We have recently rolled out a change in how our shared servers scan for spam and apply filters. In order to avoid needless processing, spam analysis only looks at a limited segment of a message when they're evaluating it. This works well for most messages, since the mail headers alone often are sufficient to classify the message.
The same applies to cPanel's message filters, which are a great tool for writing custom rules to catch messages that spam analysis misses.
Unfortunately, some of the most insidious spammers are taking advantage of this. These professional spammers know how to send with "clean" headers, then they pad their message past the typical scan limit before dumping in their garbage. This effectively bypasses scanning and the spam winds up in our customer's inboxes.
In response, we have just significantly increased the size of the segment that gets scanned for spam and passed to filters. While this increases the resources needed to scan messages, our tests indicate that there is little impact on overall server performance. Based on this success, we've rolled out the increase to all of our shared servers.
It is our hope that this will result in the elimination of some of the worst spammers. For one of our customers, our analysis shows that a custom filter is accurately deleting between 15 and 20 messages per 24 hour period.
Image Credit: Specna Arms on Unsplash