My Favorite Email Spam Filtering Rule

Uncategorized Jun 09, 2019

All of my email is hosted at FastMail across two domains:

And across those two domains I basically have just three email addresses. [email protected] is my primary email address that I migrated to when I switched away from Gmail five years ago. And then there’s [email protected], which was originally my customer support address but has since been (mostly) replaced by [email protected].

However, one of the really cool things you can do when you accept email at your own domain name is a catch-all address. This means that [email protected] and [email protected] will be delivered to me.

This is great because I can easily create one-off or throw-away addresses like [email protected] or [email protected] that I can filter or block entirely. (You can also do this with Gmail by using [email protected]. Unfortunately, because some web developers are stupid and others are outright malicious, many websites will reject emails containing a +.)

The downside is that spammers are just bizarre. I’ll get random spam sent to [email protected] and [email protected]. As well as seemingly-possibly legit messages sent to [email protected]. (An address I’ve never used, so someone is obviously trying to correlate names to domains.) Its clear some spammers are just blindly sending to random addresses. While others are from bots (people?) trying to intelligently guess possible addresses.

Luckily, FastMail’s spam filters are great, so I don’t ever see most of that junk. But a lot of the more legitimate looking ones do make it through. How do I filter those out?

I could simply just block anything not sent to my real address, but I like having the option of using the catch-all feature as I do make use of it quite frequently. Another option might be to setup a whitelist of allowed recipient addresses, but that would quickly become a pain to remember to update anytime I gave out a new email.

The solution I came up with is simple. (It’s hardly innovative, and I doubt I’m the first person to come up with this method, but I thought it worth sharing.)

My Favorite Email Spam Filtering Rule

I created a rule that moves any email not addressed to one of my primary emails to a folder called Aliases. This serves three purposes:

  1. It allows me to continue using my domain name’s catch-all email address feature, but keeps the truly bizarre as well as possibly legit spam from clogging up my inbox.
  2. Much like SaneBox‘s @SaneLater feature, I can check-in on this other folder at my leisure because I know that any email that ends up there is either unimportant or plain spam.
  3. It lets me quickly see at a glance and setup a rule to block any repeated, bogus emails. If these types of emails where mixed in with the ones sent to my real address in my inbox, it would be harder to spot the invalid catch-all ones – especially on mobile devices which typically don’t show the full to: address.

Like I said, this isn’t exactly rocket-science. But it’s a nice improvement I made a few months ago, which has saved me a good bit of time dealing with those extra obnoxious emails that slip through my spam filter.