Report False Positives or Missed Spam

A false positive email message is a legitimate message that spamBlocker incorrectly identifies as spam. A false negative, or missed spam, email message is a spam message that spamBlocker does not correctly identify as spam. If you find a false positive or false negative email message, you can send feedback to WatchGuard.

You can also send feedback directly to the spamBlocker data center. You can also send feedback about a false positive for a solicited bulk email message. This is a message that spamBlocker identifies as bulk email when a user actually requested the email message.

For Fireware v12.1.3 and lower, and Fireware v12.2.x to Fireware v12.5.3, do not send a report about a false positive when the email is assigned to the Suspect category. Because this is not a permanent category, error reports for suspected spam are not investigated.

Send Feedback

You must have access to the email message to send a false positive or false negative report.

For Fireware v12.1.3 and lower, and Fireware v12.2.x to Fireware v12.5.3, you must also know the category (Confirmed Spam or Bulk) into which spamBlocker put the email message. To find the category, you must configure a spamBlocker action to add a subject tag and use a unique sequence of characters to add to the beginning of the email subject line.

To report a false positive or false negative:

  1. Save the email as a .msg or .eml file.

You cannot forward the initial email message because the email header is needed. If you use email software such as Microsoft Outlook or Mozilla Thunderbird, you can drag-and-drop the email message into a folder on your computer. If you use email software that does not have drag-and-drop functionality, you must use the Save As option to save the email message to a folder.

  1. Create a new email message addressed to the appropriate email address.
  2. Fireware v12.5.4 and higher, or Fireware v12.1.4 to Fireware v12.1.x:

    [email protected] to report message samples that should have been marked as spam

    [email protected] to report message samples that should have been marked as clean, but were categorized as spam

    Fireware v12.1.3 and lower, and Fireware v12.2.x to Fireware v12.5.3:

    [email protected] to report message samples that should have been marked as spam

    [email protected] to report message samples that should have been marked as clean, but were categorized as spam

  1. In the subject line of your email message, type:

FP Report <Your Company Name> <Date of submission> for false positives

FN Report <Your Company Name> <Date of submission> for false negatives

FP Report <Your Company Name> <Date of submission> for false positive solicited bulk email

  1. Attach the .eml file to the email message and send the message.

If you have many messages to send, you can add them all into one ZIP file. Do not add the ZIP file into a ZIP archive. To analyze the ZIP file automatically, it can be compressed to only one level.

Report Feedback About a Confidential Message

If you want to send a report, but you cannot send the initial email message because the information in the message is confidential, you can send the X-WatchGuard-Spam-ID from the email header instead. This is the reference number for the transaction between the Firebox and the Detection Center. Copy the X-WatchGuard-Spam-ID from the header and paste it in the body of your email message. To send a report about more than one email message, put each X-WatchGuard-Spam-ID on a separate line.

To see email headers if you use Microsoft Outlook:

  1. Open the email message in a new window or select it in Outlook.
  2. If you open the email in a separate window, select View > Options.
    If you highlight the email in Outlook, right-click the email message and select Options.
    The header shows at the bottom of the Message Options window.

Find the Category a Message is Assigned To

Message tags are the only indication of which category a message is assigned to. Change the action to Add subject tag and add text to show at the beginning of the email subject line. For more information on how to use spamBlocker tags, see spamBlocker Actions, Tags, and Categories.

See Also

Activate and Configure spamBlocker