In this tutorial we are going to explain what is email filtering and best practice to use it. We have found through experience, if this feature is not used properly, you can lose important emails. Please pay close attention to the filter rules and make them as explicit as possible. Loosely defined rule can filter more emails than you may have originally intended.
We start by assuming that you have already logged into your cPanel account. There are two icons in the Email section of cPanel as shown marked in the screen shot below:
Global Email Filters: The rules created under here apply to all incoming emails for your domain. The rules here are processed first before going to User Level Filtering. If you want a rule to apply to all emails, you will create them here.
Email Filters: Here you can set filter rules for individual email accounts. You can create rules that are for specific email addresses and will not have any impact on others. If there is a particular email that is having too much junk email, you can create rules here for it.
The rule creation is same for both levels so we’ll just talk about it once. Let’s go to Email Filters and then clicking on Create a New Filter button.
When creating filters, please choose a specific Filter Name.
Under Rules you can add as many rules as you like by clicking on the + sign in front of the rule. The rules are processed one by one and based on the condition (and / or) the rules are matched with the incoming email. The rules can apply to specific parts of email: From, Subject, To, Reply Address, Body, Any header, Any recipient etc. And you can set the condition for the rule such as equals, matches regex (this is advance feature of regular expressions), contains, does not contain, begins with, ends with etc.
Mortgage Filter Rule: For the example here we are creating a rule that if we find the word “mortgage” in the subject line of emails, and the email comes from any of the three free email providers (yahoo.com, hotmail.com, gmail.com) then we will discard the email.
Actions: There are a number of actions you can take and can also create multiple actions for each filter by using the plus sign. If you do not want to receive the emails that match the rule, “Discard Message” is the best option. If you choose “Fail with message”, it will try to send email back to the spammer which can be spoofed and your message may go to an innocent recipient who may not have originally sent that email. That is why we recommend that you choose Discard Message to simply drop the message and take no further action.
You can be very creative here but if your filter is too generic, anything can be caught in it. For example if you try to match a small word but it is also part of a larger word then the rule will work and filter other emails as well. Example: Test will match Testing if your condition is “contains” because Testing contains Test.
Click Create button to create your new filter. You’ll get a message that filter has been created. Click on “return to the filters list” to see your new filter listed.
Let’s create another filter. This time we are going to filter a phrase from the spam we just received. The body of the email contains “% off retail price”.
Now we have two filters. We can re-order the filters by dragging any filter row up or down the list. The ordering is important as these filers are applied to incoming emails in the order they are listed here.
Testing Filters
You should always test your email filters to make sure they are working as intended. The Filter Test text area allows you to compose a test email. You can set To, From, Subject and the body of the email and click Test Filter to test that email.
Let’s test our filters. First we are going to test if the email is coming from your bank and is talking about mortgage. Change the From to your bank’s domain. And add the word mortgage in subject.
When we click Test Filter, the result shows that “header_subject” matches our keyword mortgage. However that was not the only rule in that filter, the rule set also said and From contains one of those free email providers. So it says Normal delivery will occur.
Let’s test it again and this time change the From email address by using one of the free email providers we added in our rules.
When we test it this time, the rules match and it says “Save message to: /dev/null 0660”. This indicates that the message will be discarded to bit bucket of /dev/null. And the last line that says “No other deliveries will occur” means there is no further action.
That is all it is to email filtering. Happy filtering! Let us know if you face any problem or need any assistance.