Tutorial: Configure the Best Spamassassin Settings in cPanel

How to configure Apache SpamAssassin within cPanel including a detailed guide to all the Spam Filter settings, including SpamAssassin Score. Now you can easily stop email spam!

If you are having problems with email spam, whether it be the occasional promotional mail, or 100’s or even thousands of emails spamming your inbox each hourEmail Spam Protection can help.

SpamAssassin is an open source Apache Project and is located in cPanel under the Spam Filter settings. The source was first made widely available back in April 2001. If you are more technically-minded and want to see how it has evolved over the years, you can see a full change history here.

It works by using a variety of spam detection methods, including:

  • Online Databases (DCC, Pyzor, Razor2)
  • Body phrase tests
  • Header tests
  • Character sets and locales

These spam detection methods are applied to email headers (an excellent guide to finding email headers) and content to classify the email using various statistical methods. They are designed to block unwanted email messages before they reach your inbox and evolve to combat the changing ways spammers get to your inbox.

It is a far cry from the keyword based spam detection systems used prior.

I will first go through a short cPanel tutorial showing how to enable the Spam Filter and then go through the different SpamAssassin configuration options.

How to Enable the SpamAssassin Spam Filter in cPanel

How to Enable the SpamAssassin Spam Filter in cPanel

At this stage, all you have done is enable the Spam Filter. When emails are received by you, messages with a score of 5 (default score) will be marked as spam.

If the email is found to be spam, the word ***SPAM*** will appear at the start of the subject field, as shown in the screenshot:

Marked as spam.
Marked as spam. © Screenshot.

Unless you configure SpamAssassin to auto-delete or move the spam to the junk folder (I’ll cover how to do this shortly), No other actions will occur, and the message will remain in your inbox.

How to Configure the SpamAssassin Score Setting

An email message spam score is calculated on a scale of 1 to 10. The higher the SpamAssassin Score, the more likely it is to be spam. If a message’s calculated spam score meets or exceeds the Spam Threshold Score, the system will label that message as spam.

The Spam Threshold Score and Auto-Delete Threshold Score (I’ll cover this shortly) are different, and as such do not affect each other.

How to Configure the SpamAssassin Score Setting

How to Configure SpamAssassin to Move Spam to Junk Folder (Spam Box)

When Apache SpamAssassin is enabled, you may want to move spam to a different folder. By enabling this option, any message above the Spam Threshold Score will be automatically moved into the “Spam” folder. You can then review the spam messages and adjust the Spam Threshold Score as necessary to fine tune it.

How to Configure SpamAssassin to Move Spam to Junk Folder (Spam Box)

How to Configure SpamAssassin Auto-delete

No email filtering system is 100 percent perfect (you can read an interesting discussion on the StackExchange about that here).

While spam filters try to catch all email that is spam, Spammers are continually adapting to create emails that are trusted not to be spam both by automatic filters and by humans themselves. For spammers, they try to create emails that can bypass the filters, looks legitimate, so it is opened, and look attractive enough so that a user clicks a link in the mail. It is a continuous battle.

As a result of the imperfection of email filters, I recommend that you do not use the auto-delete option unless you have to.

If you are having a particular problem with email spam, you can set the auto-delete score to be higher than the spam score. This way, you can still set the spam filter to be quite strict, and only delete the very worst spam.

How to Configure SpamAssassin Auto-delete

Additional Configurations (For Advanced Users)

Here, you are able to configure the following settings:

  • Whitelist emails
  • Blacklist Emails
  • Calculated Spam Score settings

I’ll go through each of these settings in turn:

How to Configure the SpamAssassin Whitelist

If you have an important client, friend, or just want to ensure you will receive a specific sender’s email, you need to whitelist their domain.

How to Configure the SpamAssassin Whitelist

How to Configure the SpamAssassin Blacklist

If you get repeated spam from any particular email address, such as a mailing list you cannot unsubscribe from, you can blacklist that domain.

How to Configure the SpamAssassin Blacklists

How to customize the Calculated Spam Score settings (Advanced Users Only)

This is where you can configure different scores for the hundreds of different tests and assign a score to that test. For example, you can check popular spam email lists, and set “10” score to the Calculated Spam Score to ensure any email caught by that test is always caught by your Spam Filter.

I do not recommend you change any of these settings, but I will walk you through a couple that you may wish to consider if you have a particularly bad problem with spam.

How to customize the Calculated Spam Score settings
Jonathan Griffin. Editor @ The Webmaster

Editor, SEO Consultant, & Developer.

Jonathan Griffin is The Webmaster's Editor & CEO, managing day-to-day editorial operations across all our publications. Jonathan writes about Development, Hosting, and SEO topics for The Webmaster and The Search Review with more than nine years of experience. Jonathan also manages his own SEO consultancy, offering SEO developer services. He is an expert on site-structure, strategy, Schema, AMP, and technical SEO. You can find Jonathan on Twitter as @thewebmastercom.

Read more about Jonathan Griffin on our About Page.