A quarantine administrator has released an email to a user from the email quarantine portal but the user claims that the message was not received. The quarantine administrator is running a track and trace search, however, they're unable to find the email in question.

Email Security.cloud
Symantec.Cloud Management Portal
 

Mail released from the email quarantine uses the sender's information, therefore it provides the data as if it originated from the sending mailserver.

• Sender email address
• Recipient email address
• Subject line
• Sending Server IP
• Sending Server HELO
   

To search for a quarantined email

1. Select Tools > Email Track and Trace.
2. To search using other criteria, select the Search tab, and then enter your search criteria.

• Sender email address and/or Recipient email address
  The email address you provide in the Recipient and Sender fields must conform to valid email address format, including an @ symbol and a period. An asterisk (*) can be used as a wildcard to represent one or more characters, for example *@example.*The maximum field length is 255 characters.
   
• Subject line
  If you only know part of the subject line, select one of the options in the drop-down menu: "Contains", "Begins with", or "Ends with". Do not use an asterisk (*) as wildcard.
   
• Sending Server IP
• Enter the IP address of the sending mail server. Wildcards are not supported.
   
• Sending Server HELO
• The Helo string that identifies the SMTP receiving server. Asterisk wildcards are not supported.

3. To identify a specific email, provide as much additional information as possible. To display additional search options, select Show All.
4. Select whether to receive your results on screen or by email.
5. Click Search.

Note: Symantec recommends using a combination of recipient email address and keyword(s) in the subject line.

Once the search has been completed, the administrator should be able to find 2 different entries. The first one would be the one stopped by the Anti-Spam service and a second one showing the released message. Both of emails would have the same Message-ID which indicates is the same message.