Apache SpamAssassin is a server-side spam filtering system that analyses incoming email and assigns a spam score. Messages scoring above a threshold are flagged as spam. cPanel provides a simple interface to enable and configure it.
Please note: Screens and options may vary slightly depending on your cPanel version and hosting plan.
Enabling SpamAssassin
- Log in to your cPanel account.
- In the Email section, click Spam Filters.
- Toggle Process New Emails and Mark them as Spam to enable SpamAssassin.
Configuring the Spam Threshold
The spam score threshold determines how aggressively spam is filtered. Lower numbers are more aggressive (more false positives), higher numbers are more lenient.
- 5 (default) — A good balance for most users.
- 3–4 — More aggressive. Suitable if you receive a lot of spam, but check your spam folder regularly for false positives.
- 7–8 — More lenient. Only obvious spam will be caught.
To adjust the threshold:
- On the Spam Filters page, click Spam Threshold Score.
- Select your preferred score.
- Click Update Scoring Options.
Auto-Delete Spam
You can configure SpamAssassin to automatically delete messages that exceed the spam score threshold:
- On the Spam Filters page, toggle Automatically Delete New Spam (Auto-Delete).
- This will permanently delete messages that SpamAssassin identifies as spam. Use this with caution — legitimate emails occasionally receive high spam scores.
Whitelisting and Blacklisting
To always allow or always block specific senders:
- On the Spam Filters page, click Show Additional Configurations (if available).
- Use Whitelist to add email addresses or domains that should never be marked as spam.
- Use Blacklist to add email addresses or domains that should always be treated as spam.
How SpamAssassin Scores Work
SpamAssassin examines many characteristics of each message and assigns points for each spam-like feature. Common scoring factors include:
- Missing or suspicious headers.
- Known spam phrases or patterns in the subject or body.
- Sending server reputation.
- HTML formatting typical of spam.
- Presence or absence of SPF/DKIM authentication.
The individual scores are added together. If the total exceeds the threshold, the message is marked as spam.
Tips
- SpamAssassin adds headers to every message (e.g.
X-Spam-Status,X-Spam-Score). You can create email filters based on these headers for more granular control. - If legitimate emails are being flagged, whitelist the sender or raise the threshold score.
- Regularly review your spam/junk folder for false positives.
- SpamAssassin works in conjunction with other email security measures like SPF, DKIM, and DMARC — properly configured DNS records significantly reduce spam.
What Next?
- Creating Email Filters — Use filter rules alongside SpamAssassin for finer control.
- Email Deliverability - SPF, DKIM & DMARC — Improve inbound and outbound email authentication.
