking of what the experiment design would be to test the hypothesis that Fastmail better than Gmail (or visa versa).

I use Fast mail extensively now and for many years and my numerous email addresses are out there and I notice few spam sneaking thru and few false positives. I realise that only an assertion and not a tested and proven hypothesis.

1 Like

I think it would be easier to nail jello to a tree. How do you compare a small company to the fourth largest corporation in the world?

If Fastmail or Gmail, Outlook, etc. does everything you need, and you are happy with their service, then IMO that is all that is important.

1 Like

Is Fastmail E2EE? I see a lot of privacy talk on their site but can’t find a mention of that.

Fastmail isn’t E2EE. If it was, you’d only be able to talk to other users of the service, or I’m missing something.

Excellent point, but what I really want to know is whether Fastmail personnel can access your emails, both in your saved history and as they’re sent and received.

Yes, Fastmail employees could potentially access your emails, although I suspect the company has a process that restricts that kind of access.

Protonis encrypted in a way that the company cannot access your stored data in any of the products they offer, including email, contacts, calendar, and drive.

(I have accounts with both providers.)

1 Like

I was considering Skiff for that reason, but Notion is now buying them out and giving all Skiff users six months to pull their data before they shut down their accounts.

They’re really sticking it to Skiff users. My opinion of Notion just dropped significantly, though Skiff’s heavy VC funding was a red flag.

So can the employees who manage your recipient’s email system. And your recipient can do whatever they want with the message you send them, and the messages they send you. We have no control over the emails we send or receive because we do not control all the copies.


Very true, internet email protocols were not designed with security in mind and bolting security solutions on after the fact is a bit of a fool’s game.

With very limited exceptions, emails are almost always stored in plain text, unencrypted, on the drive of whatever server manages them. Access controls are primarily account-based and/or policy-driven.

The protocols that communicate from your mail client to FastMail’s servers support encryption in transit - but don’t expect encryption at rest from any email provider that’s not making a Very Big Deal of it in their marketing.


There’s no complete solution, but that doesn’t mean we might as well all just throw up our hands and take an anything goes approach. We can still try to minimize the risks.

If you use Gmail, to use the most popular example, obviously you can’t expect true privacy.

But if you also use something like Spark on top of Gmail, you’ve added another company keeping yet another complete set of all your emails on their servers, and you’ve doubled your attack surface. And that other company likely has far less infosec expertise and resources than Google has.


You can IF you are using their paid service. Google Workspace legal and compliance - Google Workspace Admin Help. But my point is, regardless of what we do to protect our email messages, there are other copies that we cannot protect. So even if I run my own email server I have no control over all the copies of the messages I send or receive.

IMO, when it comes to choosing an email provider pick the one that has the features you want. Google, Microsoft, Fastmail, etc. should all give you good service. If you aren’t encrypting your messages when it comes to privacy they are all the same.


Ultimately I feel that it’s impossible to secure computers and software. The best one can do is mitigate their own risks based on a risk analysis.

See Ken Thomposon’s classic paper, “Reflections on Trusting Trust.”

I’m also quite fond of this Bob Morris quote, “The three golden rules to ensure computer security are: do not own a computer; do not power it on; and do not use it.”

To paraphrase a post from the cypherpunks mailing list back in the 90’s, ‘Don’t put anything on a computer you wouldn’t want to see revealed in a court of law or as a news headline.’