search cancel

Frequently asked questions on false positive submissions

book

Article ID: 172968

calendar_today

Updated On:

Products

Email Security.cloud

Issue/Introduction

A legitimate email has triggered an Anti-Spam filter in Email Security.cloud. You have questions regarding the false positive submission process.

Resolution

What happens to false positive submissions?

Only samples that meet the requirements outlined in Mail client instructions for submitting valid samples will be accepted for analysis. Samples that have a spam verdict will be processed within 24 hours. Each false positive submission is examined individually to assess what caused the sample to be detected as spam and what corrective action, if any, needs to be taken.

Note: Symantec does not guarantee that each submission will result in an alteration of our filters.

Will I get feedback on false positive submissions?

Symantec does not acknowledge samples submitted to the above address or provide the results of the investigation automatically. Please ensure that you are following the procedure outlined in Mail client instructions for submitting valid samples to submit in a correct format. If after 24 hours it fails to resolve the matter, or if you require feedback regarding your submission, please contact Symantec support with details outlined in the referenced article.

How can I verify if the email still triggers a spam verdict?

The original sender of the email should attempt to resend the email. While we strive to action submissions as quickly as possible, it may take up to 24 hours before detection is amended if we are able to do so.  After 24 hours from submission to the feedback address, if the email is still categorized as spam when resent or checked in the Spam Analysis Tool, then it is likely that amendment to the detection is not possible in this case.

Who needs to submit the sample?

This depends on the action being applied to the false positive email based on your settings in the client portal.

  • Action: Append a header but allow the email through OR Tag the subject line but allow the email through
    • The recipient submits the sample.
  • Action: Quarantine the email
    • The recipient submits the sample.
  • Action: Append a header and redirect the email to a bulk mail address
    • The administrator of the bulk mail address submits the sample.
  • Action: Block and Delete
    • The original sender submits the sample.

      The administrator can try adding the sender to the Approved Senders list in the client portal and have them resend the message. This may allow the recipient to receive and submit the sample. If the email is still blocked, the original sender will have to submit the sample.