Skip to main content
Help Center

GoDaddy Help

Prevent SPAM issues on your server

A major part of cleaning up your server after a SPAM issue is to prevent it from happening again. It's been our experience that there are only a few root causes of outgoing email spam. Below are some common causes of email SPAM and ways to prevent them.

A compromised email account

If an email account/mailbox in the server has a weak password, or the password was compromised, a malicious third party will use that mailbox to send mail.

To protect email accounts:
  • Reset the passwords for all email accounts on the server to strong, random passwords. Take special note of email accounts that are receiving a large amount of bounceback messages.

Unprotected forms on a website

Many sites use forms, like new user signups or contact forms, that trigger an email message when they're submitted. If the form isn't protected with a captcha or challenge of any kind, they can be compromised and used to send SPAM.

To protect forms:
  • Use a captcha or challenge. This prevents automated "bots" from using your form to send SPAM.
  • If your site uses a CMS like WordPress or Joomla, make sure all plugins/extensions are up-to-date and remove any you no longer use.

Malware/coding vulnerabilities

If your CMS is out-of-date, malware files can be uploaded and used to send thousands of email messages by taking advantage of PHP's mail() function.

To prevent malware:
  • Update all CMS core, plugin, extension, and theme files to the latest stable versions.
  • Set all sites to use the latest PHP version. EOL (end-of-life) versions may have unpatched vulnerabilities that can be exploited to send SPAM.
  • Use a malware scanner to check your site's files for any signs of a compromise. Website Security is an easy-to-use tool to keep your site protected from malware.

Email forwarding accounts

SPAM issues can quickly get out of hand if you use email forwarding. If a malicious third party decides to send 1,000 emails to a forwarding address, these emails are, in turn, re-sent from the server and appear to originate from the server.

To minimize relay usage:
  • Use email forwarding sparingly. Having a "sales@coolexample1.com" address that forwards to your 6-person sales team gmail.com addresses would use 6 SMTP relays per message.
  • Use a local mailbox for any form. Any email address hosted on your server is considered local.

Misconfigured server settings or 3rd party software settings

Notifications from WHM/cPanel, Plesk, cron jobs, and Security software like Fail2Ban and CSF are configured by default to send numerous emails daily. If any of these send to an email address that doesn't exist, you will be sending constant bouncebacks which can use up your relays and slow normal mail delivery.

To fix settings:

  • In WHM, confirm the following areas use a valid email addresses :
    • Basic WebHost Manager® Setup
    • Edit System Mail Preferences
    • Contact Manager
    • Email All Resellers
    • Email All Users
  • In Plesk, confirm the following areas use a valid email address. Depending on the selected view in Plesk, you'll want to check the following areas:
    • Settings → Notifications
    • Users
    • My Profile
  • Configure cron jobs to email a valid local address.
  • Configure notifications for software like Fail2Ban and CSF (ConfigServer Security and Firewall) to use a valid, local email or disable them altogether.

Mailing lists

Be aware that our email relays cannot be used to send bulk, unsolicited email. As a result, your legitimate messages may be marked as SPAM and the server can be blocked from sending any mail.

If you're attempting to send email to any kind of mailing list, all recipients must opt-in to receive messages and all recipients must have the ability to opt-out of emails. Additionally, be sure you have a mechanism in place to recognize and remove invalid addresses from any outgoing mailings. Take a moment to review this article about sending email responsibly.

Related steps

More info

  • Our server experts can perform these steps for a fee. For more information about our Expert Services, please visit our Expert Service menu.