Submitting Messages That Were Erroneously Quarantined or Denied (False Positives)
How do I submit a message that erroneously quarantined or denied for investigation?
McAfee SaaS makes every effort to avoid false-positive results in our filtering service. Due to the dynamic nature of spam, some false-positives may be seen on occasion.
A false positive result is typically valid mail that is being quarantined or bounced to the sender for any number of reasons such as sender IP reputation or content.
In order to help establish the root cause of the problem and effectively correct it, we would like to see one or two examples with full content and original internet headers after they have been released from quarantine.
These examples should be sent to SaaS_falsepositives@mcafeesubmissions.com.
Submissions to the SaaS_falsepositives@mcafeesubmissions.com address are received directly and evaluated by our Messaging Security team to find indications of rules that need to be modified and adjusted.
In addition, we would also request the following information:
- When did the problem first begin?
- Approximately what percentage of inbound mail is being quarantined?
- Is the mail being quarantined from one or multiple domains?
In some cases, replies to existing messages or messages from previously allowed senders may bounce with a 554 Denied that could indicate a possible problem with the sender's or the recipient's e-mail signature.
In this case, please provide the following information:
- Email address of sender
- Email address of recipient
- Date of message (in last 7 days)
- Bounce message
An easy way to determine if the signature is responsible is to have the sender remove their signature and attempt to send a very simple message. If that message arrives, there is something in the signature that is raising the scoring on the message abnormally. We can escalate the service request to our Threat Management Team for further evaluation after receiving the above information and having logs run.