How to protect your emails from spam using SpamExperts
In this article, we will take a closer look at SpamExperts components and their functionality that help to protect your emails from spam. If you have not set up SpamExperts for your domain yet, feel free to follow this guide
SpamExperts has the following menus:
4. Incoming - Protection Settings
6. Outgoing - Protection Settings
8. Users & Permissions
10. My Settings
Let's have a detailed look at each of them.
- Mailboxes overview
- LDAP mailbox sync
- Domain aliases
- Train spam
- Train not spam
In the Configuration
tab, you can set the Timezone for the SpamExperts interface and select the desired date and time format.
The rest of the settings in this tab are already configured to work with your account. Therefore, we recommend keeping them as they are.
In the Mailboxes
tab, you can manually add the mailboxes that are already created in your cPanel. This is not a required action but is helpful if you would like to configure some settings separately for certain mailboxes and be able to log in to your SpamExperts interface as a mailbox user.
The Mailbox aliases
tab cannot be used for configuring aliases for your cPanel mailboxes. Instead, you can set them up as described in this article
The features of this menu cannot be used on Namecheap’s Shared Hosting servers.
This menu cannot be used for setting up domain aliases. Instead, you can set them up as described in this article
- Train spam/Train not spam
These options allow you to report spam or non-spam emails, as a result “train spam” filter. You can upload a spam email in the .eml format
PLEASE NOTE: You can upload any .eml file you consider as spam, but if it never passed through SpamExperts filter before then you will receive a warning: The message you have uploaded never passed through our spamfilter. Feel free to disregard this warning and proceed with .eml file upload.
With SpamExperts, you can choose to receive email reports about the emails that were quarantined by the spam filter and available for release. This section of the interface allows for the configuration of these email report settings.
- Email Scout Reports - incoming
- Email Scout Reports - outgoing
- Domain report actions
- Protection report - mailbox
- Protection report - send now
- Protection report - domain
- Email Scout Reports - incoming
The Email Scout Report
is a report that is available to you directly from the Log Search Pages
. This report offers a lot more flexibility than the usual protection reports since they are based on the searches you create.
To create a new Email Scout Report
, go to to the Incoming Logs
menu, create your custom Query Rule, and click on the Show Results
button. Once the results are shown, you will see the Email this search
button, as pictured in the screenshot below:
To activate the Email Scout Report, you need to click on the Email this search button and set the corresponding options:
- Set a Report Name depending on what the report contains, which can be anything you like.
- Add a relevant Subject to the email.
- You can select from the following Delivery options: Right away/At given time/Weekdays at 09:00/Every day at 09:00, 12:00, and 16:00/Repeat/Advanced. Repeat and Advanced options will allow you to create a customized schedule for sending the report.
- Add a custom Sender address for the email containing the report.
You can add multiple reports whenever you like.
Once the reports are added, you can now manage them. Go to the Email Scout Reports section, click on Show Results to see a list of all your reports, and feel free to edit or remove the reports.
Using the left drop-down arrow near the report you will be able to:
- Execute search will redirect you to the Log Search page, showing the search results with the criteria that was saved for that particular report.
- Edit the report settings.
- Remove the report from the list.
- Request the delivery of the report right now using Send now, not waiting for the scheduled time.
- Export as .CSV will download the report settings to your PC in a .csv file.
- Email Scout Reports - outgoing
This option doesn’t with with Shared Hosting.
In this menu, you can select what options will be available in the regular Protection Report that you’ll receive via email. They will appear as buttons next to each email that has been filtered and put into quarantine:
- Protection report - mailbox
In this menu, you can set up which Protection reports to send for separate mailboxes in your account. Click on Add a recipient to enter the mailbox and select where and how often to send the report:
- Protection report - send now
Here, you can request a report for all mailboxes associated with your
domain name for a specified date range, sending it to a specified email.
- Protection report - domain
From this menu, you can set up automatic reports to be sent to all your domain mailboxes regarding the quarantined emails. You can select the recipient, frequency, language, and format in which the report is presented to you.
NOTE: You can unselect the option Send report with no quarantined messages so that reports are not sent when there were emails quarantined on that day or week.
Using this menu, you can view the log of received, blocked or temporarily-rejected emails. It’s possible to search the log for incoming emails based on criteria such as subject, sender, recipient, status, destination IP, and others. Click on +New rule to add more query rules to your search. Once the necessary options are selected, click on Show Results to get the logs.
Depending on the email status, some of the following actions will be applicable to the emails:
- Remove from quarantine will delete the message from quarantine; it will still be visible, however, in the logs.
- Release from quarantine option will release the email from the quarantine and deliver it to the necessary recipient.
- Release and train from quarantine option will deliver the email to the recipient and train it as not spam in the SpamExperts system.
- Download quarantined message will download the .eml file of the email message to your device.
- Telnet SMTP test option will take you to the Network tools menu where an SMTP test to the destination can be run.
- Sender callout can be used to check whether or not the sender’s email address really exists. You can see exactly how the sender's mail server responds when the address is checked. Find more details here.
- Recipient callout refers to when you see delivery problems, you can see exactly what the destination mail server’s response is when the recipient is specified.
- Whitelist sender means you can click this to add the sender of a particular email to your whitelist.
- Blacklist sender will add the sender of a particular email to your blacklist.
- Blacklist recipient can be used if you would like to disable all incoming emails for the particular mailbox on your domain.
- Delivery history cannot be used on our servers.
- View email allows you to view the contents and the headers of a quarantined email.
- Change action for messages like this will take you to the Customise actions menu where custom rules for messages can be created. We do not recommend changing default actions for the main classes of emails.
- Export as .CSV will allow you to download the search results to your device in a .CSV file.
You can also use the previous search interface that has all possible search criteria listed at once by clicking on the deprecated log search page
This menu cannot be used
on Namecheap’s Shared Hosting servers.
This menu allows you to view the email logs with the Quarantined
status only. They are stored for 28 days by default and then purged. The options available here are the same as in the Logs' menu.
In order to view the headers and full raw content of the quarantined email, click on the email subject. Then choose the Raw
tab, scroll down and click on Load raw body
at the bottom of the headers:
Also, it’s possible to check the reason for the blocked email, simply by looking at the X-SpamExperts-Evidence
line in the raw header and then comparing it with logs from the classification page
: Unlike other spam protection systems, SpamExperts stores all email logs and spam emails on its server. Due to this, the only way to check incoming spam emails in your email account is to access SpamExperts account itself. NOTE 2
: The emails released from the quarantine are delivered to your mailbox; however, you will continue to see the respective email in your SpamExperts web interface. This is the expected behavior.
With this menu, you can edit, add or remove the destinations and change their order. The hostname or IP address specified here define the mail server that SpamExperts will use to forward the email after it’s been filtered (your hosting server with us).
To view the current destinations, click on Show results
It’s possible to have a few email destinations. Delivery will be attempted at each one of the destinations, from the lowest priority field to the highest (as with MX records). In order to add a new route, click on the Add a destination button, enter the priority, the hostname or the IP of your hosting server with Namecheap and the SMTP port (25) and click Save.
: A domain name always needs to have at least one destination for the filtering machines to deliver clean emails. Therefore, you are not allowed to remove the first destination before creating the second one.NOTE 2
: If there are temporary issues with the first destination, the system will automatically try to deliver the email to the second one, then the third one and so on. In case there are permanent failures with a destination, the emails will be put into an email queue and SpamExperts will not attempt another destination. Therefore, it's crucial to have the hostname indicated in the destination respective to the correct IP address.
Domain settings include the following:
- Primary Contact Email for your domain.
- Email notifications From address. This field should not be filled in as all reports from SpamExperts will be sent from the default email email@example.com.
- Enable logging of invalid recipients option that specifies whether or not the details of incoming mails addressed to non-existing recipients should be logged.
- Direct delivery for email and domain aliases that cannot be used because aliases cannot be set up from within the SpamExperts interface.
- Rejected local-part characters that include the characters allowed in the local part (before @). If you remove the character from Block these characters, it will be allowed in the local part and vice versa. We recommend keeping these settings by default.
- Set the necessary Timezone.
- Automatically Enable Daily Email Scout Reports.
In this menu you can check your domain name statistics for a specified time frame (days, weeks, months or years) and set the start and end dates for a certain period of time:
Statistics are displayed for:
- Spam ratio (of total messages)
- Not Spam messages
- Unsure messages
- Spam messages blocked
- Viruses blocked
- Whitelisted messages
- Blacklisted messages
This menu lists whitelist recipient rules, which are set by a higher-level administrator. These rules will be applicable by default. From this menu, it’s not possible to whitelist recipients for your domain name.
To whitelist recipients for your domain name, add a mailbox and disable incoming filtering in the Mailbox Overview
>> Mailboxes by setting the Filtered (Incoming)
option to No
. This may be used for mailboxes like “abuse@
” or “postmaster@
” whose email should not be filtered.
In this menu, you can add your mailboxes to blacklist and reject all emails sent to them.
Click Add blacklist recipient
to add a mailbox to blacklist and Show Results
to see the current list of blacklisted recipients.
Messages to a blacklisted recipient will be rejected regardless of the message content. Please note that this feature checks only the "envelope" recipient, which is the actual email address the email was sent to. Messages are rejected prior to the message content being received so they are not available in the quarantine. To blacklist all recipients (i.e. accept no mail) use * as Local-part
This menu allows you either to whitelist a sender's email address or a full domain name. All spam filtering checks are disabled for whitelisted senders and emails sent from the whitelisted senders will be delivered to your email’s inbox folder.
To add a sender to whitelist, click on Add whitelist sender
. Enter the domain in the Address
field and click Save
. If you want to whitelist a sender for only one recipient, add the Local-part
only (the part before the @).
Here, you can add a sender’s email address or a full domain name to the blacklist. All emails sent from a blacklisted sender will be rejected regardless of the message content. Please note that such messages will not be quarantined but rejected with a 5xx SMTP error code, so legitimate sending SMTP servers will generate a bounce-back message to the sender.
Click on Show results to see the current list of blacklisted senders. Click Add blacklist sender to add a new sender. Enter the domain name in the Address field and click Save. If you want to blacklist a sender for only one recipient, add the Local-part only (the part before the @).
- Whitelist filtering rules
In this menu, you can create custom filtering rules when messages should be accepted. Each of these rules will be evaluated, in their specified order. If one rule matches, then the message will be accepted with no further filtering required. The rules may match against the content of the message or various metadata. To create a new rule, click Add rule, enter the rule name, select the criteria, enter the desired value, and click Save:
- Blacklist filtering rules
Here, you can create custom rules for when messages should be rejected. They can be checked against criteria such as the subject, sender, message body content and many others. Emails that match these criteria will be quarantined with no further filtering required, and their sender will receive a bounce-back message with the error code “550 Message rejected due to user rules”. Click Show results to see the current rules and Add rule to add a new one. Enter the rule name, select the criteria, enter the desired value, and click Save:
In this menu, you can create custom rules for filtering emails based on the main class, subclass, and extra class. These classification columns are “regular expressions.” Regular expressions are rules used to describe matching patterns; they are similar to wildcards but more powerful. We do not recommend changing the default actions for the email classes.
In this section, you can control filter settings for the domain name and its users. If the Quarantine enabled
option is turned off, the spam emails will be delivered to your inbox and will not be kept in the quarantine system.
The following items can be changed here:
- Quarantine threshold. Set a minimum score an email must get in order to be classified as spam by the content analysis portion of the filter. This score ranges from 0.0 (certainly not spam) to 1.0 (certainly spam), so the higher value that this is set, the more likely you are to receive false negatives, and the less likely you are to receive false positives. It is set to 0.85 by default in order to avoid any possible mail delivery issues.
- Beneficial to train threshold. Set the minimum score that the email must get in order to be classified as unsure (and therefore notated) by the content analysis portion of the filter. The score ranges from 0.0 (certainly not spam) to 1.0 (certainly spam). This must be lower than the spam threshold. The default value is set to 0.3.
- Sender checks:
- SPF Sender Policy Framework
. SPF is a common technology that allows the sender to indicate which IPs are allowed to deliver the email from the sender’s domain name. This check can be disabled by ticking the box; however, we recommend to enable it to block spam.
- DKIM Domain Keys Identified Mail. This method is an email authentication that’s designed to detect email spoofing. We recommend enabling this.
- DMARC Domain-based Message Authentication, Reporting & Conformance. Designed to give email recipients better judgment control based on the domain sender’s reputation. It is disabled by default.
- Skip maximum line length check. There are strict regulations on the allowed line length in emails, which are automatically enforced by email software. Some applications or poorly-developed scripts do not adhere to the official specifications, thereby exceeding the maximum allowed line length. This check can be disabled by ticking the box; however, we recommend enabling it to block spam.
- Beneficial to train notation. Prepend this tag to email subjects where the filter could not strongly classify as spam or not spam. You need to leave this field empty not to prepend the emails. It’s necessary to ensure the email is considered legitimate; you can use this tag to have them stand out and to report them as spam/not spam to further improve the effectiveness of the filter.
- Quarantine response. This option may be used if you do not want senders to receive a bounce-back email when their email gets blocked or quarantined. If this option is set to Accept the email, the SMTP response would be 2xx accept (the email has been accepted for delivery). However, the email will still be blocked and shown in the Spam Quarantine. Since this technically breaks with the SMTP RFC specifications, we don’t recommend enabling it.
With the help of this menu, you can specify which emails should be blocked based on the file extensions attached to the email. The Current list of blocked extensions
contains the extensions that are currently blocked
for the domain name:
If the email contains the file or attachment with a blocked extension, the email itself will also be blocked and placed in Spam Quarantine.
To allow receiving extensions from the blocked extension list, select the extension and click the Remove Selected button.
To block an extension, put it in the Add new Extension field and click the Add button:
- Disallowed release extensions. Email users will not be allowed to release messages that contain attachments with these extensions.
- Restriction options. To block password-protected archive attachments, potentially unwanted attachments, and attachments that contain hidden executables.
- Additional restrictions. Link limit size and maximum MIME defects.
- Scanned link extensions list. If “Message link size limit” is set, then links in messages to files with these extensions will be scanned for viruses and other malware.
In this section, you can specify the maximum email size limits for incoming and outgoing emails. Keep in mind that the server limit is set to 50 MB; therefore, it’s not possible to exceed this limit even using the No limits
After this, you can choose the desired action taken for the oversized emails: either place them in quarantine
or have them rejected
By default, outgoing emails on our Shared servers are not filtered
through SpamExperts, so normally, you will not see any activity in the menus of this section.
6. Outgoing - Protection Settings
In most cases, it won't be possible to manage these settings as outgoing filtration is disabled
by default and can be enabled on our end.
- Delivery queue - incoming
This section runs a search through the incoming email log, selecting all the emails that have Queued
and Delivery failed
status. Here you can see which emails are stuck in the incoming delivery queue and can view their details by the actions available in the usual Log search
You can use this menu to send an email to any address from the SpamExperts’ servers. The From address
of that email is the one you’ll have as the main contact email for your SpamExperts account.Ping
You can use this menu to check if a recipient’s server is reachable. You need to enter the hostname or the IP address in the field Destination
and click Run
You can also specify additional parameters like the number of Packets
in seconds, and limit the test to IPv4
The output will appear in the Results
In the screenshot above, the packet loss is 0%, which means that the destination server is now up and responding fine. If you see packet loss value higher than 0%, this may indicate there are some issues with the destination server.
This tool may be used to test mail transfer (using the SMTP protocol) between the SpamExperts server and the destination server - your hosting server with Namecheap. In essence, it’s a simulation of an SMTP connection. You can fill in one or several of the fields to test how a server would respond to certain SMTP commands.
There are many checks that you may use this tool for:
- Sender callout. If you encounter problems with the sender’s verification, you can see exactly how the sender's mail server responds when the address is checked.
- Recipient callout. If you encounter delivery problems, you can see exactly what the destination’s mail server responds to when the recipient is specified.
- Open relay check. You can see whether a mail server appears to be an "open relay" that accepts mail for any destination.
- Catch-all check. You can see whether a mail server appears to be a "catch-all" for a specified domain name, accepting mail for any address at that domain name.
- Telnet test. You can check the full SMTP delivery process to a destination in order to see exactly how the destination responds in answer to each of the SMTP commands and the final message content.
The tool will go as far as the information provided. If a recipient is not provided, then the connection will end after "MAIL FROM", and if a message is not provided, then the connection will end after "RCPT TO.” If you have a message in the DATA section, this will send an email to the specified recipient.
To test deliverability issues from a specific server in the cluster, or an IP address assigned to a server, select the relevant IP. If left blank, then one of the control panel IPs will be used.Traceroute
This tool can be used to display the route and transit time for connections between servers in the cluster and a specified destination. If the connection is timing out on some hops, there might be connectivity issues.
This tool can be used for looking up the most widespread types of DNS records for a domain name. You need to specify the domain name in the Name
field and select the record Type
from the drop-down menu. You can also specify additional parameters like the nameservers from which the DNS query should be performed. If left empty, the control panel's default name server will be used.
- Clear callout cache - incoming
In this menu, you can manually clear the domain name’s callout cache. This will be quite useful when changing the domain name routes, DNS records, and for removing the positive/negative responses from the destination mail server:
On this page, you can create and manage email users that are connected with your domain name. Click the Add button in order to add more users to the SpamExperts Dashboard:
Before the email user creation, you will need to make sure that the domain name you are creating the email for already exists on the server. Make sure that when setting the user password, it contains at least one upper case letter or one digit, no spaces, and that it’s 6-25 characters in length.
The created user can log in to SpamExperts Dashboard with these details, manage their specific mail settings, and check their quarantine. On the Manage email users page, you can also do the following:
- Edit the user details (username and password).
- Delete the email account from the SpamExperts Dashboard.
- As an advanced user, you have the ability to login as a user to a particular account.
- Enable Two-Factor Authentication (2FA) for the user.
: LDAP authentication cannot be used on Shared Hosting servers.
In this section, you can manage permission for available sections in User's SpamExperts Dashboard
. Each of them can usually be accessed via 4 possible HTTP methods:
- GET method is used for viewing data.
- POST method is used for new entry creations.
- PUT method is used for existing entry modifications.
- DELETE method is used for entry deletions.
On this page you can control user permissions which are managed by you:
There is no access
to the SpamExperts Control Panel API on our Shared Hosting servers so you will not need to use this menu.
Here, you can change the password to your SpamExperts account, the contact email address, enable/disable Two-Factor Authentication (2FA) and enable/disable email notifications for when your account is accessed from a different IP or unusual location.
Need any help? Contact our HelpDesk