cPanel uses Apache SpamAssassin to scan incoming emails and assign each one a spam score. Emails that exceed the threshold score are flagged as spam or automatically deleted. Adjusting this score lets you control how aggressively the filter catches spam.
How SpamAssassin Scoring Works
Every incoming email is analysed and assigned a spam score based on factors like:
- Suspicious keywords and phrases
- Missing or invalid sender authentication (SPF, DKIM)
- Formatting patterns common in spam
- Blacklisted sender addresses or domains
- Header anomalies
| Score | Likelihood |
|---|---|
| 0–2 | Almost certainly legitimate |
| 3–4 | Probably legitimate |
| 5 (default threshold) | Borderline — may be spam |
| 6–8 | Likely spam |
| 9+ | Almost certainly spam |
Steps to Adjust the Spam Threshold
Step 1: Log in to cPanel
Navigate to yourdomain.com/cpanel or log in via the Cynet client area at manage.cynet.com.my.
Step 2: Open Spam Filters
In the cPanel dashboard, scroll to the Email section and click Spam Filters.
Step 3: Enable SpamAssassin
Ensure Apache SpamAssassin is toggled On (enabled). If it's off, click the toggle to enable it.
Step 4: Adjust the Spam Threshold Score
- Click Spam Threshold Score (or "Configure SpamAssassin")
- You'll see a slider or dropdown to set the score threshold
- Adjust based on your needs:
| Goal | Recommended Score |
|---|---|
| Aggressive filtering (catch more spam, risk false positives) | 3–4 |
| Default / balanced | 5 |
| Lenient filtering (fewer false positives, more spam may pass) | 7–8 |
| Very lenient (only catch obvious spam) | 10 |
- Click Update Scoring Options
Tip: Start with the default score of 5. If too much spam gets through, lower it to 4 or 3. If legitimate emails are being flagged, raise it to 6 or 7.
Auto-Delete Spam (Optional)
You can configure SpamAssassin to automatically delete emails that exceed the threshold instead of delivering them to spam/junk:
- On the Spam Filters page, find Auto-Delete Spam (or "Move to Spam Folder")
- Toggle it On to automatically discard detected spam
- Alternatively, keep it Off to have spam delivered to the Junk/Spam folder for manual review
Warning: Enabling auto-delete means flagged emails are permanently removed without delivery. If your threshold is too aggressive, you may lose legitimate emails. We recommend keeping auto-delete off until you're confident your threshold is correctly tuned.
Configuring Additional SpamAssassin Settings
Blacklist Specific Senders
Block emails from specific addresses or domains:
- On the Spam Filters page, click Additional Configurations (or "Show Additional Configurations")
- Under Blacklist (block), add addresses:
[email protected] — Block a specific address - @spamdomain.com — Block an entire domain
- Click Save
Whitelist Specific Senders
Prevent emails from trusted senders from being marked as spam:
- Under Whitelist (allow), add trusted addresses:
[email protected] — Allow a specific address - @trustedcompany.com — Allow an entire domain
- Click Save
For a more comprehensive guide on whitelisting, see How to Whitelist an Email Address.
Choosing the Right Sensitivity Level
Lower the score (more aggressive) if:
- You're receiving a lot of spam in your inbox
- Your inbox is flooded with marketing or phishing emails
- You don't mind occasionally checking your Spam/Junk folder for false positives
Raise the score (more lenient) if:
- Legitimate emails from clients, suppliers, or services are being flagged as spam
- Important transactional emails (invoices, receipts, confirmations) are going to spam
- You'd rather receive some spam than risk missing a real email
Per-Account Spam Settings
The SpamAssassin settings in cPanel apply to all email accounts on your domain. If you need per-account spam handling:
- Individual users can create email filters in cPanel → Email Filters to handle spam for their specific account
- Users can also manage their own whitelist/blacklist in Roundcube Webmail (see How to Whitelist an Email Address)
Troubleshooting
Legitimate emails going to spam
- Raise the threshold score to 7 or 8
- Whitelist the sender in SpamAssassin settings or Roundcube
- Check if the sender's domain has valid SPF and DKIM records — missing authentication often triggers spam scoring
- Ask the sender to check their email deliverability
Spam still getting through
- Lower the threshold score to 3 or 4
- Blacklist repeat offender addresses or domains
- Ensure SpamAssassin is actually enabled (check the toggle)
- Some spam is designed to evade filters — no filter catches 100% of spam
Emails disappearing (not in inbox or spam)
- Check if Auto-Delete Spam is enabled — it may be deleting emails before delivery
- Disable auto-delete and check the Spam/Junk folder instead
- Review cPanel → Track Delivery to see if emails are being received and where they're routed
SpamAssassin not available
- SpamAssassin is included on all Cynet shared hosting plans
- If you don't see it in cPanel, contact Cynet support to verify it's enabled on your server