Managing junk TLDs in spam
I have a family domain and unfortunately at some point one of my elderly parents must have responded to some spam so over the years the volume of incoming spam has been quite high. I've set up global filters on keywords and this sends 90% of it to a spam folder, but the primary issue I have is that all these new junk TLDs seem to be vehicles for spammers and I get waves of spam from TLD domains (.best, .buzz, .top, .work etc) that I just want to delete without delivery based on their TLD alone. Currently I use a regex .+@.+\.xyz with the directive to discard, but as its in the Global Filters area that also filters for keywords, so it gets picked up by another filter string and delivered to the spam folder. Is there anyway to catch junk TLDs higher up the chain so they are deleted before the Global Filters get to processes them, or any other solution?
-
You can block spam from specific TLDs before your global filters are applied by using exim (the mail server) configuration or by setting up custom rules in cPanel’s email filter that process based on the sender's domain or TLD.
0 -
As an end user I don't think I can edit Exim (and likely don't have the skills).
By email filters do you mean filters attached to individual email accounts?
There is also Blacklisting, will that take regex like .+@.+\.xyz
I guess I'm trying to find what's upstream of of global filters that end users can access to deal with this issue.
0 -
If you only have access to cPanel and not root access to your server, Global Email Filters is your best bet. You would have more access to a higher level if you owned the entire server.
0 -
OK - where can I submit a feature request for this area as I think there could be an additional feature.
0 -
Features.cpanel.net in the top right corner! I also manage that area :D
What feature specifically were you looking to add?
0 -
I have Global Email filters that pick up keywords and send them to a Spam folder. This catches 90% of spam and I can eyeball them to ensure I'm not accidentally capturing legit emails. Once I have confirmed that my filters have worked I want to move some of the capture strings to a delete without delivery, ie discard message. The issue with Global Filters it seems is that if you have multiple filters they all act equally on each email, so if say I have a junk TLD > discard but that message also has 'tinnitus' which is a keyword in another filter it is delivered spam despite the discard directive. Perhaps both are True - is this the case? It would be great to have a hierarchy, even if its just two levels where discard is a priority, so it says "If it has user defined string with a discard directive (eg junk TLD > discard) then discard without further processing, else, go to next filter". You could build a seperate Discard Global Filter Set and a Keyword Filter Set. The Discard one sits upstream of Keyword. Hope this makes sense.
0 -
Thanks for the additional details. There's two ways you can handle the filters you create in Global Filters.
The first option, is what I think you have happening now, where you have multiple separate filters created that are all firing at once. There isn't a particular order as all those filters will be applied to any message that meets the criteria.
The second option sounds more like what you want to create, which is where you can click the "+" logo inside a new filter to add options. This will allow you to create and/or statements so the filters are handled in the order you'd like. I've attached a screenshot showing this:
Is that what you're looking to do?
0 -
Thanks, I already do the second option OR for individual filters.
The "Current Filters" list is I think where the issue might be. Here is an example of two filters:
Spam TLD > delete
Keyword capture > spam folder
As there seems to be no boolean options between Filters, I gather each incoming email is assessed against each filter? If so both are true? So the TLD I want to delete is in fact delivered as it has a capture keyword in the second filter.
0 -
Right - the filters work top down in the order they appear on the page.
0 -
The email filters system can be a bit opaque to an end user so I want to ensure I have the whole picture to address the issues I've mentioned in this post, so apologies for the long winded text. Please correct me if I'm wrong here.
I’m assuming this is how Email Filters works:
Inside Global Email Filters there is a process where you create ‘Filters’. Inside individual Filters you can create multiple Rules, ie match criteria that is processed.
You can create multiple Filters (I prefer to call them filter sets as they may contain multiple matches). Both Filter sets themselves and internally, their individual rules, can be ordered by drag and drop.
Filter Rules have AND/OR Boolean options, whereas the Filters themselves seem to be AND only, so all filters are processed (equally)? So if you have one filter that sends targeted mail to /dev/null and another below it that also matches a string in the email, that is also True and gets processed to a spam folder, for example.
So the issue is, how do you send some emails to /dev/null so they never appear in your email app, without them also appearing elsewhere, such as a spam folder you’ve set up.
Here is an example. I want all email with the TLD From: xxx.best to go to /dev/null which happens.
But the From: xxx.best email also matches a catchall Filter because it has “tinnitus” in the title (or any of 20 similar catch all criteria).
As you can see in the example below, when tested both are True and both get processed.
Filter 1 has a Rule > From: contains xxx.best - send to /dev/null
Filter 2 has a Rule > Subject: contains tinnitus - send to user spam folder
Result is below:
Headers charset "UTF-8" Save message to: /dev/null 0660
Deliver message to: "GLOBAL SPAM" @user.net
Filtering set up at least one significant delivery or other action. No other deliveries will occur.What I want is more like IF/ELSE where it says:
If From: contains xxx.best is True, process to /dev/null and do not process further
Else,
Process next filterIs there a way of achieving this through any means in cPanel for an end user?
0 -
Thanks for the clear description. I don't have a way to make if/then filter type statements on end user messages at this time. This sounds like it would be an excellent feature request if you'd like to submit one over at features.cpanel.net. I also manage that area and I'll be sure that gets seen by the team!
0
Please sign in to leave a comment.
Comments
11 comments