Stopping outbound spam keeps your server IPs off blocklists and your customers' mail moving. Inbound spam and phishing is the other half of the problem. It fills customer mailboxes, drives support tickets, and raises the chance that one of your customers hands over credentials to a phishing email.
Imunify Email has protected outbound mail since launch. Incoming filtering has been in beta for the past several months. Now it graduates to general availability. It's included with Imunify Email, and it's one command to enable.
Incoming filtering automatically routes spam and phishing email to the Junk or Spam folder of the recipient's mailbox. Legitimate messages pass through and deliver as normal.
Detection runs on the same engine that handles outbound protection: Rspamd-based mail filter integrated with Exim on cPanel/WHM servers. One engine, one install, one set of tools to monitor, whether you're filtering outbound, inbound, or both.
The feature is server-wide and opt-in. It stays off until an administrator turns it on.
The GA release focuses on two areas.
Improved detection. Months of beta traffic and engineering work have raised detection accuracy and lowered false positives. More spam and phishing gets caught, and less legitimate mail gets misclassified. Improvements continue in production as the detection model keeps adapting.
Recipient whitelisting. The most frequently requested feature during beta. Administrators can exempt specific mailboxes from incoming filtering using the ie-cli whitelist recipient command. Useful for role addresses, automated intake mailboxes, mailing-list subscriptions, and any recipient where strict filtering causes more friction than it prevents.
Incoming filtering is part of Imunify Email. No additional license. No extra cost. If you already run Imunify Email for outbound protection, you already have everything you need to protect inbound mail as well.
If you run Imunify360 but haven't added Imunify Email yet, the GA of incoming filtering is a good moment to look at it. Imunify Email is the Imunify360 addon for mail server protection, and it now handles both directions of your mail flow.
If you ran incoming filtering during beta, you don't need to do anything. Your installation is already on the GA version.
If you have been only using outgoing filtering so far, one command on the server enables it:
ie-config enable-incomingFiltering begins immediately. Once enabled, you have three control points:
Administrators can review daily and historical filtering statistics inside WHM at Plugins → Imunify360 → Email. The full configuration reference is in the Imunify Email documentation.
Incoming filtering has left beta because it's ready for production traffic. If you run Imunify Email, turn it on, watch the first day of stats, and tune recipient whitelists where they help. If you run Imunify360 without Imunify Email, adding it closes the loop on your email protection in a single product.
For more details, read the Imunify Email documentation.