If you are experiencing delays receiving important emails such as:

• MFA / 2FA verification emails
• Login verification codes
• Password reset emails
• Banking or authentication emails

the most common cause is Greylisting being enabled on your email domain.

What Causes the Delay?

Greylisting is an anti-spam protection feature in cPanel designed to reduce spam and lower heavy mail loads on your account and server.

When enabled, the mail server temporarily rejects emails from unknown senders and asks the sending server to retry delivery later.

Most legitimate mail servers retry automatically, but this can delay emails by 5–15 minutes.

This especially affects:

• Microsoft verification emails (trusted mail servers)
• Google login codes (trusted mail servers)
• Facebook verification emails (trusted mail servers)
• Cryptocurrency authentication emails
• Banking security emails
• One-time password (OTP) emails

Even though companies like Microsoft, Google, and Facebook use trusted mail servers, Greylisting can still temporarily delay the first email attempt.

How to Fix It

Step 1

Log in to your cPanel account.

Step 2

Go to:

Email → Configure Greylisting

Step 3

Locate your domain name.

Step 4

Turn Greylisting OFF

Once disabled, verification and password reset emails should arrive much faster.

Security Recommendation

We strongly recommend switching to a token-based authentication app such as Google Authenticator, Microsoft Authenticator, or similar wherever possible, instead of relying on email verification codes.

The reason we have Greylisting enabled by default on many services is due to previous security incidents where client email accounts were compromised. In one case, access to the email account allowed attackers to gain access to banking authentication emails and verification systems.

While disabling Greylisting may improve the speed of verification emails, it can also reduce an important layer of spam and security protection.

If you choose to disable Greylisting, this is done at your own risk.

For the best security protection, we recommend:

• Using an authentication app instead of email-based MFA/2FA
• Using strong unique passwords
• Enabling Two-Factor Authentication wherever available
• Regularly monitoring your email account security

You can re-enable it at any time if needed.