If you have your own hosting business with a VPS reseller hosting (or shared reseller) plan, we will show you some tools for fighting spam available to resellers. These tools can help reduce the number of spam emails you and your hosting clients receive.
Here are some best practices you can share with your customers:
- Be careful who you share your email address with
- Be mindful of services that ask for your email address
- Consider using a different email address for certain services
- Be mindful of publishing your email address on your website. Avoid the mailto tag and use an image instead of text. This can reduce spammers’ abilities to scrape the email address.
Enabling Apache SpamAssassin
SpamAssassin comes pre-installed with your cPanel account. You can access the SpamAssassin tool under the Email section of your cPanel.
Here is how you can enable SpamAssassin:
- Log into cPanel
- Under Email choose Apache SpamAssassin
- In the SpamAssassin interface click the Enable Apache SpamAssassin button
Using the SpamAssassin Auto-Delete Feature
SpamAssassin can mark spam messages with special indicators based on content. If a subject or body of an email looks suspicious, SpamAssassin will mark it. A message can receive as little as 1 mark or up to 10 marks.
You can instruct SpamAssassin to automatically delete messages with a certain score. For example, you can tell SpamAssassin to delete messages with a score of 3 or more. This is fairly aggressive considering some legitimate messages may receive a 1 or 2. The higher the score the more spam will be automatically deleted.
You can think of this process like a game of golf: the player with the highest score loses. Likewise, an email with a high spam score is more likely to be caught by SpamAssassin and deleted.
Make sure to click the Auto-Delete Spam button to enable automatic deletion.
Enabling the Spam Box
If you are hesitant to automatically delete any messages without review you can enable the Spam Box.
The Spam Box feature creates a mail folder called spam in your account. If enabled, this box will fill up with messages that SpamAssassin has labeled and marked as spam.
This way you can review these messages before deleting them. Or, if someone says they emailed you and you didn’t receive the message, you can check your Spam Box for it. You must make sure subscribe to the spam folder in your favorite email client.
Global Email Filters
cPanel also has a Global Email Filters program you can use to block specific email patterns.
How to set up filters:
- Log into cPanel
- Under the Email section choose Global Email Filters
- Under Create Filter click Create a New Filter
- Give your filter a unique name
- Apply rules for this new filter
Use your filter rules wisely according to your needs. You can specify your filter by sender, any recipient, subject, or Body content. Likewise, you can determine how the above specifications are filtered.
For example, if you want to block emails with subject lines that contain “A Special Offer For You” you can configure your rule thus:
In addition to the Rules, you can apply Actions. These actions will determine the final destination of a spam message. You can discard, redirect, generate failure messages, and more.
Once you have set your rules and actions click Create and your filter will be ready for use.
If you click the Return to filters button you will see your new filter and — eventually — other filters you may create over time.
Below, under Filter Test you can try out your filters by filling out the message field below.
Thoughts on “How to Manage Spam Email in your Reseller Account”
If I enable SpamAssassin in my cpanel does it also turn on for all client cpanels, or do each client have to turn on SpamAssassin in their cpanel?
If you working with an account that uses multiple (client) cPanels, then you would need to go to each one to turn them on. If you have access to WHM (with root access), then you could force it through some configuration. As an FYI, for anyone trying enable SpamAssassin on all account, you can refer to this cPanel article.. As I mentioned earlier, it requires root access to the server. This would not be available for shared server accounts.