How to protect your emails from spam using SpamExperts

1. Introduction
2. How does SpamExperts work
3. Getting started with SpamExperts
4. SpamExperts configuration
5. How to deal with mail issues during account transfer
6. Disabling SpamExperts

 

SpamExperts is a user-friendly email filtering solution that allows to protect your account from both incoming and outgoing spam.

One of the benefits of SpamExperts is that the suspicious emails are stored in the Spam Quarantine, so the users can easily manage the emails and mark them as legitimate or suspicious ones.

SpamExperts works at the domain level, that means you may manually select the domains you would like to protect.

It works in such a way so that incoming email for a protected domain is automatically routed through the SpamExperts email filtering system before it reaches the mail server you actually use. From there, the email is filtered – either discarded or placed in quarantine if it is a spam. After that the valid emails are routed back to shared hosting server and delivered to client’s inbox.

NOTE: The exact shared server to forward mail to is determined by the hostname/IP address specified in email route settings. By default, if you haven’t changed MX records for your domain after hosting account setup, the mail server will be determined by A record for sub-domain mail.domain.com (this is a default route set in SpamExperts settings). In case this sub-domain is pointed to third-party IP address by means of A record it’s possible to adjust routing in SpamExperts settings to server hostname, IP address or domain (hostname) that is pointed to our server.

If the hostname specified in email route settings is pointed to the third-party IP address, the email will not be delivered to your mailbox: it will be either rejected by that third-party server and the sender will receive a bounce back email or the email will reach the server but the sender will not get any notifications about undelivered email in this case.

 

All incoming mail appears to be routed to SpamExperts server after the MX records below are set up for the domain you wish to protect:

Priority	MX record
10	smx1.web-hosting.com
20	smx2.web-hosting.com
30	smx3.web-hosting.com

In order to do it, follow these steps:

– access your cPanel > go to MX entry menu under Mail section;

 

– choose domain you want to set up MX records for;
– remove *all existing MX records* at the bottom of the page and add the following ones:

In addition, the Email Routing should be set to Local Mail Exchanger or Automatically Detect Configuration: local. In this case your mail will be delivered locally on the server when sent from the server or outside the server.

    NOTE 1: These changes will be performed automatically for the domains with the local DNS zone and local Mail Exchangers only.
NOTE 2: It is still possible to use third-party nameservers (or use CloudFlare nameservers with our hosting) and mail service in cPanel with SpamExperts. In order to make it work, you need to set up the same MX records from the side of your DNS provider and have SpamExperts enabled in cPanel for your particular domain.

 

SpamExperts account can be opened via cPanel > Professional Spam Filter menu under Mail section

From there choose account of the domain you wish to access by clicking Login button and you will be redirected to your SpamExperts Dashboard.

Let’s take a closer look at each component of SpamExperts Account.

1) Incoming

• Log search

With the help of Log search it is possible to view the log of received, blocked or temporarily rejected emails. You can search the log for the incoming email based on such criteria as subject, sender and recipient of the email, sender/hostname, destination IP and others. Once the necessary options are inserted, click on Start search to get the logs.
NOTE: By default the connections logged are accessible for the last 28 days.

You will get the list of the logs for the specific incoming emails. It is possible to Check delivery status and Error details of the email using the drop down box on specific email
If the email is Rejected or Temporarily rejected, you will see the corresponding status and reason under column called Classification. Email with the status Accepted has not necessarily been delivered, it means the email has been accepted for delivery only. In case delivery fails, it will be retried automatically. But when the destination server rejects the incoming email, the sender will get a bounce back email.
The detailed classification of the reasons connected with rejected or temporarily rejected emails can be found here

NOTE: you can findand train the rejected emails in Spam quarantine section (more details can be found in the next section). In case the spam email has been accepted by SpamExperts, you can report these emails as spam and as a result train spamfilter. Click here to get more details

• Spam quarantine

In this section you can check all incoming quarantined emails that are stored for 28 days by default and then purged. Here you can search the emails by Subject, Sender or Recipient and Empty spam quarantine beforehand if necessary.

 

It is possible either to release or remove the emails:

   –‘Release and Train’ option will deliver the email to the recipient and train it as not spam in SpamExperts system;

– ‘Release’ option will release the email from the quarantine and it will only deliver it to the necessary recipient;

   – ‘Release and Whitelist’ option will deliver the email to the intended recipient and automatically add sender’s email address to ‘Sender Whitelist’;

   – ‘Remove’ option will delete the email from quarantine;

   – ‘Remove and Blacklist’ option will delete the email and automatically add sender’s email address to ‘Sender Blacklist’.

 

In order to view the headers and full raw content of the quarantined email, you need to do the following:

– Click on email subject;
– Choose the ‘Raw’ tab;
– Click ‘Load raw body’ at the bottom of the headers.

Also, it is possible to check the reason for the blocked email, simply look for the ‘Evidence:’ line in the raw header and then compare it with logs from classification page.

At the top of the raw headers page you can find the option ‘Download as .eml’ that allows you to download that specific spam email in .eml format so that you can afterwards report it as spam and train the spamfilter.

NOTE: unlike the other spam protection systems, SpamExperts stores all mail logs and spam emails on its own server. Thus, at the moment the only way to check incoming spam emails of your email account is to access SpamExperts account itself.

 

• Incoming delivery queue

Here you can find the list of incoming emails that cannot be temporarily delivered to the server. The emails queued can be filtered by the following criteria: sender, recipient, size, time, message ID etc.

There are the following options for the filtered emails:

– Force retry – retry to deliver the email;
– Delete – delete the email from the queue;
– Delete and report as spam – delete the email from the queue and report it as spam to the training server;
– Error details – check the reason why messages are stored in Delivery Queue;
– View – this option allows you to check the headers of the queued email.

• Domain settings

In this section you can manage the settings for the particular domain.

 

Domain settings include the following:

– set Primary Contact Email for your domain;
– enable Email notifications From address that will allow you to get notifications from this email address (e.g. when the particular email is put into quarantine);
– Enable or disable logging for invalid recipients option allows or does not allow the selected domain to log details of incoming mails addressed to incorrect recipients;
– add Rejected local-part characters that include the characters allowed in local part (before @part of email address). If you remove the character here, it will be allowed in local part, and vice versa;

– Set the necessary Timezone.

• Edit route(s)

With the help of this menu you can edit, add to remove the routes and change their order. The hostname or IP address specified in route defines the destination mail server SpamExperts will forward email to after filtering.
It is possible to have a few email routes. In order to add a new route, click on Add a route button and insert the server hostname, IP address that is pointed to our server your mail is hosted on, submit the field with SMTP port and click Save.
NOTE 1: A domain always needs to have at least one route in order for the filtering machines to deliver the clean emails, therefore, you are not allowed to remove the only route in this section – the new one should be created first and then you will be allowed to remove the old one.
NOTE 2: If there are temporary problems with the first route, the system will automatically try to deliver the email to the second one, then the third one and so on. In case there are permanent failures with a route, the emails will be put into email queue and SpamExperts will not try the next route. Therefore, it’s crucial to have the hostname indicated in route resolved to the correct IP address.
NOTE 3: It is possible to change the order of your routes by drag dropping them to the right position in the list.

 

Also, it is possible to run Telnet test by clicking on corresponding button next to your destination route. By performing telnet test you can verify if the recipient’s email address exists on the destination mail server specified in chosen route. The following dialog box will appear, here you need to enter the sender and recipient email address:

Once done, click Go to start telnet test. Below you can find an example of Telnet test results:

In the example above an email is sent from [email protected] to [email protected]. The senders e-mail address is specified by the MAIL FROM command and the recipients e-mail address is specified by the RCPT TO command. MAIL FROM command also tells the SMTP server that a new mail transaction is starting. This command is usually sent as the first command after the identifying and login process.
When the senders e-mail address is accepted the server will reply with a 250 OK reply code (like in our example). The DATA command informs the server that now will the message data be sent (e-mail header, body text etc). The single dot below the message contents informs the SMTP server when the message data ends. After a single dot has been sent to the server and the server has responded, a QUIT command is sent to terminate the session.

• Domain statistics

In this menu you can check statistics for your domain for specified time frame (days, weeks, months or years) and set start and end dates for the necessary period of time.

Statistics are displayed for:

– General accuracy
– Spam ratio (of total messages)
– Not Spam messages
– Unsure messages
– Spam messages blocked
– Viruses blocked
– Whitelisted messages
– Blacklisted messages

 

• Filter settings

In this section you can control filter settings for the domain and its users. If the Quarantine enabled option is turned off, the spam emails will be delivered to your inbox and will not be kept in quarantine system.
The following items can be changed here:

– Quarantine threshold – set a minimum score that email must receive in order to be classified as spam by the content analysis portion of the filter. The score ranges from 0.0 (certainly not spam) to 1.0 (certainly spam), so the higher this is set, the more likely you are to receive false negatives, and the less likely you are to receive false positives. It is set to 0.91 by default in order to avoid any possible mail delivery issues;
– Unsure notation threshold – set the minimum score that email must receive in order to be classified as unsure (and therefore notated) by the content analysis portion of the filter. The score ranges from 0.0 (certainly not spam) to 1.0 (certainly spam). This must be lower than spam threshold. The default value is set to 0.3;
– Skip SPF check – SPF is a common technology that allows the sender to indicate which IPs are allowed to deliver the email from the sender domain. This check can be disabled by ticking the box, however it is recommended to make it enabled to block spam;
– Skip maximum line length check – there are strict regulations on allowed line length in emails, which are automatically enforced by the email software. Some applications or badly developed scripts do not adhere to the official specifications thereby exceeding the maximum allowed line-length. This check can be disabled by ticking this box, however we recommend to keep it enabled to block spam;
– Unsure Notation – prepend this tag to the subject of emails which the filter could not strongly classify as not spam or spam. You need to leave this field empty not to prepend the emails. It is necessary to ensure the email are considered legitimate emails, you can use this tag to have them stand out and to report them as spam/not spam to further improve effectiveness of the filter;
– Quarantine response – you can set this option if you do not want senders to receive a bounce back email when their email gets blocked or quarantined. If this option is set to Accept the email, the SMTP response would be 2xx accept (the email has been acceepted for delivery) however it will still be blocked and shown in the Spam Quarantine. Since that technically breaks with the SMTP RFC specification, it’s not recommended.

• Report spam

This option allows you to report spam emails and as a result train spamfilter. You can upload an example of spam email in .eml format including the full headers and SpamExpersts additional headers.

  NOTE: you can upload any .eml file you consider as spam, but if this email has never passed through SpamExperts filter you will get a warning “The message you have uploaded never passed through our spamfilter”. Feel free to disregard it and proceed with .eml file upload.

 

• Report not spam

With this option you can report non-spam (ham) emails for training spamfilter. You can upload an example of ham email in .eml format including the full headers and SpamExpersts additional headers.

  NOTE: you can upload any .eml file you consider as ham, but if this email has never passed through SpamExperts filter you will get a warning “The message you have uploaded never passed through our spamfilter”. Feel free to disregard it and proceed with .eml file upload.

2) Email restrictions

• Attachment restrictions

With the help of this menu you can specify which emails should be blocked based on the extensions of the files attached to the email. Below you can find a list of default extensions you may enable but also you can add your own extension types.

If the email contains the file or attachment with blocked extension, the email itself will be blocked too and placed in Spam Quarantine.

Additional options include:

– Block password protected attachments – this option determines whether the system will block the emails with the attachments that are password protected like zip files;
– Block dangerous attachments – this option allows you to control whether attachments that contain executable files will be rejected or not. Keeping this option disabled you may expose your system to viruses.

• Email size restriction

By default the system uses the email size set by destination mail server, however in this section you can specify the maximum email size limits for incoming mail to be accepted by filtering system. After that you can choose the action should be taken for the oversized emails: either to be placed in quarantine or to be rejected.

3) Webinterface users

• Manage email users

On this page you can create and manage email users, connected with your domain name. Click Add button in order to add more users to SpamExperts Dashboard.

Before email user creation you need to make sure that the domain you are creating the email for already exsists on the server, and when setting the password for the user, it must contain at least one upper case letter or one digit, no spaces, and must be 6-25 characters in length.

The created users can log in SpamExperts Dashboard with these details, manage their specific mail settings and check their quarantine. On Manage email users page you can also do the following:

– Edit the user details (username and password);
– Delete email account from SpamExperts Dashboard;
– As a higher level user, you have ability to ‘Login as user’ to particular account;
– Enable Two-Factor authentication for user.

• Manage permissions

In this section you manage permissions for available sections in User’s SpamExperts Dashboard. Each of them usually can be accessed via 4 possible HTTP methods:

– GET method is used for viewing data;
– POST method is used for new entries creation;
– PUT method is used for existing entries modification;
– DELETE method is used for entries deletion.

On this page you may control permissions for users managed by you.

4) My account

• User’s profile

Here you can manage the settings for your account: change contact email address or password, enable/disable Two-Factor authentication in order to increase security of your account.

During account transfer from one server to another one, it is very important to keep your mail service working and SpamExperts filtering and routing your emails to the new server (if your hosting account is already activated there).

In order to achieve this, it is necessary to perform one basic step: to make your route on the old server use the hostname or IP address of the server your account will be moved to.
Once your account is transferred to the new server you need to make sure that email route settings are updated as well, otherwise SpamExperts will filter the emails and forward them to the old destination mail server indicated in email route, where account is no longer active. As a result, the sender will get a bounce back message that a sent email has not been delivered.
If you wish to avoid any downtime of mail service and get all the emails sent during the transfer to your inbox on the new server, the corresponding route should be created: go to SpamExperts Dashboard > Edit Route(s) menu > click Add route and insert the IP address or hostname of the new server your account will be hosted on.

After that you will have two routes that SpamExperts may use (with the old and new destination mail servers). If your new account is already active on the new server, it is recommended to delete the old email route. Also, you will need to check if the correct hostname (IP address) is indicated in email route settings on the new sever.

In case mail should not be routed through SpamExperts filter, you can change MX records for your domain to point to shared server (if you wish to use cPanel Webmail service without SpamExperts) or any other server directly (if you prefer using third-party mail service). The domains with custom (non-local) MX records will not be able to use SpamExperts.

This is it!

Need any help? Contact our HelpDesk

 

About Author