You don’t spam people. But your mail lands in spam folder anyway.

That can be quite aggravating when you’ve paid good money to setup anti-spam checks and whatnot in your cPanel hosting panel.

Here at Bobcares, we help cPanel users fix such issues as part of our Outsourced Tech Support services for web hosts & digital marketers.

cPanel users complain that even after they’ve enabled spam checking, box trapper, authentication, and more, their business mails still land in the spam folders of Gmail, Hotmail, etc.

There would be no apparent explanation for this. For eg. mail server IP won’t be blacklisted.

So, why do cPanel emails go to spam folder?

 

What causes cPanel emails to land in spam folder?

Mail servers use a wide array of anti-spam checks to keep out spam.

This includes IP reputation check, message composition, RFC compliant SMTP handshake, mail user feedback, and more.

All these checks together produce a spam score that determines whether a mail is spam or not.

We’ve seen that some mails, while legitimate, produce a low spam score because of the poor reputation of the server IP network, message encoding, message headers, etc.

So, large mail providers err on the side of caution and mark a low spam score email as spam.

 

How to prevent cPanel mails to go into spam folder

Mail servers mark a mail as spam based on “spam” and “not-spam” scoring.

To prevent mails from being tagged as spam, we need to boost the “not-spam” signals, and cut down possible “spam” signals.

Here are the top 7 ways we do it:

 

1. Setup FCrDNS (Forward Confirmed Reverse DNS)

The vast majority of spam mails are sent from infected PCs or poorly maintained mail servers.

These servers and PCs usually have a sloppy hostname and an IP that doesn’t have a PTR record.

Many mail services providers (like Hotmail) use this as an important indicator of spam source.

So, we avoid this spam score by setting up FCrDNS, which means:

• The mail server IP will have a PTR record pointing to the server name. For eg. if the IP is 1.1.1.1, it’ll point to ServerName.com.
• The server name will point to the IP assigned to the server. For eg. ServerName.com will point to 1.1.1.1.

This will complete the full DNS loop, and many service providers consider this as an indicator of a well maintained mail server.

 

2. Configure SPF and DKIM DNS records

Spammers often use fake “From” email IDs to make customers click on a phishing link. This is called spoofing.

Mail servers fight against this by using DNS records called SPF (Sender Policy Framework) and DKIM (DomainKeys Identified Mail).

SPF and DKIM records list the authorized mail sending IPs for a domain and decryption keys for encrypted headers. Receiving mail servers use this to check if an incoming mail is valid.

If there are no SPF or DKIM records defined, receiving mail servers will have work with the assumption that the sender may be fake.

It can result in the mail getting tagged as spam if the email content has spam like content (links, flashy images, etc.).

 

How to enable SPF and DKIM records in cPanel

cPanel do not enable SPF & DKIM by default.

We set this up in customer accounts by going to cPanel –> Email –> Authentication.

This will enable the basic security setting, but many customers need additional settings like including company mail servers, setting up hard fail, etc. We achieve that using the Advanced DNS Editor.

Note : This will only work if the cPanel server acts as the name server as well.

 

 

3. Enable anti-spam scans in outgoing mail

cPanel by default scans only incoming mails as spam.

It uses several high quality algorithms to check if the incoming mails contain spammy links, images, text or attachments.

We turn on this stringent spam checking on outgoing mails as well.

In that way, if a mail contains any chance of being tagged as a spam by Gmail, Hotmail, etc., the mail won’t be sent.

The email user will have a chance to modify the message based on the Spam Score.

 

How to enable outgoing mail spam scanning in WHM

This can be enabled in WHM by going to WHM –> Service Configuration –> Exim Configuration Manager –> Apache SpamAssassin Options –> Scan outgoing messages for spam.

Note that the default spam score can result in a lot of legitimate mails to bounce.

We tweak the settings over a few days to make sure the transition won’t affect real business operations.

 

 

4. Prevent malware infection

All major mail service providers keep historical records of IP reputation.

So, it is important to keep your server out of IP blacklists. If it is listed once, it’s likely to have a slightly higher spam score than IPs that were never listed.

To prevent IP blacklisting, we take these measures:

• Implement a web application firewall to prevent website infection and malware upload. So spam scripts never reach the server through vulnerable websites.
• Setup malware scanning that’s triggered every time a new file is uploaded. In this way, spam scripts uploaded through FTP and cPanel will be removed.
• Allow only Exim and Mailman to send outgoing mails. This will prevent any spam scripts that evaded detection from sending spam.
• Limit the mails sent per hour per user. With such a limit, even if an email account is hijacked by a spammer, only a limited amount of spam will leave the server, thereby avoiding IP blacklist traps.
• Setting up feedback loops, and DMARC spam reporting IPs. This gives us an early warning of a potential spammer in the server, and allows us to take corrective actions before the IP is blacklisted.

 

5. Choose an IP block of good reputation

Some blacklists block entire IP ranges when they consistently send spam.

So if your server neighbors send spam or has a history of sending spam, your IP’s spam score might be high.

You can see your IP’s and IP range’s spam score from websites such as senderscore.com.

When we see that an IP block has a history of blacklisting, we recommend changing it to an IP with better reputation.

 

6. Use dedicated IPs for bulk mailers

Mail volume and bounces may act as an indicator of spammy behavior.

We’ve seen bulk mailers using shared server IPs to blast thousands of marketing mails.

In such a system, even if one bulk mailer fails to implement best practices (eg. unsubscribe link), the spam score of all users in the shared IP will be affected.

That is why we recommend bulk mailers to use a dedicated IP.

A dedicated mail IP can be setup by entering the domain name in the /etc/mailips file, like this:

bulksender.com: 10.0.1.2

Note: Dedicated IPs can also get blacklisted if the bulk mailers do not follow good practices like pruning the subscribers list off bounce IDs, using an unsubscribe header, etc. So, we monitor mail bounces, and advice customers if it goes high.

 

7. 24/7 monitoring and periodic server security audit

Every mail bounce is a potential indicator of trouble.

That is why we monitor our customer servers 24/7 for spam activity or IP reputation issues. Some of these checks are:

• Mail queue size – If the mail queue size grows by more than 50% in a short time, that may be an indication of spamming.
• Mail bounce rate – If the number of mail bounces (or mail failures) increase quickly, that can indicate spamming.
• IP blacklist check – We monitor close to 200 blacklists to check if our customer’s server IP is listed. If it is, we quickly delist it before business mails are affected.
• Sender feedback loop – We setup reports through DMARC DNS records and feedback loops which will notify us of suspicious activity in our server way before IP blacklists are alerted.

Along with these, we periodically audit mail server security settings such as web server mail restrictions, IP whitelists, sender allow lists, and more that can be abused by spammers.

We remove old users, unused mailing lists, expired sender limit relaxations, etc. that works as an unguarded door into the server.

 

Conclusion

cPanel email can land in spam boxes of Hotmail, Gmail, etc. if anti-spam best practices are not followed. Today we’ve seen the top 7 anti-spam measures our Hosting Support Engineers implement in cPanel servers to ensure good mail server reputation.