Skip to main content
My preferencesSign out
Proofpoint, Inc.

How to Report False Positive and False Negative messages

Situation You are receiving clean email being marked as spam or spam email being marked as clean and want to report it to support.
Solution Report emails to Proofpoint Support so that spam definitions can be updated. See below to learn more about False Positives, False Negatives and how to report them.

Process Update - July 25th, 2022

Creating a support ticket

Customers and partners no longer need to log a support ticket when reporting a false positive or false negative message. Submissions are now processed more efficiently to our threat team for review

False Positive (FP)

This is a message that is not spam, but is incorrectly being quarantined as spam. 

False Negative (FN)  

This is a message that is spam, but is incorrectly seen as a regular email. 

Incoming False negatives are messages that come through our system that passed our anti-spam filtering. This is an annoyance to end-users and should be reported to ensure that the message(s) are not seen again.

Reporting the message - Admin or higher Level

An email message being reported needs to be the original message containing the original data that is either being sent or was received. The recommended best practice is to report it using the process below. If you forward a message into the Proofpoint system, it can potentially be stopped and not delivered. 

How to report messages

As the admin, please follow the below instructions:

  1. Click Log Search.
  2. Search for the message.
  3. Expand the Actions dropdown. 

    Screenshot 2023-03-15 at 15.12.23.png
  4. Click either Report as false positive OR Report as false negative.

    Screenshot 2023-03-15 at 15.07.33.png
  5. Click Apply.
  6. Fill out any additional comments.
  7. Check the box, allowing Proofpoint Essentials access to the message.
  8. Click Report.
  9. If you have multiple, please repeat the above.

Reporting the message - End User

End users cannot Report as False Positive / Negative from the Digest View link. End Users may, from the Log Search results, click on the Details icon (far right of a message) to access the Details (Permalink) information on that message. A button is available at the bottom of this Details page to report as False Positive / Negative.

There is currently no option for End Users to bulk report multiple messages at once from the Log Results.  An Administrator level role is needed for bulk reporting.

Update time

False Positive and False Negative reports are reviewed individually by our threat analysts as they are reported through the UI. 
This is done with a mixture of automation and manual review. Once an email is condemned, it can take up to 1 hour before the spam engines are updated.