A false positive email message is a legitimate message that spamBlocker incorrectly identifies as spam. A false negative, or missed spam, email message is a spam message that spamBlocker does not correctly identify as spam. If you find a false positive or false negative email message, you can send feedback to WatchGuard.
You can also send feedback directly to the spamBlocker data center. You can also send feedback about a false positive for a solicited bulk email message. This is a message that spamBlocker identifies as bulk email when a user actually requested the email message.
Do not send a report about a false positive when the email is assigned to the Suspect category. Because this is not a permanent category, error reports for suspected spam are not investigated.
You must have access to the email message to send a false positive or false negative report. You must also know the category (Confirmed Spam or Bulk) into which spamBlocker put the email message. To find the category, you must configure a spamBlocker action to add a subject tag and use a unique sequence of characters to add to the beginning of the email subject line.
To report a false positive or false negative:
- Save the email as a .msg or .eml file.
You cannot forward the initial email message because the email header is needed. If you use email software such as Microsoft Outlook or Mozilla Thunderbird, you can drag-and-drop the email message into a computer desktop folder. If you use email software that does not have drag-and-drop functionality, you must use the software menu Save As option to save the email message to a folder.
- Create a new email message addressed to:
[email protected] for false positives
[email protected] for false negatives
[email protected] for false positive solicited bulk email
- In the subject line of your email message type:
FP Report <Your Company Name> <Date of submission> for false positives
FN Report <Your Company Name> <Date of submission> for false negatives
FP Report <Your Company Name> <Date of submission> for false positive solicited bulk email
- Attach the .msg or .eml file to the email message and send the message.
If you have many messages to send, you can put them all into one ZIP file. Do not put the ZIP file into a ZIP archive. To analyze the ZIP file automatically, it can be compressed to only one level.
Report Feedback About a Confidential Message
If you want to send a report, but you cannot send the initial email message because the information in the message is confidential, you can send the RefID record from the email header instead. The RefID record is the reference number for the transaction between the Firebox and the Detection Center.
spamBlocker adds an X-WatchGuard-Spam-ID header to each email. For example:
The long sequence of numbers and letters after the X-WatchGuard-Spam-ID: part of the header is the RefID record.
Copy the RefID record from the header and paste it in the body of your email message. To send a report about more than one email message, put each RefID record on a separate line.
To see email headers if you use Microsoft Outlook:
- Open the email message in a new window or select it in Outlook.
- If you open the email in a separate window, select View > Options.
If you highlight the email in Outlook, right-click the email message and select Options.
The header appears at the bottom of the Message Options window.
Find the Category a Message is Assigned To
Message tags are the only indication of which category a message is assigned to. Change the action to Add subject tag and use a unique sequence of characters to add to the beginning of the email subject line. For more information on how to use spamBlocker tags, see spamBlocker Actions, Tags, and Categories.