Spam is a huge problem for anyone who hosts email, even though users only see a small percentage of the spam they receive. Most unwanted messages never make it to inboxes, but 54 percent of all email traffic is spam, down from 70 percent a decade ago.
The good news is that ISPs and hosting providers are doing a better job of weeding out spammers, and users are more aware of the risks. Despite this, automated botnets that collect email addresses, compromise servers, and bombard users with malicious advertising and phishing attacks send hundreds of billions of messages every year.
If you host email, you’ll need a way to identify and filter spam, and cPanel includes one of the most sophisticated filtering tools available. Apache SpamAssassin detects spam and removes it before it reaches users.
Let’s take a closer look at what SpamAssassin is, how it works, and the best SpamAssassin settings in cPanel to ensure we understand how it works.
What Is SpamAssassin and How Does It Work?
We all get spam and can tell what it is right away. We know what it looks like, and usually, alarm bells go off in our heads, even if we can’t pinpoint why. We’re pattern-matching when this happens: our brains have learned to associate specific words, phrases, typography, and grammar with unwanted email.
SpamAssassin operates in the same manner, but on a much larger scale. It looks for patterns that are common in unsolicited email and, if a message matches multiple patterns, we know it’s probably not something you want to see.
Email filtering is not a precise science. The definition of “unwanted email” varies depending on the context, and spammers attempt to conceal their true goal.
However, the software has been refined over many years with hundreds of sophisticated tests that can accurately identify junk mail.
- Phrase and language tests: These encode a language pattern that indicates whether or not a message is a spam. There are tests, for example, for long runs of text in capital letters, commonly promoted products, or words like “money” or “win.” There are even tests to determine whether a sender used red-flag words but tried to conceal them.
- Online databases: Examples of messages flagged by users and email hosts are stored in online databases. The Distributed Checksum Clearinghouse, for example, hosts patterns that match bulk emails.
- DNS blocklists (DNSBLs): These are online lists that software can check to see if a message comes from a known junk email source. SpamAssassin by default supports several free blocklists, including Mailspike and SpamHaus.
SpamAssassin includes approximately 1,000 tests, and each email message is subjected to 600 or more individual tests.
What is the SpamAssassin Score?
The SpamAssassin score indicates the likelihood that an email is a spam. Each test is assigned a number, which is usually a small number such as 0.1 or -0.2. The software keeps a running total as the messages are analyzed, adding the individual test results to produce a combined score.
The lower the score, the more likely it is that the message is genuine. If a message receives a score of ten, it is almost certainly spam. If it’s a three, it has some of the characteristics of spam, but the software is less certain.
It’s critical to understand the SpamAssassin score because it can be used to configure email filtering sensitivity in cPanel, as we’ll see in the following section.
The Best Settings for SpamAssassin in cPanel
SpamAssassin is fully integrated into the cPanel interface, and its settings can be tweaked to provide the best spam filtering functionality for your users. Select Spam Filters in the Email section of the cPanel Home interface to configure it.
“Process New Emails and Mark them as Spam” is the first option on the Spam Filters overview page.
This is the toggle that controls whether or not email testing is enabled. When SpamAssassin is enabled, it marks high-scoring emails by inserting SPAM into the message’s header.
Configure the SpamAssassin Threshold Score
Just below “Process New Emails” is the Spam Threshold Score setting.
We previously stated that SpamAssassin generates a score by aggregating the results of numerous tests. The Threshold setting allows cPanel users to specify the point at which the software considers a message to be spammy.
If you set the Spam Threshold Score to two, for example, the software flags any email with a score greater than two. A low threshold results in very sensitive filtering, and non-spam messages are likely to be flagged (false positives). A threshold of ten, on the other hand, is permissive; non-spam is not flagged, but some unwanted messages will get through (false negatives).
The default value is five, which strikes a good balance between sensitivity and false positives.
When you enable the Spam Box, flagged messages are moved to a separate folder. Unwanted email is kept out of the inbox but saved so you can review it and move any messages that were incorrectly identified. Unless you have another method of filtering legitimate messages, the Spam Box should be turned on for the average user.
Configure SpamAssassin Auto-Delete
The following option, Auto-Delete, does exactly what you’d expect. When this option is enabled, flagged messages are deleted immediately.
Auto-Delete does not use the Spam Threshold Score; instead, it uses an independent Auto-Delete Threshold Score to allow you to set different identification and deletion thresholds.
After a message is deleted, it cannot be recovered. We recommend the Spam Box over Auto-Deletion for most users because it allows you to review messages to see if they were incorrectly flagged.
Advanced cPanel Spam Filter Settings
To access advanced settings, click “Show Additional Configurations.” These settings are rarely changed, but whitelists and blacklists may be useful. (It should be noted that these terms are likely to change in the future to be more inclusive.)
The whitelist is a list of email senders whose messages are always allowed to pass through the filter, even if they are flagged. The blacklist is the inverse; messages from senders on the blacklist are not allowed to enter inboxes.
Select ‘Add A New “whitelist from” Item’ and enter a sender email address to add to the whitelist. Wildcards such as “?” and “*” can be used to match any character and multiple characters.
The final option, “Calculated Spam Score,” allows you to modify a test’s score. This setting should only be used by advanced users. SpamAssassin developers calibrate scores, and changing them may have unanticipated consequences.
Most users can configure SpamAssassin by activating it and selecting whether to use the Spam Box or Auto-Delete. You may need to adjust the default Threshold Score to suit your email hosting scenario, but once that’s done, SpamAssassin will work in the background to ensure that spam is directed to the appropriate destination.
Any company that receives hundreds of spam messages per day, and thousands per week, is at risk of being compromised. The risk of exposing your email addresses or compromising your servers is not worth the consequences. Identifying and filtering unwanted messages necessitates the use of more robust security tools, such as Apache SpamAssassin, which is specifically designed to detect spam before it reaches its destination.