Skip to main content
My preferencesSign out
Proofpoint, Inc.

How to Report False Positive and False Negative messages

Situation You are receiving clean email being marked as spam or spam email being marked as clean and want to report it to support.
Solution Report emails to Proofpoint Support so that spam definitions can be updated. See below to learn more about False Positives, False Negatives and how to report them.

 

Process Update - July 25th, 2022

Creating a support ticket

Customers and partners no longer need to log a support ticket when reporting a false positive or false negative message. Submissions are now processed more efficiently to our threat team for review

False Positive (FP)

This is a message that is not spam, but is incorrectly being quarantined as spam. 

False Negative (FN)  

This is a message that is spam, but is incorrectly seen as a regular email. 

Incoming False negatives are messages that come through our system that passed our anti-spam filtering. This is an annoyance to end-users and should be reported to ensure that the message(s) are not seen again.

Reporting the message

An email message being reported needs to be the original message containing the original data that is either being sent or was received. The recommended best practice is to report it using the process below. If you forward a message into the Proofpoint system, it can potentially be stopped and not delivered. 

How to report messages

As the admin, please follow the below instructions:

  1. Click Log Search.
  2. Search for the message.
  3. Expand the Actions dropdown. 

    clipboard_e925e093f2eff43a3adbd87c0b6268b98.png
  4. Click either Report as false positive OR Report as false negative.

    clipboard_ed7f79b268f77f30ecf040361f9b8f565.png
     

    Do not use any of the "Classify as..." actions as this will prevent Proofpoint support from retrieving a copy of the message.  

  5. Click Apply.
  6. Fill out any additional comments.
  7. Check the box, allowing Proofpoint Essentials access to the message.
  8. Click Report.
  9. If you have multiple, please repeat the above.

Update time

False Positive and False Negative reports are reviewed individually by our threat analysts as they are reported through the UI. 
This is done with a mixture of automation and manual review. Once an email is condemned, it can take up to 1 hour before the spam engines are updated.