- BoxTrapper Technology
spam on our mail servers - not on your computer!
Server-side challenge-response email filtering tool
- BoxTrapper is a free, built-in hosting account spam elimination tool for your mailbox. It minimizes the spam that is delivered to you by:
allows emails from senders on your whitelist to proceed directly to
senders are checked to see if they are coming from a real human before
being released to your inbox.
easily edit (manually) your whitelist any time you want (through a web interface). The whitelist is automatically updated with the email addresses you send to, IF you use our smtp server for outgoing email.
can be turned on or off with the click of a mouse in your cpanel or
does its work on our servers, as opposed to other methods that download
all the spam and filter it locally on your computer. The server-side
processing is particularly useful when you're accessing your email away
from your office or home.
For business accounts that have web forms, please program your whitelist carefully to accept messages with your web form's subject line.
BoxTrapper is included free with SherwoodHosting Plan "D", and must be used with mailboxes on our server (as opposed to forward-only addresses).
- keeping a list of addresses that you have corresponded with (called a whitelist, addresses from which are delivered to your inbox immediately), and
- sending a friendly message to those "unrecognized" addresses to request them to reply-- this verifies that they are human and likely not unsolicited email.
NOTE: We encourage the following rules:
Because BoxTrapper takes server resources to handle each incoming spam email,
in order to be permitted to enable BT for a given email address, that email address must be shown to:
(a) have taken steps to minimize “publishing” of the address (on ANY web site, RSS feed, or forum, not just your own site) in live/parse-able text formats such that spam harvesters can read it, and
(b) not be a dictionary name (like: info, sales, help, orders, webmaster, etc., or a common first name like: mary, sue, joe, bill, bob, etc. (suggestion: use mailbox names that are based on some aspect of your business, and people's firstname+lastinitial)).
See point #1 in minimizing spam
- unwanted junk mail (Unsolicited Commercial Email (UCE)) Department of Justice Article
- Mailsystem software on SherwoodHosting servers that processes and
sorts spam before it gets to your inbox. This software "filter" runs on our server and allows you a preview of the intercepted spam (see the "queue" of emails awaiting challenge responses) for the case that an email was misidentified as spam.
- A list of people you want to receive email from (e.g., people in your address
This is a (text file) list of email addresses (maintained on the server, but editable and viewable through a BT's web interface). If you use the server's outgoing SMTP server for emails you send, BT will automatically white list those sent-to addresses.
The Whitelist additionally allows pattern-filtering based on both FROM and SUBJECT information.
For email generated by web forms that you do want to allow, please program the appropriate entry using the SUBJ keyword and your subject line phrase.
— EDITING WHITE LIST & VERIFY MSSGS
WHITELIST - When you manually enter line items in your white list, you must be very careful to add the "escape" character \ (backslash) preceding ANY character other than A-Z,a-z,0-9 or space. This includes * @ . -
If omitted, incoming email will crash and respond to the sender with the following oblique error:
local delivery failed (internal death)
Cpanel::BoxTrapper::BoxTrapper_checklist('white', '/home ...)
[a fatal error or timeout occurred while processing this directive]
This is most vulnerable for including "subject" lines. Example:
\*\*\* Contact Web Form Submitted \- contact\.html
Another gotcha is the | (vertical bar, a.k.a. pipe) character, which, unescaped, means Logical Or. So if your intention is to pattern match for the literal vertical bar character, then use the syntax \|
Wildcards: (often *(asterisk) might be intuitively used) There are no wildcard characters available for use in the whitelist(etc.) line item matchstring syntax. You don't need a wildcard positioned as a prefix or suffix, since by definition a line item matchstring is matched if found ANYWHERE in the sender's email address.
For instance, if you enter as a line in your whitelist:
Then the following would be allowed through to your mailbox without challenge:
VERIFY MESSAGE - When you're editing the verification message, be extremely careful to leave the syntax at the end of the SUBJECT line as the end of that line. Failure to do so will cause senders to keep being challenged because BT cannot see the message ID number.
Once the sender replies to the challenge message, that sender address is Whitelisted and (New as of July 2007), a confirmation message is sent to the sender acknowledging that their address is now on the whitelist and they will not be challenged in the future. This acknowledgement message is a system-wide message and is not editable by the user.
- Address list that you specify for BoxTrapper to immediately identify as unwanted spam sender
addresses and it deletes it and does not challenge it.
- When your server mailbox receives an email from someone not yet on either of your White or Black lists, BoxTrapper
will "challenge" the sender (to see if s/he is "human") by sending a polite form email (which is editable by you) to ask them to reply. If they reply, then the original message
they sent will be conveyed to your inbox, if no REPLY was made, the
message will sit in the BoxTrapper queue for 15 days (a selectable
number, by you, we recommend you change it to 30 days) for your potential review in case a mistake was made.
If a new correspondent sends email to you for the first time, they
only have to encounter a Challenge email once- thereafter they are
on the WhiteList and their email message immediately is conveyed to
Note that IF you have "automatic whitelisting" enabled AND your outgoing email smtp server uses our servers (so that boxtrapper can watch for outgoing messages) AND you send email to Person A, then Boxtrapper will put that address on the Whitelist and at any time in the future if Person A sends you email, that email will be conveyed to your inbox instantly with no challenge.
- The email message and process by which BoxTrapper sends the Challenge
message to the sender to see if s/he is human. A challenge message is sent IF the sender's email address was NOT on either the Whitelist or Blacklist.
- Log (see details below) - A list of transactions for email challenged, or let thru and the reason (rule) is noted.
- Queue (see details below) - A list of emails which have been challenged and are awaiting the original sender to reply so that BT can release the message to the recipient's inbox. We recommend checking this list about once a week, especially if you're a business and expecting new clients to email you.
all hate spam. Here're some discussion topics for how to minimize it even prior to using BT (click on the underscored link for detailed info):
your address: Stop/minimize your email address from getting
in spam address list databases in the first place
these pesky emails when you do receive them-- an effective method
is to use SpamBT Boxtrapper.
(BT, also an abbreviation for Bacillus thuringiensis which is
an organic control for garden caterpillars, essentially a pest control agent)
is software that runs on the SherwoodHosting servers to minimize the spam
messages that get through to your inbox. This is accomplished by a filter
mechanism that you choose how it operates. When Boxtrapper is enabled,
Email sent to your mailbox is either:
directly to your inbox (because the sender's address was
on your whitelist). Your whitelist is an accumulation
of good email addresses from your address book, from having sent a
message outward to a particular email address (using our smtp server),
or manually maintained/edited by you.
or deleted or placed in a spam wastebasket (depending
on how you set up boxtrapper, based on identifying the sender's address
as a spammer, or keywords in the message or subject line match spam
profiles - it "smells like spam")
held (in a waiting queue which you can manually peruse and
manipulate) while a reply email message (a "challenge
message") is sent to the sender to have them confirm they are
human by simply replying (no content is needed in the reply). Spam
senders will not reply to such a message. Once the challenge response
is received, the original email is released to your inbox.
To be able to use boxtrapper, you need to have a mailbox in your
account on the SherwoodHosting server. If you only have a FORWARDER
set up in your Cpanel MAIL settings, Boxtrapper cannot intercept the messages.
(Independently and perhaps confusingly, Boxtrapper has the feature to
be able to additionally FORWARD messages that it permits through to your
mailbox, but it's unclear what the difference between BT forwards and
the mailsystem's forwards.)
Please be careful that you "prime" (initialize) your Whitelist with your addressbook and especially the exact email address from which mailing list or other automated messages originate from.
steps to enable BoxTrapper
to your CPanel
on your web site (Note: this is NOT your Windows System Control Panel; see instructions on CPanel)
the Mail section by clicking on the Mail Icon
on the BoxTrapper Spam Trap option.
the Manage link towards the right hand side of the
screen for the email address that you want to enable BoxTrapper for.
the ENABLE button to turn on BoxTrapper for the account.
- As a last
step (highly reccomended) you will want to turn on Automatic Whitelisting.
To do this click the Configure Settings link towards
the bottom left of the BoxTrapper Configuration screen and then click
the check box for Enable Automatic Whitelisting.
test your email boxes, forwarders, and spam software. Check occasionally
your challenge queue, whitelists, and event log to see if there's anything
to Enable SpamBT Boxtrapper
Mail> BoxTrapper Spam Trap> (select the email box and ENABLE
To enter your
Cpanel, you'll need to use your hosting account (FTP) username and password.
the settings for your mailbox BoxTrapper processing:
mis-categorizations of email messages, and what to do:
- An important
email was sent from someone not yet on your WhiteList, and the sender
(for whatever reason) does not reply to answer the challenge message.
You can view your "Queue" of messages held back by BoxTrapper
and manually release (and add to whitelist) or delete them.
- A spam
email made it through to your inbox, due to an answered challenge
reply - (we want to know about these, please forward them to us) You
can include additional keywords in your Blacklist
- A spam
(or virus) email made it through to your inbox, due to a forged FROM
(sender's) address that was on your WhiteList - This is likely a virus
that had "collected" the sender's email address from an
address list (beware: always use BCC when sending to more than 2 or
3 people, even if they're all close friends)
- If you
have a WEB FORM that sends email to your account, beware that, depending
on how you have your web form set up, BoxTrapper will challenge the
email. The question is whom will it challenge? There are two cases:
your web form is set up to appear to come from your customer who
filled in their own email on your web form, then there will be
a challenge message to that customer's email. They(your customer,
the creator of the web form inquiry) may not recognize (1) the
email address (your email)that the web form is finally filtered
down to, or (2) that their having filled out a web form
technically/proceedurally results in an email having
been sent to you. Our recommendation is to re-label the web form
input text field name (so it still comes thru, e.g. misspell it
to distinguish it from the commonly used label of "email"),
but the formmail utility you use will mark it as coming from the
sherwoodhosting.com server. (but see below)
your web form is set up to essentially come from "no one"
then the challenge will end up somewhere in our server: unread
and un-responded-to. A solution is to fill out a test trial
of your web form, then go into the BoxTrapper Queue and whitelist
the resulting test message, and hopefully (depending on your formmail
software) all the subsequent web form inquiries will be whitelisted
because the email FROM address will be the same.
- The better solution is to insert a whitelist rule that has your exact subject line entered.
those who are computer-savvy/comfortable:
modify several aspects of the BoxTrapper mechanism (for sorting/editing
capabilities that are not available within the normal BoxTrapper web
interface) by going into FTP, sorting queue and log files by date and
doing a mass-delete, or editing the white list to sort it in alphabetical
order, etc. Do so at your own risk.
Boxtrapper files are located in the directory: /etc/domain.com/emailusername/.boxtrapper/
For instance, to alphabetize your whitelist (by email address username, ascending order),
- FTP or Cpanel>FileManager download your file from
to your own PC (desktop, for instance)
Note: periods are important in the directory path above
- OpenWith the white-list.txt file with Microsoft Excel (for example)
- Data> Sort based on Column A, Ascending
- Save the file as simple text .txt
- Safety tip: rename the existing white-list.txt file to a duplicate file name, such as white-list-old.txt. (Just in case you need it some day)
- Upload the file back to its proper location.
It's sometimes useful to have your whitelist alphabetized:
- review it for thoroughness or other bookkeeping
- when away from your home computer, it serves as a sort of address book to retrieve almost any email address you've ever dealt with.
Examples of Challenge (Verification) Messages:
I apologize for this automatic reply to your email.
To control spam, I now allow incoming messages only from senders I have approved beforehand.
If you would like to be added to my list of approved senders, please fill out the short request form (see link below). Once I approve you, I will receive your original message in my inbox. You do not need to resend your message. I apologize for this one-time inconvenience.