Email filters are used to create rules for how incoming emails should be processed. They are mostly used to block emails from a specific email address or to weed out spam.
cPanel has two interfaces for email filters:
Both interfaces are identical. In this article we only look at managing filters for a single email address, but the same principles apply to global email filters.
Image: the ‘Email Filters’ interface shows all email addresses. Click on ‘Manage Filters’ to create or edit filters for an email address.
The Manage Filters link will take you to a page where you can create a new filter. You can also edit or delete any existing filters and test filters. We will look at testing a filter rule later. First, we should create some filters: click the Create a New Filter button to do so.
The form to create a filter rule has three parts:
The Filter Name is the administrative name for the filter. The name can be anything you like and is used purely for you own reference. When you got lots of filter rules it is handy if the filters have names that describe what they do.
The Rules fields define what should be matched. There are two drop-down lists and a text field:
It is possible to create multiple rules by clicking on the Plus button. In general, though, this is not recommended. Simple rules are easier to administer and are processed faster.
Similarly, if you know your regular expressions you may be tempted to use the “matches regex” operator. As a rule of thumb, you should only do this if the standard operators are unworkable for what you are trying to achieve.
If an email matches a rule some action needs to be taken. You can select an action from the drop-down list. Actions include “discard message”, “fail with message” and “deliver to folder”.
The default action is “discard message”. This option will purge the email, and the sender will not receive a bounce message. Often, “fail with message” is a better option. The email will still be purged, but the sender will receive a bounce message. You can enter a custom bounce message, such as “Your email has not been delivered because it looks like spam”.
cPanel’s email filters are quite flexible. To give you an idea of what you can do we will give you a few examples. Along the way we will talk about some common pitfalls as well.
The below example shows a filter rule that purges all emails from email@example.com.
Image: discarding emails from firstname.lastname@example.org.
As you can see, the rule is as follows:
Name: Discard Evil Corp (email@example.com)
Rule: From contains firstname.lastname@example.org
Action: Discard message
If you instead want to block all emails from the domain evilcorp.biz you could change the rule so that it matches @evilcorp.biz:
Name: Discard Evil Corp (@evilcorp.biz)
Rule: From contains @evilcorp.biz
Action: Discard message
If you want you can even block the .biz top-level domain (TLD). In that case you want to use the “ends with” operator to only match strings that end with “.biz”. By only matching the end of the string you make sure you don’t accidentally block emails that have “.biz” elsewhere in the email address. For instance, you don’t want your rule to match “email@example.com“.
Name: Discard .biz
Rule: From ends with .biz
Action: Discard message
With the latter rule there is of course a risk that genuine emails are purged. The .biz domain is widely used by spammers but there are legitimate users as well. Discarding an entire TLD because you are receiving lots of spam emails from certain TLDs is a very crude way of battling spam. We don’t recommend it.
The below image shows an example of another bad filter rule. We are looking for the string “bitcoin” in the body of the email, and if it is found the email will be purged (without a bounce message). As an aside, the string is case-insensitive: it will also match stings like “Bitcoin” and “bItCoIn”.
Image: discarding emails containing the string “bitcoin”.
The idea here is to weed out sextortion emails. This is common type of spam / scam email that claims the sender has hacked your computer and used your web cam to make an embarrassing video of you. Typically, these emails demand a payment in Bitcoins. You should always ignore these emails and there is no issue with letting the mail server purge the emails. However, there is an issue with creating a rule that simply purges any email containing the word “bitcoin”.
Why? Well, the string ‘bitcoin’ can appear in a legitimate email. A friend or colleague may make a joke about investing in Bitcoins, for instance.
There are many other word that should not be simply blocked. The most famous example is the string “sex”. Simply blocking that string will also purge emails that contain the strings “Essex”, “Sussex” and “Middlesex”, among many others. This type of unintentional blocking is known as the Scunthorpe problem.
In general, if you want to match words in the body of an email then it is best to use the “Deliver to folder” action. Selecting that option will let you select a folder, such as your Spam folder. That way the emails won’t be purged and don’t appear in your inbox.
Image: delivering bitcoin emails to the “Spam” folder.
So far we have looked at blocking emails. That is not the only function of filter rules; you can also use filter rules to for instance deliver emails from certain senders to specific folders.
For the below example we created an email folder named “Unicorns”. The filter delivers all emails from @unicornfactory.ru email accounts to the Unicorns folder.
Image: delivering unicorn emails to the “Unicorns” folder.
For this article we have created three filters:
You can see your filter rules under Email Filters > firstname.lastname@example.org > Manage Filters.
Filter rules are processed in order: the first rules is processed first and the last rule is processed last. If you have lots of filter rules you may need to make sure that the order makes sense. For instance, the Unicorns rule should probably come before the bitcoin rule. An email from an @unicornfactory.ru address should be delivered to our “Unicorn” folder, even it contains the string “bitcoin”.
In practice, though, both filter rules will be processed. The Email Filters page has a handy “filter test”. You can use this to check how an email would be routed. In the below screenshot we are testing an email from email@example.com that has the word “bitcoin” in the body of the email:
Image: testing our filters.
In this case the rule is matched twice and the email is delivered twice: to the Spam folder and to the Unicorns folder:
Image: the result of the filter test.
The output of the test isn’t very pretty and readable. However, it does show that two filters were matched. The most important information are the two “Deliver message to” lines. It shows that the test email would be delivered to both the “spam” and “Unicorn” folders.
This is counter-intuitive but it is how cPanel handles filter rules. In fact, the same happens when the bitcoin rule discards emails containing the string “bitcoin”. Odd as it sounds, the email will first be discarded and then delivered to the “Unicorns” folder. In other words, filter clashing are rare. Still, it is good practice to have a logical order in the filter rules.
Finally, the last example shows a good use-case for having multiple filter rules. To avoid the clash between the two filters you could have two rules, as shown in the below screenshot:
Image: a filter with two rules.
The filter is only applied if two rules are matched:
Rule 1: Body contains “bitcoin”
Rule 2: From does not contain “@unicornfactory.ru”
In other words, any emails with the word “bitcoin” in the body will be purged, apart from emails sent from an @unicornfactory.ru address. As mentioned before, we recommend keeping rules simple, but if you need to you can create more complex rules.