Prevent SPAM issues on your server
A major part of cleaning up your server after a SPAM issue is to prevent it from happening again. It's been our experience that there are only a few root causes of outgoing email spam. Below are some common causes of email SPAM and ways to prevent them.
A compromised email account
If an email account/mailbox in the server has a weak password, or the password was compromised, a malicious third party will use that mailbox to send mail.
- Reset the passwords for all email accounts on the server to strong, random passwords. Take special note of email accounts that are receiving a large amount of bounceback messages.
Unprotected forms on a website
Many sites use forms, like new user signups or contact forms, that trigger an email message when they're submitted. If the form isn't protected with a captcha or challenge of any kind, they can be compromised and used to send SPAM.
- Use a captcha or challenge. This prevents automated "bots" from using your form to send SPAM.
- If your site uses a CMS like WordPress or Joomla, make sure all plugins/extensions are up-to-date and remove any you no longer use.
If your CMS is out-of-date, malware files can be uploaded and used to send thousands of email messages by taking advantage of PHP's mail() function.
- Update all CMS core, plugin, extension, and theme files to the latest stable versions.
- Set all sites to use the latest PHP version. EOL (end-of-life) versions may have unpatched vulnerabilities that can be exploited to send SPAM.
- Use a malware scanner to check your site's files for any signs of a compromise. Website Security is an easy-to-use tool to keep your site protected from malware.
Email forwarding accounts
SPAM issues can quickly get out of hand if you use email forwarding. If a malicious third party decides to send 1,000 emails to a forwarding address, these emails are, in turn, re-sent from the server and appear to originate from the server.To minimize relay usage:
- Use email forwarding sparingly. Having a "firstname.lastname@example.org" address that forwards to your 6-person sales team gmail.com addresses would use 6 SMTP relays per message.
- Use a local mailbox for any form. Any email address hosted on your server is considered local.
Misconfigured server settings or 3rd party software settings
Notifications from WHM/cPanel, Plesk, cron jobs, and Security software like Fail2Ban and CSF are configured by default to send numerous emails daily. If any of these send to an email address that doesn't exist, you will be sending constant bouncebacks which can use up your relays and slow normal mail delivery.
To fix settings:
- In WHM, confirm the following areas use a valid email addresses :
- Basic WebHost Manager® Setup
- Edit System Mail Preferences
- Contact Manager
- Email All Resellers
- Email All Users
- In Plesk, confirm the following areas use a valid email address. Depending on the selected view in Plesk, you'll want to check the following areas:
- Settings → Notifications
- My Profile
- Configure cron jobs to email a valid local address.
- Configure notifications for software like Fail2Ban and CSF (ConfigServer Security and Firewall) to use a valid, local email or disable them altogether.
Mailing listsBe aware that our email relays cannot be used to send bulk, unsolicited email. As a result, your legitimate messages may be marked as SPAM and the server can be blocked from sending any mail.
If you're attempting to send email to any kind of mailing list, all recipients must opt-in to receive messages and all recipients must have the ability to opt-out of emails. Additionally, be sure you have a mechanism in place to recognize and remove invalid addresses from any outgoing mailings. Take a moment to review this article about sending email responsibly.
- Find SPAM senders in WHM
- Find SPAM senders in Plesk Linux
- Find SPAM senders using Postfix with SSH
- Find SPAM senders using Exim with SSH
- Find SPAM senders using Mailenable with Windows Plesk
- Enable PHPMail Logging using WHM.
- Enable PHPMail logging in Plesk Linux.
- Enable PHPMail logging in Plesk Windows
- Return to review email spam issues on your server.
- Our server experts can perform these steps for a fee. For more information about our Expert Services, please visit our Expert Service menu.