Spam Filters

SpamAssassin is the built-in spam filtering engine on your hosting account. It scores incoming messages and marks or discards those that look like spam.

Enabling SpamAssassin

Log into cPanel and go to the Email section.
Click Spam Filters.
Toggle Process New Emails and Mark them as Spam to on (if not already enabled).

Once enabled, SpamAssassin analyses every incoming message and assigns it a spam score. Messages that exceed the threshold are marked with ***SPAM*** in the subject line.

Auto-Delete Spam

By default, spam is only marked, not deleted. To automatically discard high-scoring spam:

On the Spam Filters page, toggle Auto-Delete Spam to on.
Set the Spam Threshold Score. The default is 5. Messages scoring at or above this value will be deleted.

Warning Auto-deleting spam means the messages are permanently discarded — they cannot be recovered. Start with a higher threshold (e.g. 7 or 8) and lower it gradually if needed, so you do not accidentally lose legitimate mail.

Understanding Spam Scores

SpamAssassin evaluates dozens of characteristics of each message and assigns point values. Here is a general guide to scores:

0 – 4 — Likely legitimate mail.
5 – 7 — Probably spam. May include some false positives.
8+ — Almost certainly spam.

Tip A threshold of 5 is the industry standard default. If you find that legitimate emails are being marked as spam, raise the threshold to 6 or 7. If too much spam is getting through, lower it to 4.

Whitelisting and Blacklisting

You can manually whitelist (always allow) or blacklist (always reject) specific email addresses or domains.

Adding a Whitelist Entry

On the Spam Filters page, click Show Additional Configurations (or Configure SpamAssassin on older cPanel versions).
In the Whitelist (Emails Always Allowed) section, enter the email address or domain you want to allow. Use the format *@example.com to whitelist an entire domain.
Click Update Preferences.

Adding a Blacklist Entry

In the same configuration area, find the Blacklist (Emails Never Allowed) section.
Enter the email address or domain to block.
Click Update Preferences.

Filtering Spam in Your Email Client

If you prefer not to auto-delete spam, you can use your email client's built-in rules to sort spam-marked messages:

Create a filter rule that looks for ***SPAM*** in the subject line.
Move matching messages to a "Junk" or "Spam" folder.
Review the folder periodically for false positives before emptying it.

Reducing Incoming Spam

In addition to SpamAssassin, these practices help reduce the volume of spam you receive:

Avoid publishing your email address in plain text on websites. Use a contact form instead.
Set up SPF and DKIM records to improve your domain's email reputation.
Do not use a catch-all forwarder unless necessary, as it accepts mail for any address at your domain.
Never reply to spam or click unsubscribe links in obviously fraudulent messages.