Wayuu Technologies

Watchguard - HELP

Report false positives or missed spam

 A false positive email message is a legitimate message that spamBlocker incorrectly identifies as spam. A false negative, or missed spam, email message is a spam message that spamBlocker does not correctly identify as spam. If you find a false positive or false negative email message, you can send feedback to WatchGuard. You can also send feedback about a false positive for a solicited bulk email message. This is a message that spamBlocker identifies as bulk email when a user actually requested the email message.

Send Feedback

You must have access to the email message to send a false positive or false negative report. You must also know the category (Suspect Spam or Bulk) into which spamBlocker put the email message. The category in question is given by a subject tag with a unique sequence of characters added to the beginning of the email subject line. For Suspect Spam the characters added to the subject line are *** SUSPECT *** , for Bulk those characters are *** BULK ***

To report a false positive or false negative:

  • We will assume all email content is confidential. You will have to retrieve the RefID record from the email header. The RefID record is the reference number for the transaction between the Firebox and the Detection Center.

  • Using your computer, log into Outlook Web App, go to the folder in question (most likely Junk Folder). On the left hand side, highlight the email you want to report and then go to the right part of the screen where you see three dots <…>. If you hover over, there will be caption displayed saying “More actions”. Right click on it and scroll down to “View message details”. Then there will be a popup window with all email headers.

 

  • If you need to please scroll up or down until you get to X-WatchGuard-Spam-ID:

  • SpamBlocker adds an X-WatchGuard-Spam-ID header to each email. For this example

    • X-WatchGuard-Spam-ID: str=0001.0A020215.5D225726.0021,ss=4,re=0.000,recu=0.000,reip=0.000,cl=4,cld=1,fgs=8

  • Assuming the body (content) of your email is confidential, you will send the RefID record from the email header instead. The RefID record is the reference number for the transaction between the Firebox and the Detection Center. The long sequence of numbers and letters after the X-WatchGuard-Spam-ID: part of the header is the RefID record. You will later use this long sequence of numbers as part of your report email.

  • Create a new email message addressed to:

    • reportfp@blockspam.biz for false positives
    • reportfn@blockspam.biz for false negatives
    • reportso@blockspam.biz for false positive solicited bulk email

  • In the subject line of your email message type:

    • FP Report <Your Company Name> <Date of submission> for false positives
    • FN Report <Your Company Name> <Date of submission> for false negatives
    • FP Report <Your Company Name> <Date of submission> for false positive solicited bulk email

  • In the body of the email, please include the RefID previously retrieved. To send a report about more than one email message, put each RefID record on a separate line.