Does cPanel have a built-in spam filter?
Yes, cPanel uses Apache SpamAssassin for spam filtering. SpamAssassin is the most widely used open-source spam filter available. It has a robust scoring system and advanced analysis tools to scan your email for potential spam and phishing emails.
Essentially, it checks your incoming email headers (the hidden part of every email that contains information on where the email originated and how it was delivered) for known spam signatures and potential new threats. How it handles these threats is configured by the user.
How does SpamAssassin determine what mail is spam?
SpamAssassin scans the email content and headers, looking for signatures and items that it uses to determine if an email is legit or not. For every item that the filter identifies as suspicious, it assigns a score that can range from the names of images in the email to the sending server, or whether the email passed SPF and DKIM checks.
As long as the score is lower than the score set in the SpamAssassin settings, the email will not be flagged. If the score is higher than the set score, the emails are flagged, and “****SPAM****” is added to the subject. Depending on your settings, the email may also be deleted.
You can see the spam score of any email by looking at the headers of the email. In Webmail, you can see this by clicking the More icon and then Show Source. You should see this within the headers.
X-Ham-Report: Spam detection software, running on the system "vmcp143.websiteservername.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see root\@localhost for details. Content preview: This is a test spam Content analysis details: (2.0 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: megamailservers.com] 0.2 KAM_BLANKSUBJECT Message has a blank Subject -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid 1.8 MISSING_SUBJECT Missing Subject: header X-Spam-Flag: NO
Notice this line: Content analysis details: (2.0 points, 5.0 required)
This email received a spam score of 2, but the threshold on this account is set to 5, so it was not flagged. You can also see that the reason this email received a score of 2 is that it lacked a subject line.
How do I use SpamAssassin?
SpamAssassin is enabled by default when your cPanel hosting is first set up. For most users, it can continue to function properly using its default settings without requiring any additional input from the user. However, if you would like to tweak the settings, you can do this from your cPanel.
Step 1: Go to: https://manage.christianwebhost.com/ or click the "Login" button located at the top right of our website. Unless you change them, your login details are the email address and password used when the account was created.
Step 2: Once logged in, click the Services block and choose your cPanel service to access its management page.
Step 3: From the Actions menu on the left, click Login to cPanel (you do not need your cPanel credentials for this method).
Step 4: Navigate to the Email section, and click the Spam Filters app to
Step 5: Review and adjust your SpamAssassin filter settings to optimize it for your needs.
- Process New Emails and Mark them as Spam [On by Default]:
- This is the main toggle for the spam filter.
- If you would not like to use the SpamAssassin mail filter, you can disable it here.
- You can set the threshold score for the filter by clicking Spam Threshold Score. Keep in mind that this is the score that any email must achieve before it is flagged as spam; therefore, a lower score is more aggressive and will result in more flagged mail.
- Move New Spam to a Separate Folder (Spam Box) [On by Default]:
- When enabled, any mail that the filter flags as spam will also be moved into the Spam Box (your spam folder).
- If you disable this, any flagged mail will still have the “****SPAM****” flag in the subject line, but still be delivered to your Inbox.
- There is also an option to Configure Spam Box Settings. Here, you will have the option to set your Spam Threshold Score, as well as empty your Spam Box.
- You can also empty all the spam folders on your account here.
- Automatically Delete New Spam (Auto-Delete) [Off by Default]:
- You can set SpamAssassin to delete mail that it flags as spam automatically. This mail is permanently deleted and cannot be recovered. For this reason, we recommend leaving this option disabled.
- If you decide to enable it, you can also set the auto-delete threshold here. This threshold is separate from the spam threshold, so you can put your auto-delete to a high number, allowing only the most obvious spam emails to be deleted automatically, while others are only flagged.
Step 6: Click Additional Configurations (for advanced users). Add domains or emails to your white or blacklists here.
- An email whitelist is a list of domains or email addresses that the spam filter will ignore the spam score and allow through. If you have a certain client that you get a lot of email from, it would be a good idea to whitelist their email address. If you receive several emails from different mailboxes with the same domain name, you can whitelist the entire domain so that the filter will ignore any mail from that domain.
- An email blacklist is similar to a whitelist, but in reverse. Emails and domains on your blacklist are flagged regardless of the spam score. This can be useful if you are receiving spam from a single source or if there is an email or domain you do not want to receive messages from. While the email blacklist can be a powerful tool for blocking known spam senders, most “professional” spammers do not reuse the same email or domain, so trying to block these spam senders here typically does not work.
Step 7: Click Edit Spam Whitelist Settings to manage your whitelist. You can enter an email address to whitelist it in your spam filter or enter the domain name to whitelist all emails from that domain. Click Add A New 'Whitelist_from' Item to add a new line and click the X to the right of any line to remove it. Be sure to click Update Whitelist (Whitelist_from) once you are done to save your changes.
Step 8: Click Edit Spam Blacklist Settings to manage your blacklist. You can enter an email address to blacklist it in your spam filter or enter the domain name to blacklist all emails from that domain. Click Add A New 'Blacklist_from' Item to add a new line and click the X to the right of any line to remove it. Be sure to click Update Blacklist (Blacklist_from) once you are done to save your changes.