Submitting a False positive or False negative for MSG
This article explains how you can send false spam positives and false spam negatives to Proofpoint for further analysis.
Both administrators and end users can report false positives and false negatives. For end users, the administrator must first enable end user digests. End users can then report false positives and false negatives from the digest. Reporting false negatives requires the use of the Audit folder in the Quarantine.
It also requires setting up a Spam Reporting Group.
False negatives are messages that are considered spam by the end user, but since they were scored below 50 by the MLX engine, they were delivered to the end user. By reporting these messages to the Proofpoint Attack Response Center (PARC), you can help improve spam effectiveness against that specific type of message.
In order to fully examine the reported message, PARC requires the entire original/unaltered message. Since the best way to capture the original message is in the quarantine (before it arrives at your mail server), we use the "Audit Messages" feature to store Not Spam messages in the Audit folder.
There are two steps required to enable the reporting of false negatives:
Enable Auditing in all Spam Policies Enable Audit Messages for users
Enable Auditing in all Spam Policies
This option will quarantine (into the Audit folder) any message (<200K) marked as Not Spam that is also not being quarantined by any other rule.
Click Spam Detection > Policies. Edit the Default policy. Edit the Not Spam rule. Select the Include in Audit folder box. Click Save Changes. Repeat these steps for all other spam policies.
Note: The "Not Spam" messages will not be copied into the Audit folder until the "Audit Message" feature is actually enabled for one or more users (next step).
Enable Audit Messages for users
Navigate to Groups and Users / Users and select the checkbox next to each user who will use this feature.
Click the Groups button. Under "Available Groups" column, click Spam Reporting, then click >> to move it under the "Add" column. Click Save Changes.
Once these steps have been completed, mail marked as "Not Spam" will begin appearing in the Audit folder in the quarantine.
For performance reasons, we do not recommend that you enable Audit Messages for all users. If you do decide to enable it for all users, do so on Groups and Users / Global.
False positives are messages are scored as spam but are considered valid e-mail by the end user. False positives are very rare and are treated with the highest priority by Proofpoint. Digests allow for the reporting of false positives in the default configuration. Users click the Not Spam link next to an individual message and that e-mail is then delivered directly from the Quarantine to the Proofpoint Attack Response Center.
If this link does not appear in your digest, check the following:
Click Digest / Commands / Display Spam False-Positive Link (on). Click Digest / Filters / Modules. Click Spam, Options and then Digest Commands. "Report False Positive Spam" should be on the right-hand side. Digest / Content / Labels. Verify the name assigned to "Report False Positive Spam".
Reporting directly from the Quarantine
An administrator can perform the same reporting function, but directly from the Quarantine:
Navigate to Quarantine / Messages. Search for message by Subject, Sender, Recipient, etc. Select the checkbox next to the message and click Options / Report.
If you do not want your users to be able to report messages directly from their digest, and wish to only have administrators report directly from the quarantine, change the following options:
Digest > Commands. Disable "Report False Positive Spam". Digest > Commands. Disable "Report False Negative Spam". Groups and Users > Groups. Select the checkbox next to Spam Reporting and click Attributes. Set "Include Audit Messages in Digest" to "Default" and save.
These changes will still store both spam and not spam in the quarantine, but the end users will no longer see the Audit section in their digest and they will no longer see the "Not Spam" option in the Quarantine section.
Article no: 000001938
A user has forgotten their password to Secure Reader and there is no direct way to reset it.
For internal users, the password can be reset through the appliance webGUI:
Log in to the appliance webGUI Go to the System-tab Navigate to User Management->Users on the right Search for the users email-address Click the email address to bring up the user details Go to the Authentication-tab Click the Reset-button next to the password The user will get a welcome email with a temporary password and a link to the end user services that is valid for 30 minutes
For external users, the recommendation from Proofpooint is to remove the user and have them re-register:
Log in to the appliance webGUI Go to the System-tab Navigate to User Management->Users on the right Search for the users email-address Check the box to the left of the account that needs to be removed Click the Delete-button on top of the user list The next time the user tries to access the Secure Reader, they will be prompted to create a new account
Removing a user has no impact on how the user can access mails in the future. After the re-registering they will be able to access all their secure mails as before, as long as they are still stored on the appliance. Although the temporary password sent by the welcome-email will work for an external user to access the Secure Reader, the link in the mail to the end user services will not. As this might cause unwanted confusion the better solution is to remove the current user completely.
Article no: 000007798