📨 Fixing Common Email Spam Issues on Shared Hosting

By Farooq Junejo • Tech Expert | Web Hosting & Email Security

Running a shared hosting server (like Plesk or cPanel)? Seeing outbound spam, blacklists, or rejected mail? You're not alone. In this post, I’ll show you how to trace, prevent, and clean up email spam issues effectively.

1. Check Email Queues

First, check the email queue for suspicious patterns:

• cPanel: /var/spool/exim/input/
• Plesk: Use mailq or Plesk Email Queue Viewer

Look for hundreds of emails being sent from a single user.

2. Identify the Sending Script

Run the following to check which scripts are sending email:

grep -Ri "X-PHP-Originating-Script" /var/log/maillog

This shows the exact PHP file used — often a hacked contact form or malware.

3. Scan Your Server for Malware

Use ClamAV or ImunifyAV to scan suspicious web root folders like:

• /var/www/vhosts/[domain]/httpdocs
• /home/[user]/public_html

Delete or quarantine infected files.

4. Implement Outbound Rate Limits

To stop abuse in shared hosting:

• Limit outgoing mail per hour/domain (in cPanel or Plesk Mail Server Settings)
• Set alerts if limit is exceeded

5. Configure SPF, DKIM & DMARC

These DNS records help protect and authenticate emails:

• SPF: Defines authorized senders
• DKIM: Signs your emails to prevent tampering
• DMARC: Monitors and blocks spoofing attempts

6. Monitor Blacklists

Use tools like:

• MXToolbox Blacklist Check
• MultiRBL

If blacklisted, request removal after fixing the issue.

7. Use SMTP Authentication

Force all clients to use SMTP authentication. Block `PHP mail()` usage unless needed.

Conclusion

Email spam can hurt your server’s reputation. A secure, monitored, and well-configured mail setup keeps your clients happy and your IP clean.