Post Office

cPanel Email Settings

Notice: The email capabilities of cPanel are under constant development and improvement. The services described herein cover the latest improvements and the links to further information are the latest available as of July, 2022.

Of all Internet Services, Email by far gets the greatest use. Many books have been written about email and many people claim to be experts on it. What is surprising is how few people understand email enough to use it to it's full potential. This is good for many email providers who offer only the essential email services (FREE anonymous email addresses), but its unfortunate for the entrepreneur wishing to establish credibility and take advantage of the latest internet technology to improve the efficiency and effectiveness of their services.

I've kept this document as concise as possible while providing links to most authoritative sources. If you read the entire contents of this post, you'll probably have a better understanding of email services than most people who use it on a daily basis.

Contents

Tips of The Trade

If you read through to the end of this document (or TL;DR to the end), you'll find a few tips I've learned from my own experience with email. It may give you some insight into steps you can take to improve your own email security and workflow.

Email Accounts

An Email Account represents one physical mailing address with a unique identifier (email address) used to send and receive electronic mail. While not all email addresses are associated with email accounts (more on that below), all email accounts are associated with one unique email address. An email account can be thought of as a physical mailbox or place of pickup and delivery.

Typical email addresses related to members of any given organization might be tom@company.com, brenda@company.com, barry-r@company.com etc.. despite their positions in the organization, their email address uniquely identifies them. These email addresses are almost never exposed to the outside world other than in a direct email from the account holder. Instead, forwarders are used to direct departmental email to the appropriate recipient(s), which may change with time (promotions/staff changes). As an example, someone sends an email to sales@company.com and gets a reply from bob@company.com, this arrangement is more personal and seems to make clients most comfortable.

Internet service providers often set impractical limits on the number of mailboxes or total mailbox size only to upsell you once you've moved in. We put no such limits on email storage or number of accounts. Our clients get whatever they need to operate their business in a professional manner.

Ref: cPanel Docs - Email Accounts

Forwarder

A Forwarder is an email redirection order (either temporary or permanent) that controls email routing. These are not mailboxes but delivery instructions automating the process that goes on behind the scenes in a typical mail room.

A typical forwarder might be sales@yourcompany.com. Any mail sent to this address could be delivered to any number of mailboxes including none (trashed). Usually such an email address will be delivered to any number of salespeople (or even a sales manager) so it can be handled as quickly as possible by the next available person.

If a salesperson reads the email and decides to handle it themselves they too can send an email to sales@yourcompany.com notifying the rest of the team on the status of the order, the notice will always show the sender so it's like an instant messaging system for exclusive use by the sales team.

Forwarders are also used in routing email destined for people currently on vacation or otherwise unable to handle email temporarily. This works very well together with an autoresponder (below) that lets the sender know that the email is being handled in such a manner. If a forwarder and an email account exist with the same email address, the email will be delivered to all recipients listed in the forwarder as well as the email account.

The important thing to remember about forwarders is that they are not email accounts and are not necessarily associated with any email account(s) but are delivery instructions critical to normal mail room operations.

Ref: cPanel Docs - Forwarders

Email Routing

This service is for controlling the physical server (mail server) that handles all email for this domain. It can also be used for configuring a backup mail server which would hold a domain's mail until the primary mail exchanger becomes available.

Note: Misconfigured settings can prevent reception of email. These settings should only be made by or under instruction of a systems administrator.

Ref: cPanel Docs - Email Routing

Autoresponders

An Autoresponder is a message sent by the receiving mail program confirming that the email has been received and routed accordingly. These are often used with customer service or other forms of inquiry located on websites, so visitors know that their inquiry has been received and is being processed.

Another common use of autoresponders is for holidays (ie Christmas) where the business may be closed for a period of time and any response to the email message might be delayed. A typical message used for this purpose would show Holiday Hours.

When employees go on holidays or other leaves of absence, they often create autoresponders to to indicate the status of their email activity. They might also use a forwarder to redirect their email to another person assigned to handle email in their absence.

An autoresponder is totally independent of any other email operation and can be added to any email address existing on the domain. All other operations work as described herein.

Ref: cPanel Docs - Autoresponders

Default Address

A Default Address is a catch-all email address where email that does not match any assigned email addresses will be delivered. This could be typo errors in email addresses but by and large the heaviest use of the default address is spam sent to common addresses on the internet.

For this reason, we recommend that email destined for this bin be discarded. As a precaution you might add an autoresponder indicating no associated address exists but that could send a notice to spammers to keep trying. Most email clients auto fill-in recipient addresses so the likelihood of a typo is minimal.

Ref: cPanel Docs - Default Address

Track Delivery

In Track Delivery we are shown failures in delivery and the reasons for those failures. Typical failures include Sender verify failed where your email server attempted to verify that the sender used a legitimate email address, and the associated address could not be found. This is typical of spam senders who use anything for a return address with the sole intention of the email being for someone to click on a link contained in the email. This way, other than through email header forensics the source of the email is untraceable.

Track Delivery also provides a utility where an email address can be entered, and the mail server will track all relays as the email travels to it's destination. This can be beneficial for email delivery problems if someone should alert you of not being able to receive emails sent by you.

Ref: cPanel Docs - Track Delivery

Email Filters (General)

An Email Filter is a set of qualifiers that identifies a particular email or (as in most cases) a category of emails for specific handling. The most common use for email filters is to identify spam and remove it from processing. Most email services (ie GMail, Hotmail) have some level of spam filtering built in but these are generally not very specific and can cause valid email to be sent to the waste bin. Email filters can be made much more specific and much more effective with proper tuning of the filters.

All parts of an email can be used for filtering, even the parts you don't normally read (headers) that require looking at the email source code to identify.

The simplest email filter might be Sender: xyz@acme.com which would select all email from that address. The selected email may then be trashed, redirected to another user, even processed by a script. The filter is nothing more than the qualifier. The associated action determines what is donr with the selected email(s).

Other common filters are Contains: where you might want to filter all emails containing common spam words (ie 'Viagra', 'Meds'). These likewise may be simply rejected or sent to the spam folder allowing possible recovery.

Filter qualifiers include Starts With, Contains, and Ends With so you can for instance reject all email sent from spammer.net.

cPanel has a very sophisticated spam filtering system that evaluates received emails and can even check with blacklisting or spam reporting agencies to determine the likelyhood of the email being spam. This is added to the email as a header with a numeric value that filters can use to determine outcome.

Global Email Filters

Global Email Filters check all emails coming through the system regardless of who the recipient(s) might be. These are the best filters to use for general spam filtering rather than having to set the same general filters for every email account individually.

Ref: cPanel Docs - Global Email Filters

Email Filters

Email Filters are specific to any given email account to allow email account holders to control emails or categories of emails destined specifically to their email address. One email account holder may want all email sent from a specific email address redirected to another email address or even rejected.

Generally email filters start on a broad spectrum and work down in granularity to specific accounts. Being able to manage filters can save you a lot of time and make your handling of emails much more efficient.

Note: Improper use of filters can prevent you from receiving valid email. There are testing capabilities built into cPanel so you can verify that any given email is filtered, but sometimes the rules you may setup can accidently match emails you do want to receive. If you are bothered by spam and uncertain of the exact filter to set, please contact our customer service who will be happy to help you with your settings. There is no substitute for experience when it comes to handling spam.

Ref: cPanel Docs - Email Filters

BoxTrapper

The BoxTrapper feature filters spam from your inbox through a challenge response verification like when you add your email to a list and receive an email with a link to click to verify that you are the recipient.

Whenever an email is received from an address from which email has never been previously received, BoxTrapper can send an email to the associated sender to verify that they did indeed send the email. If no response is given to the verification message the message is scrapped or goes into the trash bin. This method of verification foils many of the attempted spamming methods described earlier in this document.

Ref: cPanel Docs - BoxTrapper

Email Deliverability

This is the other half of the Track Delivery service described earlier. It identifies problems with DNS records or SPF security settings that might bring server trust into question by other email services.

There should never be a problem with the credibility of your email server as it is monitored constantly for any interruptions in service. Any doubts about server settings should be brought up with your operations manager so they can investigate the situation and resolve it as quickly as possible.

Ref: cPanel Docs - Email Deliverability in cPanel

Spam Filters

This is cPanel's spam filter that I referred to earlier that does a good job on its own of filtering spam but when used together with filters, can greatly reduce any problems you might otherwise have with spam.

The spam filter has been setup for you with defaults that we have found to work well in most cases. If you decide to tweak the settings, just be aware that as with any filter, it is possible to go over-board and block legitimate email.

If you are having problems with what you believe is too much spam getting through or problems having legitimate email flagged as spam, please contact us, and let an experienced operator assist you.

Ref: cPanel Docs - Spam Filters

Encryption

Over the history of email, one of the greatest problems has been verifying the authenticity of the originator, its possible for any elementary level hacker to impersonate any email sender, this is quite evident from the number of emails being sent claiming to come from Microsoft, Amazon, Credit Companies, and even Government Authorities that have been created by hackers for the purpose of fraud or identity theft.

Privacy is another issue. Emails are normally sent clear text which makes them readable by anyone seeing the packets travel through the internet. These emails often contain financial or personal details and often passwords for newly acquired services. By the time you get the password to your new service, it may have already been compromised.

To complicate the issue, most email is now stored as IMAP messages located on public servers rather than on the recipient's own mailing device. So, the convenience of being able to read it at any time from anywhere comes at the expense of security and confidentiality.

To help solve these problems, email services are now capable of encryption (GnuPG) which is a public key approach like the encryption banks and financial institutions use for encrypting transactions. Your email program (ie Outlook) encrypts the outgoing email with a public key so that it can not be read or understood by anyone or any machine. Only the intended recipient (who has your private key) can decrypt and read the email. This makes the entire email message a secret between the sender and receiver. It also verifies that the sender is indeed who they claim to be since they are the only ones with this unique keypair.

Encrypted email will catch on over the next few years but unfortunately is not widespread because data miners (often the same entities providing the free email services) read email sent through their systems to profile clients. Just as cloud storage could be encrypted before being sent to the storage service, storage services are not big on recommending this procedure because it makes them unable to use the data saved on their system. Consider your use of free public services as being in exchange for allowing the data mining that goes on behind the scenes.

Ref: cPanel Docs - Encryption

Calendars and Contacts

Anyone who uses the Calendars or Contacts operations on their smartphones will be somewhat familiar with how they work and the sharing of such information with others. So as not to clutter-up this email documentation with information that goes over and beyond the scope of anything to do with email, we will not go into this information here but will reserve it for another article.

If you wish more information on the Calendars and Contacts services of cPanel, please refer to the following cPanel documentation.

Ref: cPanel Docs - Calendars and Contacts

Email Disk Usage

This service allows you to view all your mailboxes and remove old or large messages. Its good, practical housekeeping to rid your mail history of email messages that are no longer relevant and just wasting space.

Ref: cPanel Docs - Email Disk Usage

Tips of The Trade

If you have read through the details above, you will already know how to defend your email against most malicious activity but here's an idea that works.

As you are constantly prompted for your email address while browsing the internet, you can quickly overload your inbox with mail. Some you recognize, some you don't, but you have no way of knowing which of your contacts passed along your email address to others.. or do you?

You should never provide your personal email address to anyone online, doing so is just asking to become inundated with spam. Instead, create a forwarder using the site name as the email address, so you will always know from where the email came.

As an example: you are prompted to give your address to freegifts.com in exchange for a gift.

  1. You create a forwarder called freegifts@yoursite.com and forward incoming mail to yourself.
  2. Now you know the source of all email sent to that address and if you ever want to dump it, you just remove the forwarder.

Detective work made simple.


References:

A complete description of all email operations available on cPanel is available at cPanel Docs - Email