Spam Protection



Mailto.wiki protects you from spam by employing various industry standard antispam measures. We buy our spam and malware detection from Amazon Web Services (AWS) as a service so that you have the comfort of using a reliable and frequently updated anti-spam system from an industry leader. Unfortunately even the best spam filter will not be able to detect all spam messages and will occasionally mislabel legit emails as spam  (false positives). This is why we give you extra configuration options that allow you to whitelist email addresses and entire domains. It is also possible to completely block all emails from addresses that are not on the safe sender list.

Messages classified as spam are dropped silently without feedback. So if you experience missing emails they might have been incorrectly marked as spam.

You can find these settings on the configuration page (see Getting Started) in the Spam Protection tab.

 
Image

Safe Sender List



Email addresses that you put on the safe sender list are considered safe and can always send emails to you. Even if the spam filter classifies them as spam. For security reasons emails that trigger the malware filter are always dropped, even if they come from a trusted source.

You can add new emails by clicking on the +Add button. And you can remove existing emails by clicking on the little trash icon next to it.

You can whitelist:

  • singular emails by typing the email address into the text field (for example alice@example.org)
  • entire domains (the part after the @-sign) by prefixing the domain name with an @. For example @mycompany.com would match alice@mycompany.com but also bob@mycompany.com
  • entire domains and their subdomains by prefixing the domain name with a dot (.). For example .mycompany.org would match alice@mycompany.org but also bob@hr.mycompany.org


Note: In order to bypass the spam filter messages need to be properly authenticated (see the description below). Most mail providers do that automatically for you. So this should not be an issue.

 
 
Image

Safe Sender List Type


By default, all email addresses can send emails to your @mailto.wiki address. You can change that so that only email addresses that are on the safe sender list can send you emails by setting the list type to Hard List under Safe Sender List Type. If you want to change it back, so that all can send you emails select Soft List.


Image

Gray Spam Settings


The spam filter marks messages where it is unsure if it is spam or not as gray spam. Normally the add-on treats them like normal mail. If you have an issue with spam you can make the rules strict so that these emails are also dropped. To do so choose the Treat gray SPAM like SPAM option under Gray Spam. Note that this will also increase the chance of legit email getting mislabeled as spam.


Image

Message Authentication


Mailto.wiki supports multiple methods to authenticate messages and to make sure that an email is really coming from the sender it claims to come from. These methods are set up by your mail provider and are not something that you usually need to concern yourself with. It should just work. The following information is targeted for users with deep technical knowledge and postmasters.

Mailto.wiki supports DMARC. If a message fails DMARC authentication and the policy is set to reject the email is immediately dropped. However, we do not support the quarantine policy. If the policy is set to none or quarantine and the email passes the spam filter, it is posted to Confluence. If an email gets classified as spam and the DMARC authentication fails it will get dropped even if the sender address is on the safe sender list. If an email passes DMARC authentication and the email address is on the safe sender list it will get posted to confluence, even if the spam filter classifies the message as spam. We highly encourage postmasters to set up DMARC for their domains.

If there is no DMARC-Record mailto.wiki will try to authenticating messages either with DKIM or SPF. For SPF to be considered valid the Envelope-From-Domain must be the same as the From-Domain (strict alignment). If an email is successfully authenticated and the FROM-address is on the safe sender list the email will get posted to confluence even if it is classified as spam. If an email fails authentication and is classified as spam it will get dropped, even if the sender is on the safe sender list.


Conclusion


We hope that the tools we give you are enough to effectively protect you from spam and to make sure that your real messages get through.

One other effective antispam measurement that you can off course also take is to choose an email address that is hard to guess and share that address with as few people as possible.

If you experience any issues with spam, or you have any other issues or suggestions for improvement please contact the support at support@mailto.wiki. We are always eager to hear from our customers.