|Email Plug-in (Reporting):||1.1|
|Email Plug-in (Encryption):||1.2|
I have sent several false positif spam messages to firstname.lastname@example.org
Anyone has any idea, how to control every false positif of spam messages sent to email@example.com has already been updated?
How does it work? Do you check every single incoming mail manually? What exactly do you check? Could you please tell us your process to add/remove a spam-report to the above mail-adress?
Can I just forward such a (non) SPAM-Mail to the above adresses?
Do I have to add some information about the number of recipients, my serial-number or something else?
Part of the analysis is done based on the IPAS X-header signature tags as to why the message was process wrong (spam vs. ham when it should have been the other).
Often, new rules take care of false positives.
However, if a false positive is critical to your business or are not resolved by new rules within a reasonable amount of time, please contact IronPort Support.
To send a missed spam or incorrectly marked as not-spam email to IronPort Systems for examination, there are a number of ways to submit messages.
Unless submitted through a plug in (MS Outlook, not MS outlook Express), messages forwarded must be RFC-822 compliant attachments.
Please note: forwards of previously forwarded messages cannot be processed at this time.
The preferred method is to use the plug in for Outlook, found on the IronPort Anti-Spam page of our portal, but for customers using clients other than Microsoft Outlook, there are other alternatives. Details for ensuring RFC-822 compliant attachments for MS Outlook (including Express), Lotus Notes, (Mac) Entourage, Thunderbird, are detailed in the link below.
Go to your email program and follow the instructions to attach the email as an RFC-822 MIME encoded attachment. See article 472.
Send false negative (missed spam) to firstname.lastname@example.org.
Send false positive (mail marked as spam, but is actually ham) email to IronPort Systems to email@example.com.
Each message is reviewed by a team of human analysts and used to enhance the accuracy and effectiveness of the product.
Note: Although every report sent as an RFC-822 attachment to this address will be reviewed, most submissions will not receive an actual physical reply from IronPort.
Symantec provides two email addresses specifically to receive false positive and false negative reports.
Messages that have been scanned by Brightmail and resulted in false positives should be sent with all headers to firstname.lastname@example.org.
Messages that have been scanned and are false negatives should be sent, with all headers, to email@example.com.
Important - You must send FULL HEADERS and BODY in the message as a RFC-822 MIME encoded attachment when submitting messages to these addresses. Symantec must receive false positives and negatives within 24 hours from the date initially sent to effectively write rules and filter the spam.
Note - If you can't see the Brightmail header "X-BrightmailFiltered: true" in the message you're sending to Symantec, then either the message was not filtered through Brightmail or you aren't forwarding all headers. If you don't have all headers available to you because of a defective email client, you should not submit the message to Symantec, as it will not be reviewed.
The preferred method is to use the plug in for Outlook, found on the IronPort Anti-Spam page of our portalUnfortunately, this plugin only works only with the english Outlook - but there are some other languages out there. 8)
...but there are other alternatives. ...are detailed in the link below.Sorry, I can't find this link.
See article 472.from the IronPort-KB? Is there a possibility to create a direct URL to this KB-Entry?
I don't know but it is worth trying it I think.
The link to the kb is https://ironport.custhelp.com/cgi-bin/ironport.cfg/php/enduser/std_adp.php?p_faqid=472&p_sid=cA4In5Fi&p_lva=119&p_sp=cF9zcmNoPTEmcF9zb3J0X2J5PWRmbHQmcF9ncmlkc29ydD0mcF9yb3dfY250PTY1JnBfcHJvZHM9MCZwX2NhdHM9MCZwX3B2PSZwX2N2PSZwX3NlYXJjaF90eXBlPWFuc3dlcnMuc2VhcmNoX25sJnBfcGFnZT0xJnBfc2VhcmNoX3RleHQ9YnJpZ2h0bWFpbA%2A%2A&p_li=cF91c2VyaWQ9cGV0ZXIudmFuLmRlbi5iZXJnQG1haWwuaW5nLm5sJnBfcGFzc3dkPU9EdXRHUUQxJnBfbGlfZXhwaXJ5PTExODI4Njg2Njc%2A
If I understand this article, my most important steps are:
a) Hold down the control key (Ctrl) and highlight at least two (spam- or not-spam-)messages.
b) Right Click on the highlighted messages, choose Forward.
(This "forces" outlook to use RFC-822 - really?)
If I only have one spam-mail to report, I delete the other attachment.
c) I send attachment(s) for false negative (missed spam) to firstname.lastname@example.org
and for false positive (mail marked as spam, but is actually ham) email to IronPort Systems to email@example.com.
That's all? And this attachments can be analyzed by IronPort?
In Outlook 2007 when you right mouse click the menu will say "Forward Items" not just "Forward".
Basically you need to send the examples as attachments.
You can also open a new email firstname.lastname@example.org or email@example.com which ever is the case and "drag n' drop" the examples into the new email. This will make them an attachment in the correct format.
The problem is a standard "Forward" does not include the original email in it's orginal format, it removes the email headers.