With all of our Plesk; shared hosting, octoid managed WordPress, managed cloud virtual servers, or dedicated metal packages: you have the ability to enable spam protection using Apache SpamAssassin.
Here are some important things you can do to the settings in Plesk to improve spam recognition.
Note: Many of the steps would be the same regardless of the control panel you are using.
Enable Spam filtering
Note: By default, your spam filter should already be enabled. Follow along anyway in case it's not.
- Start by logging in to Plesk. If you have more than one hosting account hosted on the same server, select the correct subscription using the drop down at the top-right of the page.
- Go to the Mail tab on the left.
- Select the mail account you wish to configure from the list.
- Do this by clicking on the link to the mailbox under the column marked Email address.
- Choose the Spam Filter tab.
- Select the option to Switch on spam filtering for this email address,
- Choose what you wish to do with spam when it is detected. We recommend the option to Move spam to the Spam folder.
- Click the OK button and your spam filter will now be enabled.
Note: Apache SpamAssassin is configured per mailbox, and not per domain.
Watch out for mislabeled spam folders! Many mail apps will try to use a folder called "Junk" or "Junk E-Mails" rather than Spam, and Because those folders aren’t named correctly as "Spam", the messages will not be trained properly. To fix this, simply delete the other folders, and create a new folder called Spam. If you are using POP accounts, then you will need to do this through your webmail.
Configure Filter Sensitivity
Follow steps 1-8 above, then expand the Show Advanced Settings section. Here you can set your Spam Filter threshold. Although 7 is the default, we find it to be extremely conservative.
If you’d like Gmail or Hotmail-level spam filtering where occasionally legitimate messages get filtered to Spam, but you get very little spam in your inbox, enter a value of 1.5.
If you want a nice balance where some spam might reach your inbox and legitimate email is unlikely to be filtered to Spam, enter a value of 3.
How does it work?
If you’ve configured Plesk to mark the message (change the subject), then when an incoming email is believed to be spam, the subject of the email will be prepended with *****SPAM***** or whatever text you specify.
If you’ve configured Plesk to move the spam to the Spam folder, then it will do exactly that. Note that the Spam folder is only visible via webmail or if you connect to the email server via IMAP. If you wish to train your spam, but connect via POP, then you’ll need to do your training in webmail.
The spam filter will check all your incoming emails against a massive database of common attributes often found in spam. Each attribute is paired with a weight indicating roughly how often that attribute is found in spam emails. For example, if an email with the word 'Dating' is found to be spam 90% of the time, but an email with the phrase 'Fat burn' is only confirmed to be spam 30% of the time, the word 'viagra' will carry a higher weight. This also works in reverse - if there are positive attributes to your email, that are rarely (or never) found in confirmed spam, then those attributes will be a negative weight.
All of these scores are added up at the end of the checks to give the message its final spam score. The lower the score, the less likely the message is spam. If the score breaches the threshold you set above in the sensitivity section, then the message is either moved to the Spam folder or marked as spam according to your configuration.
Note that you can adjust the threshold score by following the directions above to reach the Spam Settings and selecting "Show Advanced Settings".
Clever spammers can get around this…
There’s just one major problem with how this works. Since the spammy attributes are public knowledge, all a spammer must do to get around the filter is to avoid those attributes when sending out emails.
As an example, let’s say that most of the spam emails you receive are trying to sell you premium software like Microsoft Office for Businesses, but because the spammer has avoided spammy attributes, the messages only score a 1.0 when your threshold is 3. Thus every time they send you an email, it’s never marked as spam and your premium software spam starts collecting in your inbox. How do we fix this? Training.
Training your spam filter
By training Spamassassin, you’re giving it information about what kinds of spam and what kinds of non-spam email you normally receive. This way it can start to detect patterns specific to your spam (and non-spam).
Classify Spam
All you must do is move any spam messages you received into the folder called Spam. All messages moved to the Spam folder will be automatically scanned and trained nightly. This means you must leave the Spam messages in the Spam folder for 24 hours before removing them, otherwise the classification will not occur.
Classify Non-Spam
This also works the opposite way! If you wish to train the filter to understand that a message that went to spam is not actually spam, you can move it to the inbox, then leave it there for 24 hours and the filter will learn that you believe the message isn’t spam after all. Note that it may take classifying a number of similar looking messages to ensure future messages like them do not go to spam, in other words, this doesn’t instantly apply to all future messages, though you *can* use the whitelist function in Plesk to make it happen instantly if you wish.
If you connect to your email account via POP, you won’t be able to train in your mail application. You may train the spam via webmail or switch to an IMAP connection instead.
Troubleshooting
Click here to learn the best way to troubleshoot ongoing issues with spam, after you’ve already completed at least a week’s worth of training as described above.
Each of your Plesk email accounts has their own login to Plesk that’s limited to just managing their own mail account’s settings. You can send your email users to your server’s Plesk URL and have them login with their email address and email password so they can train their own spam. Your Plesk URL can be found in your address bar once you’re logged in; for our shared servers it looks something like: https://neo.cloudmatrix.co.za:8443
Enterprise option
We also have an enterprise spam filter available, which uses machine learning and leverages a cloud relay to train spam across a larger sample of incoming emails. To get it configured, you can enable the addon from the client area on your hosting plan under Actions --> Upgrade/Downgrade Options
