Reporting false negatives and false positives
The following recommendations for action may be helpful if emails from one of your partners are affected by an incorrect rating. Consider these recommendations only as a quick first aid, because only reporting false negatives and false positives can permanently prevent problems of this kind.
In case you have received contaminated emails from one of your partners, we recommend that you block the affected email addresses. See Creating a blocklist.
In the event that trusted emails have been assessed as malicious by one of your partners, we recommend that you explicitly allow the email addresses concerned. See Creating an allowlist.
Dealing with compromised partners
Information on dealing with compromised partners can be found under Recommendations for dealing with compromised partners.
In order to continuously improve the recognition of emails by Cyren Antispam, we have the option of reporting emails that are not or incorrectly recognised as spam as false negatives or false positives to Cyren. To enable us to do this, please send us the necessary information - as indicated below - to the email address email@example.com.
- Do not stockpile emails.
- Do not send us any ZIP archives.
- The false positives and false negatives should always be reported promptly so that further delivery attempts are filtered correctly.
- Reports should not be older than 7 days.
These are unrecognised spam emails that were delivered despite all checks by NoSpamProxy.
- For the analysis of false negatives, please send us the original email as .eml or .msg files, as it arrived at the recipient’s mailbox, as a direct attachment to a newly written email.
- It must not be an internally forwarded email, since the headers of the email may no longer be complete, or changed.
These are desired emails that have been classified as spam and have therefore not been delivered, but rejected.
- To do this, send us the exported message track from the Message tracking. To export it, go to the NoSpamProxy Command Center under Monitoring > Message Tracking, double-click the corresponding entry so that the details of the message open, and then click Export message track in the bottom left corner of the window. This will save a .XML file up to version 11.1 and a .JSON file from version 12.0. Please send us this exported file.
- If Cyren AntiSpam is the only filter that takes effect and the partner domain has an applicable trust greater than 50, the email will still be delivered because the trust rating is sufficient. As soon as other filters are added, this is no longer possible.
- Starting with version 13, you also have the option of activating the file directly from the NoSpamProxy Command Center. To do this, go to Monitoring > Message Tracking, select the corresponding entry in the message tracking and then click Report as ‘False Positive’ to Cyren.
If the email is still blocked after 24 hours, please send the exported message track and the original email to firstname.lastname@example.org.
In the event of a misclassification by Cyren Premium AntiVirus, the NoSpamProxy support has no way of influencing this behaviour. In the case of misclassifications, i.e. false positives or false negatives, the sender or the recipient of the email must always contact Cyren and have this corrected accordingly. A description of the process can be found on the Cyren support page for misclassification.
NoSpamProxy Support has no influence on the rating of the respective services. We encourage you to use the reporting options provided by these services. You can find more information about this on the websites of the respective providers.
NoSpamProxy Support has no influence on the rating of the respective services. We encourage you to use the reporting options provided by these services:
- Lookup at SURBL
- Lookup at SURBL
- Lookup URI at UriBL
- Cyren URL Classification Service see URL Safeguard
The URL Safeguard is based on the Cyren URL classification service. This additional service
NOTE: The Cyren URL Classification Service can also be used without the URL Safeguard.
Viewing rewritten URLs
- Go to Monitoring > Message tracking.
Double-clickthe respective email or highlight it and click Details.
- Switch to the URL Safeguard tab.
All malicious URLs are displayed here. Click Show all URLs to also show the benign URLs.
Adjusting incorrect URL classifications
In the event that one or more URLs have been incorrectly classified, you can report these false positives (actually benign URLs) or false negatives (actually malicious URLs). Proceed as follows:
- Highlight the respective URL.
- Click Report misclassification.
- Perform one of the following two steps:
- For false positives: Tick the checkbox next to Report this URL as safe.
- For false negatives: Assign the URL to one of the categories Spam, Phishing or Fraud or Malware.
- Click Report and close.
TIP: You or your communication partners can also check URL classifications and request changes via the Cyren support page.
To report emails mistakenly identified as spam as false positives, send us the full message track of the email in question to email@example.com.