30 Seconds to No More Spam with BoxTrapper

If you’re like me, you spend a good portion of your work day sorting through emails from some of your most trusted colleagues — Oprah, Dr. Oz, Rachel Ray, and maybe more. You might also find yourself learning about the latest ways to lose weight, better tips for refinancing your home or even claiming a surprise inheritance from foreign royalty.

Let’s face it, spam email is inevitable, but it doesn’t have to be the huge time suck that it is.

The email capabilities of cPanel have always been one of the most popular feature sets, but you may not know about the cPanel Webmail hidden gem called BoxTrapper.

Full disclosure: I worked at cPanel for more than two years, and I heard people talking about BoxTrapper but wasn’t sure what it was or what it did. Last October, I was complaining to my boss about how much spam I was getting, and he gave me a 10 minute tutorial on BoxTrapper, which changed my inbox forever.

BoxTrapper Before & After
A dramatization of my inbox before and after enabling BoxTrapper

What is BoxTrapper?

BoxTrapper is a tool that filters spam from your inbox through a process called challenge-response verification. When an account that has BoxTrapper enabled receives an email, BoxTrapper automatically sends a fully customizable verification email in response. The sender must complete the verification process before the email can pass through to the inbox.

One Click Away from Your Best Inbox

All it takes is one click to enable this feature, and the annoying emails that take up so much of your time stop coming to your inbox instantly.

Once you enable BoxTrapper, you can specify email addresses, domains or even certain subject lines you want to whitelist, and those senders will never know anything has changed. Even if you don’t take the time to setup a whitelist right away, someone sending you an email will just get your friendly, fully-customizable response asking them to confirm they are an actual person and not Oprah. The only downside to this is that if Oprah actually emails you, you might just disregard it.

A nice feature of BoxTrapper is that if you email someone, they get automatically added to your whitelist.

ProTip: If someone in your company is already using BoxTrapper, ask them to send you their whitelist. You can import it and start with a solid base, which is exactly what I did.

All is Never Lost

You might be thinking, “What if someone emails me but doesn’t respond to verify they’re a real human?” Don’t fear, that’s covered too.

BoxTrapper also has a Review Queue, which gives you the ability to see what emails are being held, and you have the option to add them to your whitelist or delete them entirely. When I first started using BoxTrapper, I would have up to a hundred emails in my queue each day, but after a few months, I rarely had more than eight. Your queue is something you’ll want to take a look at for the first two weeks or so, but after that, it starts to take care of itself.

You can even eliminate this more by taking the time to blacklist these senders, but, to be honest, I rarely take the time to do it.

If you want to know the full capabilities and configuration options, you can find it in our BoxTrapper documentation.

As someone who likes to leave each day with an empty inbox, BoxTrapper helped me get rid of wasted time and headaches sorting through those annoying emails. In the time it takes you to scroll through and delete your spam, you can have this enabled and customized, which will get you to the important work faster.

If you have any other tips for using BoxTrapper or eliminating spam, let me know in the comments.


The web hosting industry's most reliable management solution since 1997. With our first-class support and rich feature set, it's easy to see why our customers and partners make cPanel & WHM their hosting platform of choice. For more information, visit cPanel.net.

8 responses to “30 Seconds to No More Spam with BoxTrapper”

  1. Tango says:

    BoxTrapper is a great whitelist manager and, unlike SpamAssassin, ensures that your *known* good senders (whitelisted items) will NEVER get blocked (SpamAssassin and others like it will block about 1% of good email and even 0.1% would be unacceptable to me.

    Having said that, it has a flaw that it is still known as primarily a Challenge/Response system, while it is primarily a whitelist manager–well, it’s both actually but it’s the latter that’s more useful. The problem is that the C/R part has long outlived its usefulness, but there is no documented way to trun it off! OTOH, the whitelist management parts beats anything else out there. The solution would be to remove the Challenge/Response part completely from BoxTrapper (this can be simulated, by the way, but setting the verify.txt challenge message to empty text, which will suppress the sending of the challenge message, but users won’t discover this “feature” on their own, so admins will have to initialize that file to be a blank file rather than the CPanel default one).

    As far as backscatter.org, a quick look at it seems to indicate that it’s one of the most ill-conceived and over-simplified ideas ever. I hope no legitimate ISP or hosting company is using their blacklist–you’re asking for more problems than you’d be solving!

  2. john says:

    Hey Lee bobmorse
    Thank you for this blog! Seriously useful info.
    I have bookmarked this and i also am looking forward to reading new articles.
    i share it on Digg beacuse i enjoy your article.
    and i also share it in my new blog
    Keep up the great job!

  3. bobmorse says:

    We’ve got 2 RBLs running on our servers. I’d love to hear recommendations of what you use and tips for tweaking SpamAssassin.

  4. MaxterHost says:

    The concept of BoxTrapper is awesome, but we’ve disabled it since 2007 on all our servers because it filled the mail queue with undeliverable confirmation emails and got the server IPs blacklisted way too often.

    Implementing multiple RBLs and tweaking SpamAssassin does the job. Spam still comes through, but at least we never get our IPs blacklisted.

  5. Tony Kammerer says:

    The “challenge” mail that is sent to unknown senders is classified as “backscatter” spam if the “From:” address was spoofed. This will get you on a 4 week blacklist at http://www.backscatterer.org/ that you cannot get off of.

  6. bobmorse says:

    Boxtrapper sounds interesting. But getting blacklisted would be a disaster. I would certainly be interested in knowing more about that.

  7. Monarobase says:

    We don’t allow boxtrapper as it’s a good way to get your server blacklisted. Most large cPanel hosts disable it by default.

    Gray listing on the other had will be a good solution but not boxtrapper.

Leave a Reply