EmailDiscussions.com  

Go Back   EmailDiscussions.com > Email Service Provider-specific Forums > FastMail Forum
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

FastMail Forum All posts relating to FastMail.FM should go here: suggestions, comments, requests for help, complaints, technical issues etc.

Reply
 
Thread Tools
Old 19 Jul 2019, 07:18 AM   #16
xyzzy
Senior Member
 
Join Date: May 2018
Posts: 161
Quote:
Originally Posted by Mr David View Post
Use of my 'shop' folder is much looser. It has no subfolders. But whenever I provide email credentials to an online business I make a unique email address for that business. For example:
-- [email protected]
-- [email protected]

Messages to these addresses are automatically filed to my 'shop' folder.

If I gave all online retailers the subdomain address [email protected], messages would also be filed to the 'shop' folder. But if a retailer website is compromised, I can't tell which site has gone bad. It is better to use a unique subdomain address.

To keep your inbox tidy you might do a similar thing for bills you regularly receive. Eg:
-- [email protected]
-- [email protected]
Just thought of something related to this, specifically, the sending identities. Just how are you handling them? You have to set them up don't you? While you can create *@mrdavid.fmdomain.dom and *@username.fmdomain.dom and only use these sending identities I find using these very inconvient in the way FM treats these in the compose From selection list (means you always have to remember to edit the part before the @) and be very careful trying to reply to these (doesn't use the From address in the reply-to so you have to edit it too). On the other hand you can create individual sending identities like you show above. So is that what you are doing (creating individual sending identities) or am I missing something here (like maybe they are used for receive-only addresses and you never intent to send to them)?

Last edited by xyzzy : 19 Jul 2019 at 07:44 AM.
xyzzy is offline   Reply With Quote
Old 19 Jul 2019, 09:29 AM   #17
Mr David
Member
 
Join Date: May 2003
Location: Melbourne, Aus
Posts: 96
Quote:
Originally Posted by xyzzy View Post
Just thought of something related to this, specifically, the sending identities.
I know how to handle subdomain addressing and aliases, but the use of identities makes my head spin.

In superseded iterations of the FM web user interface, it used to be simple enough to change the From address field on the fly when drafting a reply. It is not possible to do this in my account these days. Options to change the From address for outgoing messages in my account are limited to the alias addresses I have registered, and my main account address used for login. These can be selected from a drop down menu on the Compose screen.

If you know of a link to FM documentation explaining how to create sender identities that can be applied to the From field in outgoing messages I'd like to see it.

Quote:
Originally Posted by xyzzy View Post
Of course if you assume you are never going to send to these guys and they are only used to receive you don't need sending identities.
This is more or less the way I use subdomain addressing, or aliases with subdomain addressing. In the main, I use these FM features to make unique email addresses for organisations that send me mail. When messages are received from these unique addresses, they will be filed automatically, and if an address goes rogue it can be dispatched.

On occasion, when such an address has been provided to an online retailer with whom I've needed to engage in customer service correspondence, I haven't bothered trying to set up an identity. I just use the base identity/alias email address in my replies.

In many instances the customer support begins with filling out a web form on the site of the entity. The entity's reply is sent to the unique address I gave them; my reply to the first customer service response does not have subdomain details in the From address. I have never had anyone create a fuss over the slightly different address used in my replies; same if I create a customer service query from first principles. If an alias address has been provided, I make sure to use the correct one in messages I send.

When unsolicited mail issues have arisen from subdomain addresses provided, initially the spammers used crude techniques. I'm not an expert with an intricate understanding of the back-end tech that make email possible, my understanding of the dark arts of email subterfuge is only superficial. Looking at the problem broadly, spammers harvest huge numbers of email addresses for their mail-out campaigns. These numbers require machine processing.

Initially, in the rare instances my unique subdomain addresses received spam, it was sent to the full subdomain address, This was simple for me to block with a rule. Later, spammers got trickier, and stripped the subdomain details from the front of the address and substituted them with details created by machine.

Eg. [email protected]
... or whichever subdomain address had been purloined (when subdomain details were stripped, I couldn't tell which site had been compromised - I used to have only 3 aliases, not 500) became something like:
[email protected]
A random name might also be substituted for the subdomain details.
Of course these substituted details were themselves unique, so it was easy to block them with a rule. Spam with continued random substitution of subdomain address details has not so far made it through to my account.

For spam defence, aliases are much more powerful. If an alias address is harvested by spammers, it doesn't matter if they try cunning stunts with subdomain details. You're going to see the alias you made somewhere in To:, cc:, or bcc:.

However, if unique aliases are made for every online entity you deal with, you could very quickly wind up managing a list of dozens of aliases. Selecting the right one from a very long list in a drop down menu might be tedious and prone to error.
Mr David is offline   Reply With Quote
Old 19 Jul 2019, 09:45 AM   #18
noclue
Cornerstone of the Community
 
Join Date: Dec 2007
Location: San Antonio, Texas USA
Posts: 545
Well, in much simpler news, I am happy to announce that today I received NO SPAM!! I followed Mr. David's instructions and was rewarded with an empty spam box.

Thank you sooo much. It was driving me nuts having to look at all of that stuff and not knowing how to make it go away. I am immensely grateful.

Now y'all can carry on about more arcane topics like identities, subdomains, and aliases. I'm just spam-free old lady with much simpler tastes.
noclue is offline   Reply With Quote
Old 19 Jul 2019, 10:32 AM   #19
Mr David
Member
 
Join Date: May 2003
Location: Melbourne, Aus
Posts: 96
Quote:
Originally Posted by noclue View Post
I am happy to announce that today I received NO SPAM!!
That's very good news.

With the account settings I advised you to make, from time to time you'll still need to do a bit of housekeeping.

Keep an eye on your spam folder. If you see new messages in it, open up the spam folder and have a look at the list of messages.

If they really are spam, click the box beside spam messages in the list, at the left hand end. Then, at the top of the spam folder page, click 'Delete Permanently' button.

If they are not spam, click the box beside the not-spam messages and click the 'Not Spam' button at the top of top of the spam folder page.

It's likely that a small amount of spam messages will occasionally get through to your inbox. Report them in the same way - click box beside offending message, then click 'Report Spam' at the top of your FM Inbox page.

This is important. This is the way you teach your account what is spam and what is not spam.
Quote:
Originally Posted by noclue View Post
I am immensely grateful.
No worries!

Last edited by Mr David : 19 Jul 2019 at 10:48 AM.
Mr David is offline   Reply With Quote
Old 19 Jul 2019, 12:17 PM   #20
xyzzy
Senior Member
 
Join Date: May 2018
Posts: 161
Quote:
Originally Posted by Mr David View Post
In superseded iterations of the FM web user interface, it used to be simple enough to change the From address field on the fly when drafting a reply. It is not possible to do this in my account these days.
The "catchall/wildcard" form of send identity (*@aliasname.alias.tld) does let you create anything you want for that alias. The only problem is you always have to edit the part corresponding to the * since the FM UI defaults to whatever the currently selected From name (in the drop down) to replace the *. Very annoying, easy to overlook, and that's just one of a number of annoying things I discovered trying to use catahalls.

Quote:
Options to change the From address for outgoing messages in my account are limited to the alias addresses I have registered, and my main account address used for login. These can be selected from a drop down menu on the Compose screen.
The From drop down list comes from the sending identities settings which includes all your aliases (unless you explicitly delete them in the sending identities) and the external addressess (using new FM UI naming conventions) which are the Mail Fetch accounts. When you create an alias FM adds it to the sending identities for you. So that's telling me you do have the sending identities defined even if you didn't explicitly define them yourself.

What isn't created explicitly are catchalls or specific additional email address using those aliases (for example [email protected]). So if you have an alias [email protected] you have to create either a catchall sending identity for it (*@aliasname.alias.tld) and edit the from every time you select it as the sender address (with that FM lets you edit it) or create explicit sending identity like your [email protected] so that it appears in the From list. If you haven't done either of these then I guess you are only using those to receive email and mot send to them. This is what I was trying to clear up when I asked you about this in my previous post.

Quote:
If you know of a link to FM documentation explaining how to create sender identities that can be applied to the From field in outgoing messages I'd like to see it.
What little there is the stuff on catchalls is here and the identities is here although not yet updated to the new UI references. But I suspect you already know about these. I used those as starting points and then just played around to see what I could get away with!

Quote:
On occasion, when such an address has been provided to an online retailer with whom I've needed to engage in customer service correspondence, I haven't bothered trying to set up an identity. I just use the base identity/alias email address in my replies.
Which is what I was concluding above but thanks for confirming it.

Quote:
In many instances the customer support begins with filling out a web form on the site of the entity. The entity's reply is sent to the unique address I gave them; my reply to the first customer service response does not have subdomain details in the From address. I have never had anyone create a fuss over the slightly different address used in my replies; same if I create a customer service query from first principles. If an alias address has been provided, I make sure to use the correct one in messages I send.
Ok, I just I'm a bit anal about these things and would prefer to use only the email address they know me by. BUT...

Quote:
However, if unique aliases are made for every online entity you deal with, you could very quickly wind up managing a list of dozens of aliases. Selecting the right one from a very long list in a drop down menu might be tedious and prone to error.
Hmm, have to think that one over a bit.

Thanks.

Update:
A little out of order but you mentioned an example:
Quote:
[email protected]
A random name might also be substituted for the subdomain details.
Of course these substituted details were themselves unique, so it was easy to block them with a rule. Spam with continued random substitution of subdomain address details has not so far made it through to my account.
What rule would you use? A check of the string before the @ doesn't contain any dot's for instance?
xyzzy is offline   Reply With Quote
Old 19 Jul 2019, 02:23 PM   #21
Mr David
Member
 
Join Date: May 2003
Location: Melbourne, Aus
Posts: 96
Hey, this has turned out to be a very interesting thread. I'm learning a lot from this exchange.

Re identities:
It's been a long time since I examined how FM handles them. Spurred on by this thread, today I had a woman's look at the list of options on the Settings page in my FM account. As we all know, you always find something in the last place you look, and there it was, 'Sending Identities', at the bottom of the list of options in the right margin.

Yes, I have various sending identities created there automatically by my FM account. I've long since noticed they are there in the drop down menu on the Compose screen, but admit to using them infrequently. I think they'll get more use in future, especially with the strategic use of aliases.

I haven't yet had time to check the links on identities you provided, but a quick online search - fastmail identities - pulled up an FM documentation page with that very name as the first hit.

I hadn't before considered using catchall syntax when creating an identity. I confess that I have seen it mentioned in these forums on a few occasions over the years, but I never comprehended that I could use it in my account. I thought it had something to do with people adjusting incoming mail settings for their own email systems or domains. Thank you for demystifying that for me.

Considering the use of a catchall though, it will catch everything. That might create issues with spam management. Unless a rule you've created is applied before the catchall accepts delivery.

Anyhow, should there be a need in future for a special reply address that can be used in the From field of outgoing messages that I compose, I'll know how to create it. The interface for making it looks easy to use, obviously detailed understanding of its options will require a bit of learning investment.

Re making rules:
The rules screen of one's FM account in years gone by used to be more complicated than it is today. I think it is still fairly complex - which is good because that gives more power and versatility - but it used to be harder to use than now. Previously, coded syntax had to be used in the creation of rules, and I learnt what I needed to know by reading posts to these forums. In the current interface, rules are created by selecting from various options that are described in more or less plain English. I think the way it works is these plain language options apply the appropriate syntax to the FM back-end and effect the result you (hopefully) intended.

Another issue with the Rules screen of olden days was the way rules were saved after being created. Having just checked my stock of rules, it contains a number of duplicates and repeats. That's because I would make a rule, follow the syntax I had copied from examples found on these forums, and then the spam would keep on arriving. So I'd make another one, and still no result. It turned out there was a two stage save process, and I had overlooked the second stage. That issue was solved for me by fellow contributors to these forums. Thankfully, that part of the FM user interface experience has long been fixed.

I gave an example in the form of: [email protected]
I'm not sure which rules I made successfully blocked it, but these are the ones I have in my list:
1) "any header" "matches glob pattern" [ *ivm* ]
2) "a header called" [ To ] "contains" [ ivm ]
"a header called" [ Cc ] "contains" [ ivm ]
"a header called" [ X-Delivered-To ] "contains" [ ivm ]

The second rule has a number of conditions, probably because when the first rule was created I was not aware additional conditions could be made.

Last edited by Mr David : 19 Jul 2019 at 02:54 PM.
Mr David is offline   Reply With Quote
Old 19 Jul 2019, 03:42 PM   #22
xyzzy
Senior Member
 
Join Date: May 2018
Posts: 161
Quote:
Originally Posted by Mr David View Post
Considering the use of a catchall though, it will catch everything. That might create issues with spam management. Unless a rule you've created is applied before the catchall accepts delivery.
I don't see how a catchall poses any more spam problems than any other email address. When actually used it's got to be an actual email address like any other. So it will be handled like any other. All it accomplishes is a shorter list of send aliases and some cost of having to edit in the From should you use it for sending.

Quote:
Anyhow, should there be a need in future for a special reply address that can be used in the From field of outgoing messages that I compose, I'll know how to create it. The interface for making it looks easy to use, obviously detailed understanding of its options will require a bit of learning investment.
No harder than creating any other sending alias.

Quote:
I think the way it works is these plain language options apply the appropriate syntax to the FM back-end and effect the result you (hopefully) intended.
All it does is convert the UI specified Organize rules into Sieve code and embeds it in the appropriate place in the Sieve script. Create a rule in the UI Rules Organize section, click "Edit custom Sieve code" at the bottom (or top), and scroll down to section 7 (Sieve generated for organise rules) to see your rules in the Sieve script.

Personally I like to write some of my rules directly in Sieve as opposed to the UI. It's more compact for come constructs then spread out in the UI organize list. I think that's why I worded my question the way I did, i.e., checking the name to the left of the @ for dots.
Quote:
I gave an example in the form of: [email protected]
I'm not sure which rules I made successfully blocked it, but these are the ones I have in my list:
1) "any header" "matches glob pattern" [ *ivm* ]
2) "a header called" [ To ] "contains" [ ivm ]
"a header called" [ Cc ] "contains" [ ivm ]
"a header called" [ X-Delivered-To ] "contains" [ ivm ]
I thought you said the "ivm" could be varied with other letters. If it's that fixed sequence ivm then there's all sorts of ways to check for that. Probably using "contains" is the easiest. Also "testing "any header" is overkill but if you do that one you don't need any of the others.
xyzzy is offline   Reply With Quote
Old 19 Jul 2019, 04:25 PM   #23
Mr David
Member
 
Join Date: May 2003
Location: Melbourne, Aus
Posts: 96
While we're kind of discussing elements of a successful spam defence in a Fastmail account, it is worth mentioning the thermonuclear option. And that would be deleting one's account login username email address.

At the time of my initial sign-up to FM, what I primarily needed was a reliable web-based email service to deliver me from the clutches of email accounts shackled to internet service providers and from the ever widening maw of mammoth info-tech companies and their 'free' email accounts.

After signing up, I chose an appealing top level domain from FM's list, made up a username to go with it, and I was away. To this day the address I created then remains my preferred personal email address.

Much later, I began reading these forums and my awareness of FM's powerful features slowly grew thanks to the tips and tricks revealed here by other users.

One tip that stopped me in my tracks involved deft application of alias addresses in one's account from the get go. At its foundation was the creation of a Fastmail account with a username that only you know and never reveal to anyone.

That login email address used for your account might have a format like this:
[email protected]

It need not be a string of 23 characters as I have recorded above, and it doesn't necessarily need to be random. The key to this strategy is you never use it to send or receive email to anyone, except messages from Fastmail itself.

After that you use your account to create an appropriate alias, and make this your primary preferred email address for personal correspondence.

The benefit of this strategy is that if for whatever reason the use of your preferred alias email address goes sour, you can kill it without affecting the remainder of your FM account. Also, should someone try to hack into your account they will not know the user login to test for password access.

It is possible to enact this account structure at any stage by changing your account login address (which, from memory, you are allowed to do a limited number of times per year) and then using your old login address (which is probably still your preferred personal email address) as an alias.

Imagine if your preferred email address was getting hit with an insufferable amount of spam and even FM's aggressive spam filtering plus rules created by you couldn't stop it. You could nuke that email address and the spam would cease instantly. Sure, there would be some work to do beyond this to re-establish email contacts with family, friends, business, and the plethora of online entities you are subscribed to. Admittedly that could be a lot of work, but it is possible.

Thankfully I've never had to resort to this brutal use of FM's alias address feature, but it is there. Realistically, though, other account features offer so much control of spam that this problem alone shouldn't be sufficient reason to reach for the launch code cipher book.
Mr David is offline   Reply With Quote
Old 19 Jul 2019, 06:25 PM   #24
xyzzy
Senior Member
 
Join Date: May 2018
Posts: 161
I've had the same email address since the early 90's. It's a forwarding service as opposed to having my own domain which I didn't have the presence of mind to think of setting up way back then. At any rate to switch email service providers (ESP) I just change a forwarding address with my forwarding service. Result is it's trivial to switch ESP's and no one ever knows my primary (ESP) email address.

Of course using the same email address for so many years has been picked up by spammers over all that time. But I have my own ways of fighting it to a point were now I don't get any spam. In fact I got a little suspicious just this week and disabled the spam discard cutoff. That's how I happened to be back in Spam Protection and noticed during one of the updates my "Add score as {SPAM XX.X}" option disappeared. Still waiting for FM to put it back (I hope) by reopening the ticket I created the first time this happened last January.

At any rate everybody's universe of spam is different (for the most part) so techniques are different. But writing in Sieve gives me a power I never had before to fight it.

As for aliases, I haven't decided what path I want to take. Create an alias for each new registration? Use a single alias with various names? Still thinking about it. I got all these degrees of freedom at my disposal.

Right now I'm don't need to register for any new things so there is no rush. I've only had FM for a year. I haven't changed the email addresses I have with various sites before moving to FM. They all used an "anonymous" gmail account (as anonymous as I can make it with gmail) which I now have set up in FM as a Mail Fetch account and filter accordingly in my Sieve script. Eventually I will change the registration email addresses of those accounts when I decide what technique I want to adopt.
xyzzy is offline   Reply With Quote
Old 19 Jul 2019, 08:01 PM   #25
TenFour
Cornerstone of the Community
 
Join Date: Feb 2017
Posts: 530
Of course you could avoid all this complicated hassle and just use Gmail or Outlook.com, which are amazingly efficient at eliminating spam in your inbox. I use both and Gmail is the best while Outlook is close. I have been using the same Gmail address since 2006 and very rarely see Spam.
TenFour is offline   Reply With Quote
Old 20 Jul 2019, 01:49 AM   #26
Mr David
Member
 
Join Date: May 2003
Location: Melbourne, Aus
Posts: 96
TenFour,

Is that all you've got?

Don't hold back. Give us your very best thoughts.

Last edited by Mr David : 20 Jul 2019 at 02:05 AM.
Mr David is offline   Reply With Quote
Old 20 Jul 2019, 02:15 AM   #27
Mr David
Member
 
Join Date: May 2003
Location: Melbourne, Aus
Posts: 96
Not the second best ones.
Mr David is offline   Reply With Quote
Old 20 Jul 2019, 03:12 AM   #28
xyzzy
Senior Member
 
Join Date: May 2018
Posts: 161
I trust gmail as far as I can throw it! While I do have accounts there some of the reasons I don't use gmail UI as my primary ESP is they changed their UI and it is incredibly slow on my older version of Firefox. That wouldn't matter if I accessed it through my Thunderbird client (my preferred way of accessing email) but I only use the gmail account as an anonymous user with no actual links back to me other then if they traced IP numbers I guess.

I don't trust outlook any more than I trust google either but I do have an account there too. I just "collect" a few additional free accounts on various services for testing purposes.

I switched to FM for my personal email from my ISP's email service because the email service they use (yahoo) openly admits in their updated terms of service that there is no privacy and they are scanning your email. IMO yahoo a crap service anyhow.

Yahoo spam handling can at times be pretty bad. Their webmail spam handling tools is no better than gmail's or outlooks. I could let spam through to my email client and pick it off there but I rather not. Also for services like gmail and outlook, yes they look like they are doing a good job of suppressing spam. But I can't help wonder if there are any false positives in there. Sort of like setting the FM spam discard threshold so low it makes it look good you aren't getting much spam but at what cost?
xyzzy is offline   Reply With Quote
Old 24 Jul 2019, 07:09 AM   #29
TenFour
Cornerstone of the Community
 
Join Date: Feb 2017
Posts: 530
Whatever else you think about Gmail, their SPAM filtering is second to none and requires very little intervention. I understand if you don't like Gmail for various reasons, but SPAM is one of the banes of email and avoiding it is a huge benefit.
TenFour is offline   Reply With Quote
Old 24 Jul 2019, 12:19 PM   #30
xyzzy
Senior Member
 
Join Date: May 2018
Posts: 161
I joined FM a little over a year ago. Initially I was getting 30-40 spams a day! I've had my real email account since the 90's. Hard to have hid it from the spammers over such a length of time particuallry since my "public" email account is a forwarding service maintained by a large professional computer organization.

Today I am down to essentially 0 spams. So I am happy with FM (now).

Stop reading here unless you are curious how all this came about...

------

It took me a while to get the "feel" for the spam score range in "my universe" of spam (I believe everybody's "universe" is different with some overlap of course). When I settled on a range (spam threshold >= 6.2, spam discard >= 9.1 seems good enough at the moment) that cut spam down to around 25+ per day (doing this from my aging memory).

During all this time I also "trained" my Sieve code to pick off the "repeat offenders" (as I like to call them - 90%+ of them are repeat offenders) to filter into spam even if they would otherwise be treated as not spam.

When Spam Protection's spam and non-spam learned reached the requisite 200 threshold spam dropped abruptly to under 5. It was a big enough drop to make wonder why it dropped so so much so suddenly.

Now recently I have had another abrupt drop in my spam to 0, sometimes 1 on a "bad day". In fact I was a little concerned about this second large drop (first one might have been due to reaching the 200 spam/non-spam learned threshold) and currently have disabled my spam discard threshold to see what is getting discarded.

Even with the threshold disabled what little spam I see now all has scores greater than the spam discard threshold I was using. As soon as I re-enable it I will have 0 spam again on the average. I'm sure some little sneaker will get into spam now an then. But that's also true for gmail as well.

So as I said I'm happy with FM spam handling. And what might come through can be handled by spam training and/or Sieve if necessary. IMO in Sieve everything is more compact and easier to read than doing some of this testing using UI Organize Rules.

Another stopping point. But in case anyone is interested how I use Sieve to handle spam in addition to spam training and the spam score range, here's what I am doing. This evolved over time and why I wanted to originally learn Sieve.

------

My sieve code has 5 categories of spam checking.
  1. Repeat offenders that are the worst of the worst to be unconditionally discarded (although currently I still just put them in their own folder). At the moment none of my spammers have "graduated" to this category.
  2. Repeat offenders that had been sometimes (not always) slipping under the spam score threshold. These are determined by recording their From and Subject over say 6 or more additional spam instances and looking for unique patterns I can test for (parts of the email address or subject line). Now I may need to reduce this list of what I currently got (about 25) if they continue to now have scores over the discard threshold where they didn't previously. Does repeated training of the same spam increase it's spam score over time? That seems to be what has happened.
  3. Many months of analyzing my spam has shown that almost all of my spam (99%) has X-Spam-Source showing the same small (5) list of host name patterns. For example containing the string greyink, digitalink, webink, and mail-labXX, webstudioXX (XX are digits). So email getting to this category is placed in their own folder further review.
  4. If X-ME-VSCategory indicates scam, spam, or phishing, then hey, who am I to argue? I stick these in spam too.
  5. Over time I've encountered 3 foreign spams. So if it gets through 1-4 above I check the From and Subject lines for Russian, Turkish, and Dutch characters. It's not perfect (particularly Dutch) but good enough. This seemed like a good idea at the time so I left it in.
Anyway, right or wrong, this is what I am doing. So far so good. I just thought I would share it.

Last edited by xyzzy : 25 Jul 2019 at 10:58 AM.
xyzzy is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 09:06 AM.

 

Copyright EmailDiscussions.com 1998-2013. All Rights Reserved. Privacy Policy