How to configure Spam Filters in cPanel

cPanel Spam Filters helps detect unwanted email before it reaches your inbox as normal mail. Use it when you receive repeated promotions, suspicious messages, or phishing attempts in accounts created inside your shared hosting account.

The safest approach is to start by marking and separating spam, not deleting it immediately. That lets you review false positives before you enable automatic deletion.

Before you start

• Have access to cPanel for the account where your email accounts live.
• Confirm which mailboxes receive spam and whether the issue affects one account or the whole domain.
• Check your email from Webmail or a client such as Outlook so you can confirm the changes.
• If you use an external email service, verify first that the mailbox is actually managed in cPanel.

Enable spam filtering

1. Log in to cPanel.
2. Open the Email section.
3. Click Spam Filters.
4. Enable Process New Emails and Mark them as Spam if it is turned off.
5. Keep the initial threshold at a moderate value, such as 5, while you watch the results.

With this setting, cPanel can mark suspicious messages so they are easier to identify. A lower number is usually stricter and can catch more spam, but it also increases the risk of marking legitimate messages.

Separate spam before deleting it

1. Inside Spam Filters, enable Move New Spam to a Separate Folder or Spam Box, depending on the label your cPanel shows.
2. Open Webmail and look for the spam or junk folder.
3. Review that folder for a few days before enabling any automatic deletion option.
4. If you find legitimate messages, adjust the threshold or add trusted senders to the allowed list.

Avoid enabling Automatically Delete New Spam on the first day. That option can remove messages you still need if the threshold is too aggressive.

Adjust allowed and blocked lists

1. In Spam Filters, open the additional or advanced configuration.
2. Use the allowed list for trusted senders or domains that cPanel marks by mistake.
3. Use the blocked list for senders or domains that always send spam.
4. Save the changes and check that each entry uses the correct format, for example person@example.com or *@example-domain.com if cPanel allows it.

Lists help with specific cases, but they do not replace good DNS configuration or safe habits. If many messages arrive from different domains, adjust the threshold and also review SPF and DKIM.

Verify that the filter works

• Suspicious messages appear marked as spam or reach the separate folder.
• Legitimate emails still arrive in the main inbox.
• There are no important messages in the spam folder after several days of review.
• The visible spam volume in your inbox drops without affecting replies from customers, providers, or forms.

Common errors

• Good messages appear as spam: the threshold is too strict or a trusted sender is missing from the allowed list.
• Spam still reaches the main inbox: filtering is off or the threshold is too permissive.
• You cannot find expected emails: check the spam folder before enabling automatic deletion.
• You blocked a whole domain by mistake: remove the rule from the blocked list and test with one specific address.

Recommended reading

• Block spam that reaches email
• Configure email filters in cPanel
• Why am I not receiving emails?