Block IPs from sending you email

In this article I’m going to quickly go over how you can block certain IP addresses from being able to send you email.

Even with spam filtering enabled you could possibly be continuing to get spam email from one particular IP address, or even a range of IP addresses. Using user level or account level mail filtering in cPanel is a great way to stop this type of activity from happening!

Account level mail filter to block IP range

In this example, I’m going to be using a fictional IP range of [256.256.256.0 – 256.256.256.256] and adding that to an account level mail filter in cPanel, so that I don’t receive anymore spam from any users on that network.

  1. Login to your cPanel.
  2. Under the Mail section, click on Account Level Filtering.
  3. Click on Create a New Filter.
  4. Name the filter Block IPs, under the Rules section change the From drop-down to Any header, and change the equals drop-down to contains.

    In the field below those type in 256.256.256. or the beginning of the IP address range you’d like to block, or just a full single IP address to block just one.

  5. Under the Actions section, you can leave it set to Discard Message to simply discard it, or select one of the other actions.
  6. Finally click on Create.

That’s all there is to it, and you should now know how to block IP addresses from sending you email on an account level!

InMotion Hosting Contributor
InMotion Hosting Contributor Content Writer

InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!

More Articles by InMotion Hosting

37 thoughts on “Block IPs from sending you email

  1. I see that the RegEx only evaluates the 1st byte onwards and not text which is “mid way” through the results it’s evaluating.

     

    Try this, after many trials and tests this works:

    Block:  253.x.x.x

    \b253\.(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){2}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\b

  2. If I have several IP addresses to block, can they just be separated by a comma. Or do I need to format them into the range as previously demo’d?

    1. Hello Glenda,

      You would need to either put each IP in individually or a range as you said.

      Best Regards,
      TJ Edens

  3. Need to block every email except my own be a send recieve

    *minemail=samemail

    * block everybody else

    *keep only mine active alive fully

    *smtp minemail, to same minemail

    = use samemail f0 alerts from smtp platform, to samemail any viewer platform

    1. Hello Greg,

      Are you saying you want to block everyone from sending email to you? You want to only use the email as a sending device?

      Kindest Regards,
      Scott M

  4. hi all,  I have a hotmail account that I’m getting spammed daily about medical websites.  They seem to keep changing their sender address so blocking each email appears useless.  Is there a way to block the ip via outlook.com?  If not is there anything else I can try?

    thanks

    1. Hello James,

      Unfortunately, blocking spam going to your HOTMAIL account is not something we can fix. I would suggest that you look at the various options available to you in Hotmail. Here’s a video that may help you find a fix: https://www.youtube.com/watch?v=cMxfjmrT9y4

      There are a variety of articles linked to that video that may help. You may also want to consider using Spamcop. Sorry again for the problem. Hopefully, the suggestions I offered will help. If you have any further questions or comments, please let us know.

      Regards,
      Arnel C.

    2. Your instructions were easy to follow, and thought I had this under control. Until I stopped getting some important mails. I finally called my service provider and he told me that this had blocked all my mail from coming thru and to remove these filters. So I did and now I get junk again. I don’t know who to trust anymore, I am ready to pull the plug on email period. There has got to be a way to stop these people from all this junk mail. If you want to discuss further as to fixing this problem, my provider is Century Link. Either they are wrong or you are and I am the one who suffers.

  5. Thank you Arn, because the other style of filter is NOT working on my Toronto based webserver. My only fear was IF by using this new script, I would inadvertantly block ANY IP address with an 83 in it. Spam has been reduced substantially since replacing the filters described here with the script sent to my by my host servers IT team.

    1. Hello Trish,

      I can understand the concern. In general, if you’re blocking a range of IP’s it will specified in the rule and it should not be a problem unless you have customers or visitors that use IP’s in that range. IP ranges for a country will depend on how big the country is. The IP range that you had blocked all fell with in the IP blocks that have been assigned to Poland, but it’s far from the ONLY IP range that Polish people use. In other words, you have not blocked the country of Poland from reaching your site, but only a particular IP range. And again, it’s a judgement call. If the people who you want to communicate use the IP range you’re blocking, then you would need to reconsider who you are blocking. If you don’t know anyone in that IP range, then the IP blocking rule should give you no problems.

      I hope this helps to explain everything. Let us know if you have any further questions or comments.

      Regards,
      Arnel C.

  6. Thank YOU TJ for all your help with my cPanel Account Level Filters.

    Can you tell me if the following expression is a wise one to use?

    “Any header”  “matches regex”

    83((.|\n|\r)*)

    After you had a look through my filters, my tech support FINALLY responded, suggesting I replace my 83.167.0.0-83.255.255.255, which was the following:

    “Any header”   “matches regex”

    ^83\.(1(6[7-9]|[7-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$

    To me, the expression my tech support recommended (which I am now using) looks though it will block ANY IP address with an “83” anywhere in it.

    Am I correct with my thinking?

    I don’t want to block ANY “83” listed anywhere in an IP address, but spam HAS been sneaking by my other filters. However, since changing my 83.167.0.0-83.255.255.255 filter to the first expression above, NONE of the 83 IP addresses have been getting through.

     

    1. Hello Trish,

      Thanks for the question. If you are sure that you are okay with blocking ANYONE with the 83.x.x.x IP addresses, then it should be no problem. That’s what the rule is doing. We can’t determine that for you. In general, when I’m looking up an IP address starting with 83, it’s coming from Poland. If blocking all of this country’s IPs are okay with you, then the code should be no issue.

      I hope this helps to answer your question, please let us know if you require any further assistance.

      Regards,
      Arnel C.

  7. It has been 4 days since requesting tech support regarding this issue. You’d be shocked to read some of their responses. Seems not too many know what they are doing in their IT department any more.

    Spam is still bypassing my IP range filter, though the keyword filters “appear” to be working now.

    If anyone knows of a reliable website hosting service in Toronto, please, let me know, as I am seriously considering moving from this hosting service.

    Seems everytime I find a good host server, the company either changes hands to a less caring business owner or, the’re sold outright and the services disposed of. Sadly, it looks though my present host may be heading one of those ways now.

    1. Hello Trish,

      I apologize that you are having issues with the technical support from your host. The only way for us to look into your issue further would be to gain access to your cPanel. Of which I do not recommend posting that information here for security reasons. I am going to send you an email shortly so we can try to assist you further.

      Kindest Regards,
      TJ Edens

  8. Oooh thank YOU Scott. I thought it was just me. Pheeew! LOL… I’m no newbie but I am by far a spam specialist. Will let you know what happens. Thanks again!!!!

  9. Hi John-Paul,

    My filter named: 140.206.0.0-140.255.255.255 is supposed to be doing what it is labeled as. The Rule I set is “Any header” and “equals” and below those dropdown boxes, I pasted the following code:

    ^140\.(2(0[6-9]|[1-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$

    I went so far as to block ONE IP address, and THAT didn’t work 🙁

    Then, I moved on to try blocking email address… that didn’t work; then keywords used… and only SOME of those worked… well, so far anyway.

    I’m highly suspicious that my Account Level Filtering is NOT working, so I put in a ticket to support to find out. Am still waiting for their response.

    Oh… and to let you know how I came up with the coding used in blocking IP ranges, I visited: https://www.analyticsmarket.com/freetools/ipregex and used their form.

    1. Hello Trish,

      That definitely sounds weird that the Account level filtering is not behaving properly. My next suggestion would be to do what you have already done and that is to contact support. Please let us know whether they were able to help you or not.

      Kindest Regards,
      Scott M

  10. I have tried your method posted here, and JacobIMH’s method and NEITHER one works for me 🙁  Seems I have to block individual email addresses, which doesn’t seem quit right. Any ideas why this doesn’t work?

    1. Hello Trish,

      When you are block an IP range, spammers often change their IP’s, or send from a different hacked email account.

      What IP range are you attempting to block?

      Have you confirmed the spam is coming from that specific IP range?

      Thank you,
      John-Paul

  11. thanks for your reply. unfortunately I don’t have the smarts to figure out how to do that, and I am too old because I would probably croak before I got finished. I just thought maybe someone would have already had a pre-made & easy to copy and paste link to do that without having to specify each country individually.

  12. Is there a way to block all countries except the USA from sending me email. It is very time consuming to keep entering individual IP address’s and domains and even the senders addess which I can find pretty easily.  There is just to much junk. All of a sudden my internet provider has the worst filtering system imaginable. I don’t know what they have done but it no longer works very well. I am using outlook 2000 on XP and yes I do organize and block that way, it would just be easier if I could block everyone who is not in the USA.  Just call me totally fed up and ready to drown the computer.

  13. Help!  These instructions for blocking the IP address sound pretty straightforward, but can anyone explain how to actually find the IP address of spam emails?  I have so many per day now, whereas I didn’t have any before.  Thank you!

    1. Hello Cheryl,

      Thank you for your question. The IP address is sometimes included in the headers of the email.

      Please keep in mind that spam is often sent from a compromised email account, so the IP addresses may not be consistent.

      I recommend reading our Class on Dealing with Spam. It goes over several tools and information on combating spam emails.

      If you have any further questions, feel free to post them below.
      Thank you,

      -John-Paul

  14. Thanks I will try it, I though that was pretty sneaky  the way they masked there email address to be my own, Im glad theres a way to deal with this issue.

  15. I have issue where someone is using my own email address to send me junk mail and when I try to use the block feature from withing outlook express I get a responce of

    You cannot block your own email address

    any suggestions?

    1. Hello Sanjay,

      Thank you for your comment. Unfortunately, google doesn’t allow you to block IP addresses, as is explained in this post in the google forums.

      What are you trying to accomplish? There may be a workaround, or alternate solution we can help you with.

      If you have any further questions, feel free to post them below.
      Thank you,

      -John-Paul

  16. Hi Jacob,

    Thanks! I figured there must be a way!

    I hate to turn this into a regex class, but can you explain how to come up with the regex ? I have a number of ranges I want to block.

    I did find an online converter ( https://www.analyticsmarket.com/freetools/ipregex ) but it comes up with different results from yours.  i.e.  80.79.0.0-80.255.255 comes out as…

    ^80\.(79|[8-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))\.([0-9]|[1-9][0-9]|1([0-9][0-9])|2([0-4][0-9]|5[0-5]))$

    or is that just a different way of saying the same as what you gave me?

     

    Somewhat confused…

    1. Hello Ken,

      As you said, we unfortunately cannot take the time to explain how to determine REGEX (REgular EXpressions) here in the comments. There many sources for tutorials online if you wish to pursue that route. Here’s an example.

      The expressions are different because Jacob was breaking it down in groups of octets. So, instead of giving a straight expression for ALL of the IPs in your given range, he broke it down into groups: 80.x.x.x-80.255.255.255, then another rule for 81.x.x.x-81.255.255.255, and so on. Notice that IP ranges aren’t completely sequential. He did this to try to simplify the generation of the expression for you. As you may have noticed, the expression you were given just simply accounts for all of the possible IPs in the range that you inputted -it just does it in one long line as opposed to 4 groups in the manner that Jacob provided above.

      I hope that helps to explain it! Let us know if you have any further questions.

      Regards,
      Arnel C.

    1. Hello Ken, and thanks for the great question!

      You can also block wider IP ranges utilizing RegEx or regular expressions.

      In your case you’d need to create 4 separate rules with Any header and matches regex to cover the entire range of IPs.

      80\.0*(79|[89][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.\d{1,3}\.\d{1,3}
      81\.\d{1,3}\.\d{1,3}\.\d{1,3}
      82\.\d{1,3}\.\d{1,3}\.\d{1,3}
      83\.0*([0-9]{1,2}|1[0-5][0-9]|16[0-7])\.\d{1,3}\.\d{1,3}

      It looks pretty complicated, but breaks down like so:

      To block the range 80.79.0.0 – 80.255.255.255 the first rule starts out with 80 the rest of the rule ensures that is followed by a number from 79 – 255, and then the two d{1,3} rules match 0 – 255 for the next two octets of the IP address.

      To block the range 81.0.0.0 – 81.255.255.255 the second rule starts out with 81, followed by three sets of d{1,3} matching 0 – 255 in the next 3 octets.

      To block the range 82.0.0.0 – 82.255.255.255 the third rule starts out with 82, followed by three sets of d{1,3} matching 0 – 255 in the next 3 octets.

      Finally to block the range 88.167.0.0 – 88.167.255.255 the first rule starts out with 83 the rest of the rule ensures that is followed by a number from 0 – 167, and then the two d{1,3} rules match 0 – 255 for the next two octets of the IP address.

      I hope that makes sense, please let us know if you’re still having any issues receiving mail from these IP ranges after creating these mail filters.

      – Jacob

Was this article helpful? Join the conversation!