Skip to main content

Filtering spam

Updated

Nowadays, eighty to ninety percent of e-mail traffic consists of unwanted e-mail or spam. Spam can be annoying and clutter your mailboxes. For this reason, a spam filter called SpamAssassin is provided. This program filters all incoming e-mail before it reaches your inbox, so you experience as little unwanted e-mail as possible.

In addition to SpamAssassin, it is recommended to use an e-mail client that can also filter spam for you. This way, you have a double layer of protection. How to configure this depends on the e-mail client you are using. Often, you can find this information on the client’s website. It may also be enabled by default.

 

Preventing spam

It is always better to prevent spam rather than just filter it. You can partially influence this yourself. Here are some tips to help ensure that spammers do not discover your e-mail address:

  • Do not post your e-mail address on the internet, such as on forums, your website, or other publicly accessible places.

  • If you need to provide an e-mail address and do not trust the recipient, use a temporary e-mail address. You can, for example, obtain one via Maildrop.

  • Many websites use a general info@ address for contact purposes. These addresses are often targeted by spammers, so consider using an alternative or a dedicated contact e-mail address.

  • Never respond to spam messages, not even via unsubscribe buttons, as this usually confirms to spammers that your e-mail address is valid.

  • When sending an e-mail to a large group of people, use BCC. This hides all e-mail addresses from your recipients.

SpamAssassin does not filter e-mails larger than 5 MB. Therefore, some e-mails may not be flagged as spam by SpamAssassin due to their size.

 

Set up SpamAssassin

You can configure SpamAssassin via DirectAdmin.

Recommended Settings

  • Blocking strategy: Where should the spam go?
    • Send the spam to the user's spam folder
  • High score block: Would you like to delete high scoring spam?
    • Yes, block all spam scores higher than 15.
  • Global threshold: What score threshold do you wish to use?
    • Low (5.0) threshold.

1. Log in to DirectAdmin.

2. In the menu, go to 'E-mail Manager' → 'SpamAssassin Setup' and then choose your desired settings.

Screenshot 2025-08-27 at 13.38.22.png

 

Where should the spam go?

Decide what should happen with spam. Using 'Delete Spam' is not recommended if you cannot afford to miss any e-mails.

  • Inbox: Do not block spam e-mails. All incoming messages would go to inbox

  • User Spambox: Send the spam to the user's spam folder

  • Delete: Remove the spam from the server automatically

Screenshot 2025-08-27 at 13.44.36.png

Delete high-scoring spam

Here you can specify whether you want spam with a very high score to be deleted immediately.

  • No: Do not block high scoring spam. Use only global threshold
  • Yes: Block all spam scoring higher than custom high-score threshold
Screenshot 2025-08-27 at 13.45.59.png

Spam threshold

Every e-mail receives a score. The higher the score, the more likely it is to be spam. The threshold is the lowest value at which you want to mark an e-mail as spam. If you set it to 5, all e-mails scoring 5 or higher will be treated as spam.

The lower the threshold, the more spam you block, but the higher the chance that legitimate e-mails are mistakenly marked as spam. You can choose from 5.0 (low threshold), 7.5 (medium threshold), or 10.0 (high threshold), or enter your own value. The most suitable value for you is best determined over time.

We recommend 5.0 (low threshold).

Screenshot 2025-08-27 at 13.49.33.png

Rewrite subject

You can change the subject of spam e-mails to something else. This is useful for quickly identifying e-mails marked as spam.

  • No: Leave the subject unchanged
  • Yes: The subject you specify here will be applied to all incoming spam.
Screenshot 2025-08-27 at 13.53.19.png

Spam delivery

You can send spam as an attachment instead of forwarding it directly. This way, any dangerous code in spam messages will not be executed until you explicitly open the message.

  • Don't use attachments (not recommended)
    Incoming spam is only modified by adding some X-Spam- headers and no changes will be made to the body. In addition, a header named X-Spam-Report will be added to spam.
  • Use attachments
    Spam is included as an attachment in an e-mail.
  • Use text attachments
    The text of the spam is extracted and placed in an attachment—any potentially dangerous code cannot be executed this way.
Screenshot 2025-08-27 at 14.49.25.png

Blacklist and whitelist

You can add e-mail addresses to the blacklist to ensure that all messages from those senders go directly to spam. Conversely, you can whitelist addresses whose messages should always be delivered to your inbox. Simply enter an e-mail address in the input field; no commas or other separators are needed.

You can also add a 'wildcard'. *@example.com then applies to all e-mail addresses that end with @example.com.

Screenshot 2025-08-27 at 17.11.23.png

 

Determine spam threshold

Each e-mail receives a score from SpamAssassin. The higher the score, the more likely it is that the message is spam. In the configuration, you specify the score at which an e-mail should be treated as spam. This 'threshold' depends on your preferences and the type of e-mail you receive.

The simplest approach is to determine the threshold by trial and error. If you receive a lot of spam in your inbox, lower the threshold. If too many legitimate e-mails are being marked as spam, raise the threshold. In most cases, a setting of 'medium' (7.5) or 'low' (5.0) works best.

You can also check the score SpamAssassin assigns to individual e-mails and adjust your threshold accordingly. To do this, open the source or 'headers' of the e-mail from within your mail program. These contain information about the score SpamAssassin has given the message. Below is an example:

...
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.2.2 (2007-07-23) on
	s01.webhostingserver.nl
X-Spam-Level: ***************
X-Spam-Status: Yes, score=15.9 required=3.5 tests=BAYES_99,
	DATE_IN_FUTURE_96_XX,FB_QUALITY_REPLICA,FS_REPLICA,HELO_DYNAMIC_SPLIT_IP,
	HTML_MESSAGE,RDNS_NONE,REPLICA_WATCH autolearn=spam version=3.2.2
X-Spam-Report: 
	*  3.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%
	*      [score: 1.0000]
	*  0.1 RDNS_NONE Delivered to trusted network by a host with no rDNS
	*  3.5 HELO_DYNAMIC_SPLIT_IP Relay HELO'd using suspicious hostname (Split
	*      IP)
	*  1.0 FS_REPLICA Subject says "replica"
	*  1.4 DATE_IN_FUTURE_96_XX Date: is 96 hours or more after Received: date
	*  2.9 FB_QUALITY_REPLICA BODY: Phrase: quality replica
	*  3.4 REPLICA_WATCH BODY: Message talks about a replica watch
	*  0.0 HTML_MESSAGE BODY: HTML included in message
...

As you can see, there is a detailed explanation of why this e-mail (which is trying to sell a fake Rolex) was flagged as spam. In addition, this e-mail received a score of '15.9.' Since the threshold that was set (in this case 3.5) is lower than or equal to 15.9, the message was marked as spam.

So, if you still receive this e-mail in your inbox, you need to set the threshold below 15.9. If, on the other hand, this had been a legitimate message, you would have needed to set the threshold above 15.9.

Setting the threshold too low will result in many legitimate e-mails being flagged as spam. For this reason, always consider moving such e-mails to the account's spam folder rather than deleting them outright. This way, you can always recover legitimate messages if needed.

 

Disabling SpamAssassin

You can also disable SpamAssassin. In DirectAdmin, follow these steps:

1. In the menu, go to 'E-mail Manager' → 'SpamAssassin Setup'.

2. Click 'Disable SpamAssassin'.

Screenshot 2025-08-28 at 09.01.52.png

Note: If you change any settings and click 'Save', SpamAssassin will be re-enabled.

 

Managing spam filters

In addition to SpamAssassin, DirectAdmin also offers the option to filter specific messages. You can filter by word, e-mail address, or message size for example.

 

Making a spam filter

You set the filters as follows:

1. Log in to DirectAdmin.

2. In the menu, go to 'E-mail Manager' → 'Spam Filters'. 

3. Next, you can create four types of filters:

  • E-mail:  You can filter all e-mails from a specific e-mail address. Enter the address and click 'Block'.
  • Domain: You can filter e-mails originating from a specific domain. For example, if you only receive spam from the domain spam.com, enter spam.com and click 'Block'. Note, however, that this will also block partial matches containing spam.com. E-mails from domains like nospam.com will also be blocked. If you want to block only a specific domain, consider using SpamAssassin and configure it to block @spam.com.
  • Stop word: If you notice that a particular word always appears in spam messages (in the subject line or body), you can block all e-mails containing that word. Enter the word and click 'Block'. The keyword filter also applies to partial matches. For example, if you enter cat, it will also filter out catalog. To prevent this, you can enter * pap * (with spaces around it) instead.
  • Size: You can also block large e-mails. Enter the maximum number of KBs you wish to receive (1 MB = 1024 KB) and click 'Block'.
Screenshot 2025-08-28 at 10.19.17.png

4. You can also change two more options.

  • Adult Filter: Check the box to enable it. E-mails containing 'adult' words will be filtered out.
  • Action for filter matches: You can choose between two actions for filtered messages. To permanently delete them (Drop E-mail) or forward them to the spam folder using 'Send to spambox'.
Screenshot 2025-08-28 at 10.20.11.png

 

Removing an e-mailfilter

To remove a filter, you do the following:

1. In the menu, go to 'E-mail Manager' → 'Spam Filters'.

2. Select the filters you want to remove and click 'Delete'.

Screenshot 2025-08-28 at 10.30.30.png