Preventing Boxtrapper backscatter - one weird little trick that spammers HATE!


Feb 17, 2015
cPanel Access Level
Website Owner
I love the Boxtrapper tool because it is the best tool I've found for keeping spam from reaching my inbox. But, like many have found, the backscatter can be even worse than the spam.

I recently left A Small Orange and moved to Hostgator just because ASO did away with Boxtrapper and Hostgator still offered it. I forgot to copy my whitelist and blacklist over from ASO so I was basically starting from scratch at Hostgator. Once I got everything up and running, it seemed to be working like a dream. Until about a day later, that is. That's when all of the e-mails came in saying that my messages couldn't be delivered for 24 hours but that the server would keep trying. These were the confirmation messages to spammers that were getting bounced back.

A day later, a fresh set of 24 hour notices, along with all of the 48 hour notices from the previous day's messages. The third day featured 72, 48, and 24-hour notices. This was worse than anything I had experienced at ASO. I knew I had to either figure out a way to resolve it or else give up on the dream of a mostly spam-free inbox.

After trying a few things, my last resort was in the Edit Confirmation Messages menu. I decided to blank out all four messages, hoping that confirmation messages wouldn't even be sent. The next day I still got all of my notices about undelivered e-mails but, over the next 3 days, once they had all worked their way through the system and the server finally gave up on all of them, they all went away. I'm now back to being spam free with no backscatter.

I now just go into the review queue once a day and give a quick glance down the list looking for items that need to be approved. It's working like a dream. I doubt I'm the first person to figure this out but I wanted to share it in case it can help somebody.

Now all I need is a radio button for the 'Delete this message and blacklist the sender' to appear on the main page of the review queue along with the delete and whitelist buttons and things would be perfect.


Staff member
Apr 11, 2011
Now all I need is a radio button for the 'Delete this message and blacklist the sender' to appear on the main page of the review queue along with the delete and whitelist buttons and things would be perfect.
Hello :)

I am happy to see you were able to find a suitable workaround. Feel free to open a feature request for the quoted idea via:

Submit A Feature Request

Thank you.


Well-Known Member
Nov 20, 2014
cPanel Access Level
Root Administrator
I'm confused.

I thought the idea of box trapper was to accept all emails and to send a reply back asking for the person who sent it to confirm that they are in fact human?
If you've disabled the verification process, and have to scan all messages manually, then it's like having two mailboxes ?
One that you reject/authorise emails, and another that you access to read them.

Sort of defeats the object, and creates more admin.
The idea of delete and blacklist is good though. Something fully automated would be better.

Tango 2

Nov 21, 2015
cPanel Access Level
Website Owner
Thanks, bigslick, I wanted to do exactly what you did (use BoxTrapper as a whitelist manager but disable the challenge/response component of it) and setting the initial verify message to be blank did the trick, although it should be a more explicit option. I posted a more detailed explanation and my views on the continued usefulness of BoxTrapper at the features forum at Tweak Settings disabling BoxTrapper by default

Keat63, yes, the initial idea of BoxTrapper was a challenge/response system but the challenge/response component is of limited use (perhaps even negative use) since almost all spam comes from fake email addresses. However, the main component of BoxTrapper is the whitelist manager component, which I find essential and really very well designed.

Indeed you have to scan two mailboxes, but this is ALWAYS true in a spammy environment. The difference is only the effectiveness of the spam tools in dividing up your email between the two boxes ("mostly good" vs. "mostly bad"). You can use SpamAssassin or any other tool and *pretend* you only have one mailbox by having SA automatically delete all suspicious email (essentially the 2nd mailbox) without review, but this means some good email *from known good senders* will get deleted (not acceptable to me though apparently some people configure things that way, believe it or not). I happen to love BoxTrapper's algorithm for defining good email (whitelist, plus "innocent by association" using To: and Cc: addresses and also addresses to which I send email).

There is no longer any email Utopia until someone comes up with a universally accepted way of sending and receiving only authenticated email (and not some proprietary and severely handicapped and ugly thing like Facebook messages). But the closest I've been able to come is:

BoxTrapper for immediate delivery of all my whitelisted emails followed by SpamAssassin (or any other heuristic tool that you like) filtering of all the remaining, which I scan every day or two for good email from NEW senders. Of course the value of SpamAssassin after BoxTrapper is just to make the scanning process easier by presorting the likely good email so I can be a little sloppier with the ones it thinks is real spam--useful when you get 1000 spam/day ...).