How to protect your emails from spam using SpamExperts
1. Introduction4.1 Incoming
2. How does SpamExperts work?
3. Getting started with SpamExperts
4. SpamExperts configuration
4.3 Email Restrictions
4.5 Webinterface users
4.6 My account
5. How to deal with mail issues during account transfer
6. Disabling SpamExperts
SpamExperts is a user-friendly email filtering solution that allows to protect your account from both incoming and outgoing spam. One of the benefits of SpamExperts is that the suspicious emails are stored in the Spam Quarantine, so the users can easily manage the emails and mark them as legitimate or suspicious ones.
NOTE: At this time Namecheap Spam Protection is enabled on some of our shared servers. Also, it works for our Free Email Forwarding. However, we plan on implementing it for all mail services we provide in the nearest future.
2. HOW DOES SPAMEXPERTS WORK?
SpamExperts works at the domain level, that means you may manually select the domains you would like to protect:
It works in such a way so that incoming email for protected domain is automatically routed through the SpamExperts filtering system before reaches mail server you actually use. from there,filtered - either discarded or placed quarantine if spam. after valid emails are back to shared hosting and delivered client's inbox.
NOTE: The exact shared server to forward mail to is determined by the hostname/IP address specified in email route settings. By default, if you haven't changed MX records for your domain after hosting account setup, the mail server will be determined by A record for sub-domain mail.domain.com (this is a default route set in SpamExperts settings).
In case this sub-domain is pointed to third-party IP address by means of A record it's possible to adjust routing in SpamExperts settings to server hostname, IP address or domain (hostname) that is pointed to our server.
If the hostname specified in email route settings is pointed to the third-party IP address, the email will not be delivered to your mailbox: it will be either rejected by that third-party server and the sender will receive a bounce back email, or the email will reach the server but the sender will not get any notifications about undelivered email in this case.
3. GETTING STARTED WITH SPAMEXPERTS
All incoming mail appears to be routed to SpamExperts server after the MX records below are set up for the domain you wish to protect:
In order to do it, follow these steps:
1. Access your cPanel > go to the Domains section and click on the Zone Editor menu:
3. Click the Manage button next to the domain which DNS zone you would like to edit:
2. Choose MX option and remove all existing MX records:
3. Once done, using +Add Record box add four new MX records:
Next, go to Email section in cPanel > Email Routing menu:
If you have several domains or subdomains, choose the needed domain from the drop-down list and set Email Routing to Local Mail Exchanger > click Change:
NOTE 1: These changes will be performed automatically for the domains with the local DNS zone and local Mail Exchangers only.
NOTE 2: It is still possible to use third-party nameservers (or use CloudFlare nameservers with our hosting) and mail service in cPanel with SpamExperts. In order to make it work, you need to set up the same MX records from the side of your DNS provider and have SpamExperts enabled in cPanel for your particular domain.
4. SPAMEXPERTS CONFIGURATION
SpamExperts account can be opened via cPanel > Professional Spam Filter menu under Mail section:
From there choose account of the domain you wish to access by clicking Login button and you will be redirected to your SpamExperts Dashboard:
Let's take a closer look at each component of SpamExperts Account.
At present, there are two types of interfaces in Spam Experts. To enable the new interface, go to Others > User's profile menu > Set Features preview: Active (set Inactive mode to switch to the old type).
> Click Save:
With the help of Log search it is possible to view the log of received, blocked or temporarily rejected emails. You can search the log for the incoming email based on such criteria as subject, sender and recipient of the email, sender/hostname, destination IP and others.Once the necessary options are inserted, click on Start search to get the logs.
NOTE: By default the connections logged are accessible for the last 28 days.
You will get the list of the logs for the specific incoming emails. It is possible to Check delivery status and Error details of the email using the drop down box on specific email:
If the email is Rejected or Temporarily rejected, you will see the corresponding status and reason under column called Classification. Email with the status Accepted has not necessarily been delivered, it means the email has been accepted for delivery only. In case delivery fails, it will be retried automatically. But when the destination server rejects the incoming email, the sender will get a bounce back email:
The detailed classification of the reasons connected with rejected or temporarily rejected emails can be found here.
NOTE: You can find and train the rejected emails in Spam quarantine section (more details can be found in the next section). In case the spam email has been accepted by SpamExperts, you can report these emails as spam white here to get more details.
The search of the emails in quarantine and all search-related options (for both outgoing and incoming correspondence) are located here. You may set multiple query rules and export entries to a CSV file:
In this section you can check all incoming quarantined emails that are stored for 28 days by default and then purged. Here you can search the emails by Subject, Sender or Recipient and Empty spam quarantine beforehand if necessary:
It is possible either to release or remove the emails:
- Release and Train option will deliver the email to the recipient and train it as not spam in SpamExperts system.
- Release option will release the email from the quarantine and it will only deliver it to the necessary recipient.
- Release and Whitelist option will deliver the email to the intended recipient and automatically add sender's email address to Sender Whitelist.
- Remove option will delete the email from quarantine.
- Remove and Blacklist option will delete the email and automatically add sender's email address to Sender Blacklist.
In order to view the headers and full raw content of the quarantined email, click on email subject. Then choose Raw tab and click on Load raw body at the bottom of the headers:
Also, it is possible to check the reason for the blocked email, simply look for Evidence line in the raw header and then compare it with logs from classification page.
At the top of the raw headers page you can find the option Download as .eml that allows you to download that specific spam email in .eml format so that you can afterwards report it as spam and train the spamfilter.
NOTE 1: Unlike the other spam protection systems, SpamExperts stores all mail logs and spam emails on its own server. Thus, at the moment the only way to check incoming spam emails of your email account is to access SpamExperts account itself.
NOTE 2: In the new interface, the emails are released from the quarantine and are delivered to the mailbox. However, you will keep seeing the email in question in Web interface and it is how it is supposed to work. Since in the new interface this is not a Quarantine menu but a Search menu used for logs search and search through quarantine itself. If you prefer not to see the released emails, you may switch to the old interface in Others > User's profile menu > Set Features preview: Inactive.
Incoming delivery queue
Here you can find the list of incoming emails that cannot be temporarily delivered to the server. The emails queued can be filtered by the following criteria: sender, recipient, size, time, message ID etc.:
There are the following options for the filtered emails:
- Force retry option will retry to deliver the email.
- Delete option will delete the email from the queue.
- Delete and report as spam option will delete the email from the queue and report it as spam to the training server.
- Error details option will check the reason why messages are stored in Delivery Queue.
- View option will allow you to check the headers of the queued email.
Email address aliases
In this menu you can create aliases for your email accounts. Specify the existing email account name in Email address field and and alias you wish to have for it in Email address alias field, then hit Add:
In such a way, all the emails sent to email@example.com email address will be automatically redirected to firstname.lastname@example.org account.
Note, that it is impossible to send emails from an alias address. For these purposes you will need to create a fully-fledged email account in your cPanel per this guide.
This option will be useful if you have multiple domains in your cPanel account. Any email sent to the domain alias will be delivered to the same user on the main domain:
Thus, if you send an email to email@example.com, it will be delivered to firstname.lastname@example.org account. Note, that alias domains don’t have separate access to the webmail.
And if you searching for a specific email sent to a domain alias using the log search, the recipient will therefore show as
In this section you can manage the settings for the particular domain:
Domain settings include the following:
- Set Primary Contact Email for your domain.
- Enable Email notifications From address that will allow you to get notifications from this email address (e.g. when the particular email is put into quarantine).
- Enable or disable logging for invalid recipients option allows or does not allow the selected domain to log details of incoming mails addressed to incorrect recipients.
- Add Rejected local-part characters that include the characters allowed in local part (before @part of email address). If you remove the character here, it will be allowed in local part, and vice versa:
Set the necessary Timezone.
With this menu you can edit, add to remove the routes and change their order. The hostname or IP address specified in route defines the destination mail server SpamExperts will forward email to after filtering. It is possible to have a few email routes. In order to add a new route, click on Add a route button and insert the server hostname, IP address that is pointed to our server your mail is hosted on, submit the field with SMTP port and click Save:
NOTE 1: A domain always needs to have at least one route in order for the filtering machines to deliver the clean emails, therefore, you are not allowed to remove the only route in this section as the new one should be created first and then you will be allowed to remove the old one.
NOTE 2: If there are temporary problems with the first route, the system will automatically try to deliver the email to the second one, then the third one and so on. In case there are permanent failures with a route, the emails will be put into email queue and SpamExperts will not try the next route. Therefore, it's crucial to have the hostname indicated in route resolved to the correct IP address.
NOTE 3: It is possible to change the order of your routes by drag dropping them to the right position in the list.
Also it is possible to run Telnet test by clicking on corresponding button next to your destination route. By performing telnet test you can verify if the recipient's email address exists on the destination mail server specified in chosen route. The following dialog box will appear, here you need to enter the sender and recipient email address:
Once done, click Go to start telnet test. Below you can find an example of Telnet test results:
In the example above an email is sent from email@example.com to firstname.lastname@example.org.
The senders e-mail address is specified by the MAIL FROM command and the recipients e-mail address is specified by the RCPT TO command. MAIL FROM command also tells the SMTP server that a new mail transaction is starting. This command is usually sent as the first command after the identifying and login process.
When the senders e-mail address is accepted the server will reply with a 250 OK reply code (like in our example). The DATA command informs the server that now will the message data be sent (e-mail header, body text etc). The single dot below the message contents informs the SMTP server when the message data ends. After a single dot has been sent to the server and the server has responded, a QUIT command is sent to terminate the session.
In this menu you can check statistics for your domain for specified time frame (days, weeks, months or years) and set start and end dates for the necessary period of time:
Statistics are displayed for:
- Spam ratio (of total messages)
- Not Spam messages
- Unsure messages
- Spam messages blocked
- Viruses blocked
- Whitelisted messages
- Blacklisted messages:
In this section you can control filter settings for the domain and its users. If the Quarantine enabled option is turned off, the spam emails will be delivered to your inbox and will not be kept in quarantine system.
The following items can be changed here:
- Quarantine threshold: set a minimum score that email must get in order to be classified as spam by the content analysis portion of the filter. The score ranges from 0.0 (certainly not spam) to 1.0 (certainly spam), so the higher this is set, the more likely you are to receive false negatives, and the less likely you are to receive false positives. It is set to 0.85 by default in order to avoid any possible mail delivery issues.
- Beneficial to train threshold: set the minimum score that email must get in order to be classified as unsure (and therefore notated) by the content analysis portion of the filter. The score ranges from 0.0 (certainly not spam) to 1.0 (certainly spam). This must be lower than spam threshold. The default value is set to 0.3.
- Sender checks:
- SPF Sender Policy Framework: SPF is a common technology that allows the sender to indicate which IPs are allowed to deliver the email from the sender domain. This check can be disabled by ticking the box, however it is recommended to make it enabled to block spam.
- DKIM Domain Keys Identified Mail is an email authentication method designed to detect email spoofing. It is recommended to enable it.
- DMARC Domain-based Message Authentication, Reporting & Conformance is designed to give receivers of email better judgement control based on sending domain reputations. It is disabled by defalult.
- Skip maximum line length check: there are strict regulations on allowed line length in emails, which are automatically enforced by the email software. Some applications or badly developed scripts do not adhere to the official specifications thereby exceeding the maximum allowed line-length. This check can be disabled by ticking this box, however we recommend to keep it enabled to block spam.
- Beneficial to train notation: pre-pend this tag to the subject of emails which the filter could not strongly classify as not spam or spam. You need to leave this field empty not to prepend the emails. It is necessary to ensure the email are considered legitimate emails, you can use this tag to have them stand out and to report them as spam/not spam to further improve effectiveness of the filter.
- Quarantine response: you can set this option if you do not want senders to receive a bounce back email when their email gets blocked or quarantined. If this option is set to Accept the email, the SMTP response would be 2xx accept (the email has been accepted for delivery) however it will still be blocked and shown in the Spam Quarantine. Since that technically breaks with the SMTP RFC specification, it's not recommended:
This option allows you to report spam emails and as a result train spamfilter. You can upload an example of spam email in .eml format including the full headers and SpamExpersts additional headers:
NOTE: You can upload any .eml file you consider as spam, but if this email has never passed through SpamExperts filter you will get a warning The message you have uploaded never passed through our spamfilter. Feel free to disregard it and proceed with .eml file upload.
Report not spam
With this option you can report non-spam (ham) emails for training spamfilter. You can upload an example of ham email in .eml format including the full headers and SpamExpersts additional headers:
NOTE: You can upload any.eml file you consider as ham, but if this email has never passed through SpamExperts filter you will get a warning The message you have uploaded never passed through our spamfilter. Feel free to disregard it and proceed with .eml file upload.
Clear callout cache
In this menu you can manually clear the domain’s callout cache. That will be quite useful to be cleared after changing the domain routes,DNS
records and for removing the bad/good responses from the destination mail server:
Clear callout cache
This option allows you to clear the callout cache for an outgoing domain:
4.3 EMAIL RESTRICTIONS
With the help of this menu you can specify which emails should be blocked based on the extensions of the files attached to the email. Current list of blocked extensions contains the extensions that are currently blocked for the domain:
If the email contains the file or attachment with blocked extension, the email itself will be blocked too and placed in Spam Quarantine.
To allow receiving extensions from the blocked extension list, select the extension and click the Remove Selected button.
To block an extension, put it in Add new Extension field and click the Add button:
Additional options include:
- Disallowed release extensions: email users will not be allowed to release messages that contain attachments with these extensions.
- Restriction options: to block password-protected archive attachments, potentially unwanted attachments and attachments that contain hidden executables.
- Additional restrictions: link limit size and maximum MIME defects.
- Scanned link extensions list: if 'Message link size limit' is set, then links in messages to files with these extensions will be scanned for viruses and other malware.
Email size restriction
By default the system uses the email size set by destination mail server, however in this section you can specify the maximum email size limits for incoming mail to be accepted by filtering system. After that you can choose the action should be taken for the oversized emails: either to be placed in quarantine or to be rejected:
This menu allows you either to whitelist or blacklist sender's email address or a full domain. All spamfiltering checks are disabled both for whitelisted and blacklisted senders. Emails sent from the whitelisted senders will be surely delivered to Inbox folder of your email account, while incoming emails from senders listed on the blacklist will be automatically rejected. Note, that such messages will not be quarantined, but rejected with a 5xx SMTP error code, so legitimate sending SMTP servers will generate a bounce message to the sender.
In order to whitelsit an email account or a domain, go to Sender Whitelist > click Add whitelist sernder:
Enter the domain in Address field (specify Local-part to whitelist specific email address) and click Save:
In order to blacklist an email account or a domain, go to Sender Blacklist > click Add blacklist sernder:
Enter the domain in Address field (specify Local-part to whitelist specific email address) and click Save:
4.5 WEBINTERFACE USERS
Manage email users
On this page you can create and manage email users, connected with your domain name.
Click Add button in order to add more users to SpamExperts Dashboard:
Before email user creation you need to make sure that the domain you are creating the email for already exists on the server, and when setting the password for the user, it must contain at least one upper case letter or one digit, no spaces, and must be 6-25 characters in length:
The created users can log in to SpamExperts Dashboard with these details, manage their specific mail settings and check their quarantine. On Manage email users page you can also do the following:
- Edit the user details (username and password).
- Delete email account from SpamExperts Dashboard.
- As a higher level user, you have ability to Login as user to particular account.
- Enable Two-Factor authentication for user.
In this section you manage permissions for available sections in User's SpamExperts Dashboard. Each of them usually can be accessed via 4 possible HTTP methods:
- GET method is used for viewing data.
- POST method is used for new entries creation.
- PUT method is used for existing entries modification.
- DELETE method is used for entries deletion.
On this page you may control permissions for users managed by you:
4.6 MY ACCOUNT
Here you can manage the settings for your account: change contact email address or password, enable/disable Two-Factor authentication in order to increase security of your account:
5. HOW TO DEAL WITH MAIL ISSUES DURING ACCOUNT TRANSFER
During account transfer from one server to another one, it is very important to keep your mail service working and SpamExperts filtering and routing your emails to the new server (if your hosting account is already activated there. In order to achieve this, it is necessary to perform one basic step: to make your route on the old server use the hostname or IP address of the server your account will be moved to.
Once your account is transferred to the new server you need to make sure that email route settings are updated as well, otherwise SpamExperts will filter the emails and forward them to the old destination mail server indicated in email route, where account is no longer active. As a result, the sender will get a bounce back message that a sent email has not been delivered.
If you wish to avoid any downtime of mail service and get all the emails sent during the transfer to your inbox on the new server, the corresponding route should be created: go to SpamExperts Dashboard > Edit Route(s) menu>click Add route and insert the IP address or hostname of the new server your account will be hosted on:
After that you will have two routes that SpamExperts may use (with the old and new destination mail servers). If your new account is already active on the new server, it is recommended to delete the old email route. Also, you will need to check if the correct hostname (IP address) is indicated in email route settings on the new sever.
6. DISABLING SPAMEXPERTS
In case mail should not be routed through SpamExperts filter, you can change MX records for your domain to point to shared server (if you wish to use cPanel Webmail service without SpamExperts) or any other server directly (if you prefer using third-party mail service).
Need any help? Contact our HelpDesk