How to use cPanel to manage unwanted e-mail (spam)

This article describes how to use the SpamAssassin™ tool in cPanel to reduce the amount of unwanted e-mail (spam) in your e-mail accounts. SpamAssassin is an automated filtering system that uses a variety of techniques to identify and filter spam messages.


Spam can be a major annoyance, with messages filling up users' inboxes. Additionally, spam messages can contain virus attachments or malicious links.

When you enable SpamAssassin, it uses scores to rate the likelihood that a message is spam. You can manage messages that SpamAssassin marks as spam in a number of ways. For example, you can route messages marked as spam to specific folders, or you can automatically delete them.

Although you can configure SpamAssassin to automatically delete messages marked as spam, It is not recommend enabling this feature.   Instead, you should use a filtering rule that redirects suspected spam messages to a spam folder. 

Enabling SpamAssassin

To enable SpamAssassin in cPanel, follow these steps:

  • In the Mail section of the cPanel home screen, click Spam Assassin™.
  • Click Enable Spam Assassin.
  • To enable auto-deletion of spam messages, select a score level under Filters, and then click Auto-Delete Spam. Alternatively, to disable auto-deletion of spam messages, click Disable Auto-Delete Spam.
  • A lower score is more restrictive. In other words, an auto-deletion score of 1 is very aggressive, and will delete many messages. An auto-deletion score of 10 is more permissive, and will let more messages through without deleting them.
  • Configuring SpamAssassin
  • After you enable SpamAssassin, you can configure message scoring parameters to control how SpamAssassin examines incoming messages. You can also define whitelists (trusted senders) and blacklists (known spammers).

To configure SpamAssassin in cPanel, follow these steps:

In the Mail section of the cPanel home screen, click Spam Assassin™.
On the SpamAssassin page, click Configure SpamAssassin.
In the required_score text box, type the number of hits required until a message is marked as spam.
Any message that has a score greater than the required_score value is marked as spam.   A score of 4 should be a good place to begin.
In the score text boxes, you can assign scores to specific tests that SpamAssassin uses to examine incoming messages. recommends using the following test scores:

URIBL_DBL_SPAM 10.0 10.0 10.0 10.0
URIBL_WS_SURBL 10.0 10.0 10.0 10.0
URIBL_BLACK 10.0 10.0 10.0 10.0
T_DKIM_INVALID 2.0 2.0 2.0 2.0
RDNS_NONE 1.8 1.8 1.8 1.8
DCC_CHECK 5.0 5.0 5.0 5.0

The URIBL_* tests check blacklists such as Spamhaus.
The RDNS_NONE test checks to see if the sending IP address has a reverse DNS entry, while the DCC_CHECK test checks the DCC checksum database to detect bulk mail.

If you later want to reset these scores to their default values, use the following test scores:

URIBL_DBL_SPAM 0 1.7 0 1.7
URIBL_WS_SURBL 0 1.659 0 1.608
URIBL_BLACK 0 1.775 0 1.725
RDNS_NONE 0 1.1 0 0.7
DCC_CHECK 0 1.1 0 1.1
In the blacklist_from text boxes, you can specify e-mail addresses that are known spammers.
In the whitelist_from text boxes, you can specify e-mail addresses that are trusted senders.
To save the new configuration, click Save.

Disabling SpamAssassin

You can disable Spam Assassin whenever you want. For example, if you are unable to receive a non-spam e-mail message, you can disable SpamAssassin and ask the sender to resend the message so it reaches your account.

To disable SpamAssassin in cPanel, follow these steps:

In the Mail section of the cPanel home screen, click Spam Assassin™.
Click Disable Spam Assassin.


BoxTrapper filters spam from your inbox through challenge-response verification. When an account with BoxTrapper enabled receives an email, BoxTrapper automatically sends a verification email in response. The sender must complete the verification process before the email can pass to your inbox. If the sender does not verify the email, the verification fails and BoxTrapper never clears the message for delivery. After a period of time, the system automatically deletes the spam.

Documentation on BoxTrapper can me found in the BoxTrapper App in cPanel.  You pick the account you want to enable BoxTrapper challenge on and configure each option.

More Information

For more information about SpamAssassin in cPanel, please visit
For general information about SpamAssassin, please visit

Also Read

Configuring DMARC
Blocking Addresses in Spamassassin
Setting up Gmail for POP3 and SMTP
How can I track down a missing email?
Changing Your Email Account Password in cPanel