BoxTrapper Disabled

  • Friday, 5th April, 2013
  • 12:01pm

Effective immediately we have disabled the BoxTrapper spam trap on all EntirelyDigital cpanel web hosting servers.  This feature is part of WHM/Cpanel and while it sounds good in theory, it just adds to the global spam problem and causes our servers to be blacklisted on some BL lists.

BoxTrapper works by sending a verification message back to the email address listed as the sender of a message. Until the sender of the message replies to this verification message with the proper response, the message is prevented from reaching your inbox. Because most SPAM messages are sent by automated bots, the verification is never completed and you are saved the inconvenience of those SPAM messages reaching your inbox.

BoxTrapper has a huge flaw: it will send the verification message to any email address listed as the sender on the email. Because it is easy to forge the email address an email appears to be coming from, this allows spammers to target accounts that use a feature like BoxTrapper to bounce messages against these accounts to SPAM addresses they want to target indirectly, making it difficult to trace and stop. This is called backscatter.

Backscatter is a very large problem for email providers and is highly penalized by blacklists and email reputation providers.  Because BoxTrapper enables this behavior and has been the direct cause of some of our servers being blacklisted, we are removing this feature from all our servers effective immediately.  This feature is used by very few users and with other SPAM filtering techniques available, we strongly believe that the risk BoxTrapper presents is not worth the gain.

If you are one of the few using this feature, we hope you understand why we have decided to disable this system on all our servers. Having the entire server blacklisted because of Boxtrapper on a single account is simply not acceptable and is an inconvenience to everyone that shares space on the server. Please consider using the basic spamassassin options within your cPanel instead.

IF you require a more comprehensive spam filtering system compatible with all our servers as well as your in-house email servers EntirelyDigital provides Cloud Spam Control as a hosted offering (Saas).  You can read more about EntirelyDigital Cloud Spam control to assist you in combatting spam and viruses to your inbox here.  A free 30 day trial is available.

« Back