Reporting false negatives and false positives

Core Antispam Engine

32Guards

URL Safeguard

Realtime blocklists

Spam URI Realtime Blocklists

Reputation filter

The following recommendations for action may be helpful if emails from one of your partners are affected by an incorrect rating. Consider these recommendations only as a quick first aid, because only reporting false negatives and false positives can permanently prevent problems of this kind.

False Negatives

In case you have received contaminated emails from one of your partners, we recommend that you block the affected email addresses. See Creating a blocklist.

Another option is to use the filter Word matching to assign positive or negative SCL points to certain words and expressions. See Word matching.

False Positives

In the event that trusted emails have been assessed as malicious by one of your partners, we recommend that you explicitly allow the email addresses concerned. See Creating an allowlist.

Dealing with compromised partners

Information on dealing with compromised partners can be found under Recommendations for dealing with compromised partners.

Core Antispam Engine

Should you notice any false positives, we recommend that you

  • set the trust value to 40 or higher if the partner has at least one valid SPF entry, or
  • create an allowlist for the affected senders. See Creating an allowlist.

If emails have been incorrectly classified as safe (false negatives) or malicious (false positives), you can report them to our cloud-based NoSpamProxy services via the user interface.

Proceed as follows:

  • Click Report misclassification below the detail dialog.

The reported misclassifications are used to improve detection by 32Guards and by the Core Antispam Engine. The following data is sent to our NoSpamProxy services:

  • Subject
  • Sent date
  • Sender (envelope and header)
  • Captured URLs
  • Size
  • TLS information
  • SHA256 hashes and file names of all attachments
  • Core Antispam Reference ID
  • Type: False positive/false negative
  • Transaction ID

Alternatively, send us the respective email as an attachment to an e-mail to spamreport@nospamproxy.de.

General notes

  • Do not stockpile emails.
  • Do not send us any ZIP archives.
  • The false positives and false negatives should always be reported promptly so that further delivery attempts are filtered correctly.
  • Reports should not be older than 7 days.

32Guards

If emails have been incorrectly classified as safe (false negatives) or malicious (false positives), you can report them to our cloud-based NoSpamProxy services via the user interface.

Proceed as follows:

  • Click Report misclassification below the detail dialog.

The reported misclassifications are used to improve detection by 32Guards and by the Core Antispam Engine. The following data is sent to our NoSpamProxy services:

  • Subject
  • Sent date
  • Sender (envelope and header)
  • Captured URLs
  • Size
  • TLS information
  • SHA256 hashes and file names of all attachments
  • Core Antispam Reference ID
  • Type: False positive/false negative
  • Transaction ID

Alternatively, send us the complete message track of the respective email to spamreport@nospamproxy.de.

URL Safeguard

The URL Safeguard is based on 32Guards and ensures that NoSpamProxy searches for harmful URLs in emails and blocks affected emails.

To report misclassified URLs, send us the complete message track of the respective email to spamreport@nospamproxy.de.

Viewing rewritten URLs

  1. Go to Monitoring > Message tracking.
  2. Double-click the respective email or highlight it and click Details.
  3. Switch to the URL Safeguard tab.

All malicious URLs are displayed here. Click Show all URLs to also show the benign URLs.

Realtime blocklists

NoSpamProxy Support has no influence on the rating of the respective services. We encourage you to use the reporting options provided by these services. You can find more information about this on the websites of the respective providers.

Spam URI Realtime Blocklists

NoSpamProxy Support has no influence on the rating of the respective services. We encourage you to use the reporting options provided by these services:

Reputation filter

NoSpamProxy support has no influence on the results of the respective checks, such as SPF failed or Unsecured connection in the reputation filter.

In such cases, we recommend that you inform your communication partner of the problem and/or adjust the corresponding check. We also recommend generally pursuing an allowlisting approach. See Creating an allowlist, The Time for Proper Email Firewalls Has Come (Blog article).