A false positive email message is a legitimate message that spamBlocker incorrectly identifies as spam. A false negative, or missed spam, email message is a spam message that spamBlocker does not correctly identify as spam. If you find a false positive or false negative email message, you can send feedback to WatchGuard.
You can also send feedback directly to the spamBlocker data center.
When the spamBlocker service denies a message or tags a message as spam, and in the spamBlocker settings you enable the Firebox to send spam log messages, the Firebox generates a log message. The log message contains the wgrd_spam_id item. You can use the information in the log message to send a false positive or false negative report to WatchGuard. spamBlocker can generate a spamBlocker spam ID log message for the SMTP, POP3, and IMAP proxies.
To report a false positive or false negative:
- To find a spamBlocker spam ID, search traffic log messages for a message log that contains wgrd_spam_id. For example:
2022-04-11 18:27:07 Deny 192.168.66.188 192.168.100.157 smtp/tcp 51579465 Test External Proxy Deny:SMTP spamBlocker spam ID(out-mails.SMTPS-00) proc_id="smtp-proxy" rc="595" msg_id="1BFF-0032" proxy_act="SMTPS-out.fpol_44866_LS25DgHrAp4crBEeS" wgrd_spam_id="v=2.4 cv=VOK+I/DX c=1 sm=1 tr=0 ts=6254027a p=MQD9vsuScg4A:10... - Copy the spamBlocker spam log message text.
- Create a new email message and address it to the appropriate email address.
To report a message that spamBlocker should mark as spam:
[email protected]
To report a message that spamBlocker should mark as clean, but was categorized as spam:
[email protected]
- In the subject line of your email message, type the appropriate subject:
For false positives:
FP Report <Your Company Name> <Date of submission>
For false negatives:
FN Report <Your Company Name> <Date of submission>
- In the body of the email, paste the contents of the spamBlocker spam log message text.
- Send the email.
To send a false positive or false negative report, you must have access to the email message to send a false positive or false negative report.
To report a false positive or false negative:
- Save the email as a .MSG or .EML file.
You cannot forward the initial email message because the process requires the email header. If you use email software such as Microsoft Outlook or Mozilla Thunderbird, you can drag-and-drop the email message into a folder on your computer. If you use email software that does not have drag-and-drop functionality, you must use the Save As option to save the email message to a folder.
- Create a new email message addressed to the appropriate email address.
To report a message that spamBlocker should mark as spam:
[email protected]
To report a message that spamBlocker should mark as clean, but was categorized as spam:
[email protected]
- In the subject line of your email message, type:
For false positives:
FP Report <Your Company Name> <Date of submission>
For false negatives:
FN Report <Your Company Name> <Date of submission>
FP Report <Your Company Name> <Date of submission> for false positive solicited bulk email
- Attach the .EML file to the email message.
- Send the email.
If you have many messages to send, you can add them all into one .ZIP file. Do not add the .ZIP file into a .ZIP archive. To analyze the .ZIP file automatically, it can be compressed to only one level.
Report Feedback About a Confidential Message
If you want to send a report, but you cannot send the initial email message because the information in the message is confidential, you can send the X-WatchGuard-Spam-ID from the email header instead. This is the reference number for the transaction between the Firebox and the data center. Copy the X-WatchGuard-Spam-ID from the header and paste it in the body of your email message. To send a report about more than one email message, put each X-WatchGuard-Spam-ID on a separate line.
In Fireware v12.9 and higher, you can send the spamBlocker spam ID log message instead of the X-WatchGuard-Spam-ID.
To see email headers if you use Microsoft Outlook:
- Open the email message in a new window or select it in Outlook.
- If you opened the email in a separate window, select View > Options.
If you selected the email in Outlook, right-click the email message and select Options.
The header shows in the lower section of the Message Options window.