How to reduce spam mail by more than 99.9% with the cPanel + custom designed filters
2016 © Guibord Technical Writing Services, Inc.
Introduction
This
article is for corporations, institutions and people who manage their own
domain and website.
You need a
web hosting service that includes the cPanel. Why the cPanel? Because it is
the most user-friendly web hosting graphical user interface in the world and
it comes with tons of useful features, amongst which a very efficient spam
filter: Apache
SpamAssasin™. But you can also add spam filters of
your own design and specifications, as described in this article.
Typical cPanel

Figure 1 — cPanel Mail Menu
Account-Level Filtering
(Some cPanel versions refer to it as
the Global Email Filters application)

Figure 2 — Account-level
Filtering Application
Please note the order of the first two
filters. They are at the top of the list.
Filters are processed from top to bottom.
Create the
following filters. Note: For these filters to work with all settings
available, Apache SpamAssasin™
must be enabled (located in cPanel’s Mail
menu).
Spam Filter — White List - Business

The rule
for this filter is Stop Processing Rules
In this
filter, you insert only business domain names from which you want to receive
email, not entire email addresses. This filter exists just in case some of
the filters that follow this filter would contain a criterion that would
flag some of your clients’ email as spam, say as a result of an overlook
concerning the pertinence of some keywords used to flag spam.
|
Spam Filter — White List - Personal
Same as
for the White List - Business filter. But in this filter, you insert
the entire email address of white-listed senders.
|
Spam Filter — + Rule (001)

Default
setting provided by the cPanel is +++++. This setting is very
conservative. A more aggressive single + setting will catch all spam
identified by Apache SpamAssasin™. If the email received ever happens to not
be spam, it will bounce back to the sender with the fail message that
contains three digit number 001. You can use this number to identify
which spam filter was triggered by the sender’s email. Example: "001
- Your email has been identified as spam and discarded - 001".
So far,
for our domain, this technique has not produced a single false positive.
|
Spam Filter — Domain Extensions - .words (002)

In this
filter, you can list all domain extensions from which you receive spam.
Note: The
spam criterion is identified in the email’s header (Google > how to read
email headers).
A right arrowhead (>) follows
immediately the extension. Otherwise, this filter may intercept legitimate
emails that may contain, say as an example, club, as part of the
domain name or the sender’s name, say as an example info@sierraclub.ca
Please
note the dot (.) before the letters of the extension.
As for the
previous filter, if the email received ever happens to not be spam, it will
bounce back to the sender with the fail message that contains three digit
number 002.
You can use this number to identify which spam filter was triggered by the
sender’s email. Example: "002 - Your email has been identified as
spam and discarded - 002".
So far,
for our domain, this technique has not produced a single false positive.
|
Spam Filter — Domain Extensions - .countries (003)

In this
filter, you can list all domain extensions of countries from which you
receive spam.
Note: The
spam criterion is identified in the header. A rightarrow head (>)
follows immediately the extension, as otherwise this filter may intercept
legitimate emails that may contain, say as an example, ru, as part of
the domain name or the sender’s name, say as an example smith.rupert@legitdomain.com
Please
note the dot (.) before the letters of the extension.
In this
case here, the criterion for the eu
extension is From, rather than the header. Because some of your
clients may be located in North America while using a server located at
their company’s headquarters in Europe.
In this
case here, the character that follows .kz
is a parenthesis ), as it was the only distinguishable criterion in
the spammer’s email header.
As for the
previous filters, if the email received ever happens to not be spam, it will
bounce back to the sender with the fail message that contains three digit
number 003. You can use
this number to identify which spam filter was triggered by the sender’s
email. Example: "003 - Your email has been identified as spam and
discarded - 003".
So far,
for our domain, this technique has not produced a single false positive.
|
Spam Filter — Domain Extensions - .net, .org, .edu, etc. (004)

In this
filter, you can list all domain extensions from which you receive spam.
Please
note the dot (.) before the letters of the extension.
As for the
previous filters, if the email received ever happens to not be spam, it will
bounce back to the sender with the fail message that contains three digit
number 004. You can use
this number to identify which spam filter was triggered by the sender’s
email. Example: "004 - Your email has been identified as spam and
discarded - 004".
So far,
for our domain, this technique has not produced a single false positive.
|
Spam Filter — From, Subject, Body - Keywords (005)

In this
filter, you can list all keywords included in the spam emails that you
receive and which previous filters do not catch.
As for the
previous filters, if the email received ever happens to not be spam, it will
bounce back to the sender with the fail message that contains three digit
number 005. You can use
this number to identify which spam filter was triggered by the sender’s
email. Example: "005 - Your email has been identified as spam and
discarded - 005".
So far,
for our domain, this technique has not produced a single false positive.
|
Spam Filter — Spamming Domains

In this
filter, you can list all domains — that previous filters do not catch — from
which you receive spam.
Note: The
Action for this filter is Discard Message. There is no point
in telling spammers that your email address is valid. It also causes
them to waste resources (bandwidth, time and money) as you do not even get
to read their spam.
So far,
for our domain, this technique has not produced a single false positive.
|
Spam Filter — Specific Spammers
In this
filter, you insert the email address of people from whom you do not want to
receive any email. Just set it to discard their message as for the previous
filter. It also causes them to waste resources (bandwidth, time and money)
as you do not even get to read their spam.
So far,
for our domain, this technique has not produced a single false positive.
|
Spam Filter — From my.name@mydomain.com

You never
send emails to yourself using the same To
and From address. So, in this filter, you insert your own email
address which some spammers list in the
From line of emails sent to you as spam. Here the address illustrated
is fictional of course; you have to insert your actual email address. It
also causes them to waste resources (bandwidth, time and money) as you do
not even get to read their spam.
So far,
for our domain, this technique has not produced a single false positive.
|
Bypass Filter — Stop Processing All Rules

This
filter can be used as a bypass filter should a sender tell you that there
are problems sending you email. You use it to bypass all your filters just
in case one of your filters would be the source of the problem.
Simply
insert a string of particular digits in the From field and move this
filter (click and drag) to the top of the filters list. From that position,
it will bypass all your filters below it. It will save you deleting your
filters and then having to recreate them once you’ve found the source of the
problem; which latter may not be any of your filters but some network
problems for instance.
|
IMPORTANT NOTE: The makers
of cPanel have not yet published the cPanel's limits. To avoid potential
problems, do not use more than one type of rule in a same filter, and limit
the number of rules to 100 per filter. Otherwise, the server's
microprocessor(s) may get confused if switching continuously from one type of
rule to another within a same filter and, consequently, skip over some
filters.
|