Disabling BoxTrapper
Hi everyone!
We’ve been making a lot of progress minimizing the amount of SPAM that leaves our servers. We have implemented additional monitoring to proactively check if one of our servers is blacklisted on a list of popular RBLs. We have created a better set of outgoing mail rules and enabled better mail scanning. We have also created tools and procedures internally to more quickly identify and stop SPAM scripts.
What does this all mean for you?
Simple: when you send an email, it ensures it reaches your target audience without confusing bounce messages, errors or delays. It also means that if a server does end up blacklisted for whatever reason, we can quickly address the problem and get you the information you need.
Unfortunately, one feature we have continued to offer is directly combating this excellent progress we have made, and that is BoxTrapper. BoxTrapper is provided as a feature by cPanel and while it sounds good on paper, it is disruptive to email communication and only adds to spamming problems.
BoxTrapper works by sending a verification message back to the email address listed as the sender of a message. Until the sender of the message replies to this verification message with the proper response, the message is prevented from reaching your inbox. Because most SPAM messages are sent by bots, the verification is never completed and you are saved the inconvenience of those SPAM messages clogging up your inbox.
However, BoxTrapper has a fatal flaw: it will send the verification message to any email address listed as the sender on the email. Because it is trivial to forge the email address an email appears to be coming from, this allows spammers to target accounts that use a feature like BoxTrapper to bounce messages against these accounts to SPAM addresses they want to target indirectly, making it difficult to trace and stop. This is called backscatter, which you can read a brief description of here.
Backscatter is a very large problem for email providers and is highly penalized by blacklists and email reputation providers.Because BoxTrapper enables this behavior and has been the direct cause of some of our servers being blacklisted, we are removing this feature from our offering effective immediately. This feature is used by less than 1% of our user base, and with the advancements in other SPAM filtering techniques available, we strongly believe that the risk BoxTrapper presents is not worth the gain.
If you are one of the few using this feature, we hope you understand why we have decided that this feature can no longer exist on our servers. Having the entire server blacklisted because of this feature on a single account is simply not acceptable and is an inconvenience to everyone on that server.