Sifting Through Spam

If you are setting up email filters for an account, some useful tactics are:

Display the headers of the emails in the account:

grep -iE "^(subject|from|reply-to|X-Spam-Level):" *

Once you identify messages of interest, you can use more to view them.

If you're using cPanel's filter interface with a RegEx, you can use this to exclude all .eu and .us (and any other) TLDs.


Type it in exactly as displayed. I put it on both the From and Reply-To headers.

Another good rule is to match on the spam score in the X-Spam-Status header, like so:


Emails with a spam score of 3 or 4 are rejected with a message that the sender should use the contact form on the site. Almost all of these will be spam, but for the few that aren't, the sender will have a way to resubmit their message.

Be sure to test to make sure it works the way you want it to.

If you find domains that are clearly just spammers, block them explicitly.

Report spam to, and scams to the organization that's being misrepresented.