Anti-Spam options available for cPanel

On any system of which you host your email spam will always be a nuisance. If you host your website on a cPanel based server, then there are a few options available to help you combat spam.

We will discuss the different methods you can use to combat spam below:

Option 1: BoxTrapper

BoxTrapper is a feature provided in newer releases of cPanel that, when enabled, essentially allows emails to your account from anyone that it recognizes as an approved sender and it will require more action from any other address that it does not recognize.

The way it works is based on whitelist and blacklist. By default, any address it does not recognize is technically on the blacklist. You have the ability to manually whitelist email addresses that you want to accept mail from. Any other address that sends to your account will receive an automated message stating they need to verify their humanity by clicking on a link (provided within the automated message) which will add them to your whitelist.

If the user clicks on the link they’ll be added to the whitelist and the mail they sent previously will be sent to the user’s inbox. If they do not verify, then they will not be able to send email to the account until properly verified.

This feature is built on the common knowledge that most spammers do not take the time to read returned emails and verify their status. The majority of spam is automated from scripts that the spammer has created.

This feature is very useful for those that do not consider this behavior an annoyance for anyone they expect to be sending them an email. Before enabling this feature you should determine if this type of behavior is acceptable for your email accounts. If you do wish to enable and configure this feature then click to expand the steps below:

Steps to enable and configure BoxTrapper
  1. Login to your cPanel account.

  2. Click on the icon for BoxTrapper underneath the email section.

  3. Click on Manage next to the email address you wish to enable this feature for.

  4. Now click Enable to toggle on this feature.

  5. You can also make configuration changes to how this feature works for this email account here. This includes adding whitelist, blacklist, as well as changing the messages that users receive when the system sends an automated message (such as a verify message, blacklist message, etc.).

You can find more information on BoxTrapper in cPanels official documentation here.

Option 2: Apache SpamAssassin

SpamAssassin is very well known in the anti-spam community as it has been used on a large number of email providers around the world since the early 2000s. This software has been managed by Apache Software Foundation and has regular updates.

cPanel includes SpamAssassin as part of it’s build so this should already be installed and enabled on all servers by default. While this feature is running on the server cPanel defaults all accounts on the server to having this feature disabled. To enable SpamAssassin, click to expand the steps below:

Steps to enable and configure SpamAssassin
  1. Login to your cPanel account.

  2. Click on the icon for Spam Filters underneath the email section.

  3. Click and toggle on the feature labeled Process New Emails and Mark them as Spam.

  4. SpamAssassin should now be enabled. You can adjust the required spam weight for an email to be considered spam by clicking the Spam Threshold button and then adjusting the drop-down for the required score.

  5. You can also add whitelist/blacklist by clicking the Show Additional Configurations drop-down.

You can find more information on SpamAssassin in cPanels official documentation here.

Option 3: Content Filtering

Automated filters can be a great way to filter out some spam. However, there is usually always going to be a few spammers that just don’t quite get caught by spam systems. For these cases, it’s recommended to set up content filters that match specific criteria (such as keywords in the body or subject of an email).

cPanel has built a feature that allows you to set account-level or user-level filtering for this purpose. You can use this feature to set up one or multiple rules that help fight off spam.

An example of this would be to set up a new rule that checks the entire body of a message for the word ‘Viagra’. If this word is found once or more times in the body then the action you set on the rule would be triggered (such as deleting the message). You could set this rule up to require an additional parameter, such as another keyword that has to exist in addition to ‘Viagra’.

To enable content filters click to expand the steps below:

Steps to enable and configure Content Filtering
  1. Login to your cPanel account.

  2. Click on either Email Filters or Global Email Filters underneath the email section. The feature you go into will determine if you are setting a user-specific filter or a filter that is used across all email users on the account.

    If you choose user-specific email filter then you will need to click ‘Manage’ next to the user you desire to set up a filter for.

  3. Click on Create New Filter to add a new content filter.

  4. Name the filter appropriately to what your filter will be doing. Then set the drop-down for the rules sections to the appropriate values. For example, if you want to set up a filter to match a keyword in the body then you would set these values to ‘Body’ and ‘Contains’.

    You can then enter the word or phrase you want to match according to your filter type. If needing to add additional rules within this same filter you can click the + icon.

  5. You will now need to set an action to be completed if the rule gets triggered. Normally this value is left as the default ‘Discard Message’.

  6. Click Create to finish creating this new filter. The filter should then appear in your list of existing filters. If you have more than one filter then you can organize them in the order they should be checked.

You can find more information on Email Filters in cPanels official documentation here.

Option 4: Third-Party Filtering

Managing your content filters and relaying on SpamAssassin can be frustrating. There are additional options available to automate the handling of your spam if needed. These would be considered email filtering services, which accept email on behalf of your domain and then once filtered they send the legitimate email back to your server and into your inbox.

There are a few services of this type which we will not go into all of them. Hostek has partnered with the leading email filtering service called SpamExperts and offers its services directly through our client portal (as an add-on service).

We highly recommend SpamExperts as it’s used by a large number of our customers and has received positive feedback regarding the performance of their filtering service. You can find more on SpamExperts and the cost associated with our guide for SpamExperts if needed.