Spam Protection

Mailto.wiki takes measures to protect you from spam by utilizing various industry-standard anti-spam measures. We leverage spam and malware detection services from Amazon Web Services (AWS), ensuring you benefit from a reliable and regularly updated anti-spam system provided by a leading industry provider. However, even the most advanced spam filters may occasionally misclassify legitimate emails as spam (false positives). To address this, we offer additional configuration options that allow you to whitelist specific email addresses or entire domains. Alternatively, you can choose to block all emails from addresses not on the safe sender list.

It’s important to note that messages classified as spam are silently dropped without providing feedback. Therefore, if you encounter missing emails, they might have been mistakenly marked as spam.

You can access these settings on the configuration page (refer to the Getting Started section) under the Spam Protection tab.

Safe Sender List

Email addresses added to the safe sender list are considered trusted and will always be allowed to send emails to you, even if they are mistakenly classified as spam by the spam filter. However, it’s important to note that emails triggering the malware filter will still be dropped, regardless of their source.

To add new email addresses to the safe sender list, click on the +Add button. Similarly, you can remove existing email addresses by clicking on the trash icon next to them.

You can whitelist:

  • Individual email addresses by entering the email address directly (e.g., alice@example.org).
  • Entire domains by prefixing the domain name with an @ symbol (e.g., @mycompany.com). This will whitelist all email addresses from that domain.
  • Entire domains and their subdomains by prefixing the domain name with a dot (e.g., .mycompany.org). This will whitelist all email addresses from the domain and its subdomains.

Note: To bypass the spam filter, messages need to be properly authenticated (as described below). Most email providers handle this authentication automatically, so it should not be a concern.

Safe Sender List Type

By default, all email addresses can send emails to your @mailto.wiki address. However, you have the option to modify this setting and restrict incoming emails to only those from email addresses on your safe sender list. To do this, you can set the list type to Hard List under the Safe Sender List Type. Conversely, if you wish to revert to the default setting and allow emails from all senders, you can select Soft List.

Gray Spam Settings

The spam filter in the add-on categorizes messages that it’s uncertain about as “gray spam.” By default, these messages are treated as regular mail. However, if you’re experiencing issues with spam and want to take stricter measures, you can choose the Treat gray SPAM like SPAM option under Gray Spam. It’s important to note that enabling this option may result in legitimate emails being mistakenly labeled as spam, as the filter becomes more stringent.

Message Authentication

Mailto.wiki offers support for various methods of message authentication to ensure that emails originate from the claimed senders. These authentication methods are configured by your email provider, and you typically don’t need to worry about them as they should work seamlessly. The following information is intended for users with advanced technical knowledge and postmasters.

Mailto.wiki supports DMARC (Domain-based Message Authentication, Reporting, and Conformance). If a message fails DMARC authentication and the policy is set to “reject,” the email is immediately discarded. However, we do not support the “quarantine” policy. If the policy is set to “none” or “quarantine,” and the email passes the spam filter, it will be posted to Confluence. If an email is classified as spam and fails DMARC authentication, it will be discarded even if the sender’s address is on the safe sender list. On the other hand, if an email passes DMARC authentication and the sender’s address is on the safe sender list, it will be posted to Confluence, even if the spam filter classifies it as spam. We strongly encourage postmasters to set up DMARC for their domains.

In the absence of a DMARC record, mailto.wiki will attempt to authenticate messages using either DKIM (DomainKeys Identified Mail) or SPF (Sender Policy Framework). For SPF to be considered valid, the Envelope-From-Domain must match the From-Domain. If an email is successfully authenticated and the FROM address is on the safe sender list, it will be posted to Confluence, even if it is classified as spam. Conversely, if an email fails authentication and is classified as spam, it will be discarded, even if the sender is on the safe sender list.

Conclusion

We believe that the tools provided are sufficient to effectively protect you from spam and ensure the delivery of legitimate messages.

Another effective measure to combat spam is to choose an email address that is difficult to guess and share it with as few people as possible.

If you encounter any issues with spam or have any other concerns or suggestions for improvement, please don’t hesitate to contact our support team at support@mailto.wiki. We are always eager to hear from our customers.