Back

 

Guibord Technical Writing Services, Inc.

 

 

 

How to reduce spam mail by more than 99.9% with the cPanel + custom designed filters

 2016 © Guibord Technical Writing Services, Inc.

 

 

Introduction

This article is for corporations, institutions and people who manage their own domain and website.

 

You need a web hosting service that includes the cPanel. Why the cPanel? Because it is the most user friendly web hosting graphical user interface in the world and it comes with tons of useful features, amongst which a very efficient spam filter: Apache SpamAssasin™. But you can also add spam filters of your own design and specifications, as described in this article.

 

 

Typical cPanel

cPanel graphical user interface (GUI)

 

Figure 1 — cPanel Mail Menu

 

 

Account-Level Filtering

(Some cPanel versions refer to it as the Global Email Filters application)

cPanel - Account-level Filtering

 

Figure 2 — Account-level Filtering Application

 

Please note the order of the first two filters. They are at the top of the list.

Filters are processed from top to bottom.

 

 

Create the following filters. Note: For these filters to work with all settings available, Apache SpamAssasin™ must be enabled (located in cPanel’s Mail menu).

 

 

Spam Filter — White List - Business

 

Spam Filter — White List - Business

 

The rule for this filter is Stop Processing Rules

 

In this filter, you insert only business domain names from which you want to receive email, not entire email addresses. This filter exists just in case some of the filters that follow this filter would contain a criterion that would flag some of your clients’ email as spam, say as a result of an overlook concerning the pertinence of some keywords used to flag spam.

 

 

 

Spam Filter — White List - Personal

 

Same as for the White List - Business filter. But in this filter you insert the entire email address of white listed senders.

 

 

Spam Filter — + Rule (001)

 

Spam Filter — + Rule (001)

 

Default setting provided by the cPanel is +++++. This setting is very conservative. A more aggressive single + setting will catch all spam identified by Apache SpamAssasin™. If the email received ever happens to not be spam, it will bounce back to the sender with the fail message that contains three digit number 001. You can use this number to identify which spam filter was triggered by the sender’s email. Example: "001 - Your email has been identified as spam and discarded - 001".

 

So far, for our domain, this technique has not produced a single false positive.

 

 

 

Spam Filter — Domain Extensions - .words (002)

 

Spam Filter — Domain Extensions - .words (002)

 

In this filter, you can list all domain extensions from which you receive spam.

 

Note: The spam criterion is identified in the email’s header (Google > how to read email headers).

 

A right arrow head (>) follows immediately the extension. Otherwise, this filter may intercept legitimate emails that may contain, say as an example, club, as part of the domain name or the sender’s name, say as an example info@sierraclub.ca

 

Please note the dot (.) before the letters of the extension.

 

As for the previous filter, if the email received ever happens to not be spam, it will bounce back to the sender with the fail message that contains three digit number 002. You can use this number to identify which spam filter was triggered by the sender’s email. Example: "002 - Your email has been identified as spam and discarded - 002".

 

So far, for our domain, this technique has not produced a single false positive.

 

 

 

Spam Filter — Domain Extensions - .countries (003)

 

Spam Filter — Domain Extensions - .countries (003)

 

In this filter, you can list all domain extensions of countries from which you receive spam.

 

Note: The spam criterion is identified in the header. A right arrow head (>) follows immediately the extension, as otherwise this filter may intercept legitimate emails that may contain, say as an example, ru, as part of the domain name or the sender’s name, say as an example smith.rupert@legitdomain.com

 

Please note the dot (.) before the letters of the extension.

 

In this case here, the criterion for the eu extension is From, rather than the header. Because some of your clients may be located in North America while using a server located at their company’s headquarters in Europe.

 

In this case here, the character that follows .kz is a parenthesis ), as it was the only distinguishable criterion in the spammer’s email header.

 

As for the previous filters, if the email received ever happens to not be spam, it will bounce back to the sender with the fail message that contains three digit number 003. You can use this number to identify which spam filter was triggered by the sender’s email. Example: "003 - Your email has been identified as spam and discarded - 003".

 

So far, for our domain, this technique has not produced a single false positive.

 

 

 

Spam Filter — Domain Extensions - .net, .org, .edu, etc. (004)

 

Spam Filter — Domain Extensions - .net, .org, .edu, etc. (004)

 

In this filter, you can list all domain extensions from which you receive spam.

 

Please note the dot (.) before the letters of the extension.

 

As for the previous filters, if the email received ever happens to not be spam, it will bounce back to the sender with the fail message that contains three digit number 004. You can use this number to identify which spam filter was triggered by the sender’s email. Example: "004 - Your email has been identified as spam and discarded - 004".

 

So far, for our domain, this technique has not produced a single false positive.

 

 

 

Spam Filter — From, Subject, Body - Keywords (005)

 

Spam Filter — From, Subject, Body - Keywords (005)

 

In this filter, you can list all keywords included in the spam emails that you receive and which previous filters do not catch.

 

As for the previous filters, if the email received ever happens to not be spam, it will bounce back to the sender with the fail message that contains three digit number 005. You can use this number to identify which spam filter was triggered by the sender’s email. Example: "005 - Your email has been identified as spam and discarded - 005".

 

So far, for our domain, this technique has not produced a single false positive.

 

 

 

Spam Filter — Spamming Domains

 

Spam Filter — Spamming Domains

 

In this filter, you can list all domains — that previous filters do not catch — from which you receive spam.

 

Note: The Action for this filter is Discard Message. There is no point in telling spammers that your email address is valid. It also causes them to waste resources (bandwidth, time and money) as you do not even get to read their spam.

 

So far, for our domain, this technique has not produced a single false positive.

 

 

 

Spam Filter — Specific Spammers

 

In this filter, you insert the email address of people from whom you do not want to receive any email. Just set it to discard their message as for the previous filter. It also causes them to waste resources (bandwidth, time and money) as you do not even get to read their spam.

 

So far, for our domain, this technique has not produced a single false positive.

 

 

 

Spam Filter — From my.name@mydomain.com

 

Spam Filter — From my.name@mydomain.com

 

You never send emails to yourself using the same To and From address. So, in this filter, you insert your own email address which some spammers list in the From line of emails sent to you as spam. Here the address illustrated is fictional of course; you have to insert your actual email address. It also causes them to waste resources (bandwidth, time and money) as you do not even get to read their spam.

 

So far, for our domain, this technique has not produced a single false positive.

 

 

 

Bypass Filter — Stop Processing All Rules

 

Bypass Filter — Stop Processing All Rules

 

This filter can be used as a bypass filter should a sender tell you that there are problems sending you email. You use it to bypass all your filters just in case one of your filters would be the source of the problem.

 

Simply insert a string of particular digits in the From field and move this filter (click and drag) to the top of the filters list. From that position, it will bypass all your filters below it. It will save you deleting your filters and then having to recreate them once you’ve found the source of the problem; which latter may not be any of your filters but some network problems for instance.

 

 

 

IMPORTANT NOTE: The makers of cPanel have not yet published the cPanel's limits. To avoid potential problems, do not use more than one type of rule in a same filter, and limit the number of rules to 100 per filter. Otherwise, the server's microprocessor(s) may get confused if switching continuously from one type of rule to another within a same filter and, consequently, skip over some filters.