Skip to main content
My preferencesSign out
Proofpoint, Inc.

How to Report False Positive and False Negative messages

Situation You are receiving clean email being marked as spam or spam email being marked as clean and want to report it to support.
Solution Report emails to Proofpoint Support so that spam definitions can be updated. See below to learn more about False Positives, False Negatives and how to report them.


Ticket Creation

We recommend providing the details directly in our ticketing system.  Please follow the below processes when submitting a support ticket: 

Creating a ticket
Updating a ticket

False Positive (FP)

This is a message that is not spam, but is incorrectly being blocked as spam. 

False Positive messages are quarantined. The Support Team will need a copy of the original message in order to request an adjustment to our anti-spam service. 

False Negative (FN)  

This is a message that is spam, but is incorrectly seen as a regular email. 

Incoming False negatives are messages that come through our system that passed our anti-spam filtering. This is an annoyance to end-users and should be reported to ensure that the message(s) are not seen again.

Reporting the message

An email message being reported needs to be the original message containing the original data that is either being sent or was received. The recommended best practice is to report it using the process below. If you forward a message into the Proofpoint system, it can potentially be stopped and not delivered. 

How to report messages

As the admin, please follow the below instructions:

  1. Click Log Search.
  2. Search for the message.
  3. Under Actions, click Detail (FN/View (FP)).
  4. Copy the permalink at the top.

    You will need to provide this to support when you report this message.

  5. Click Report as false negative OR false positive.
  6. Fill out the information on the next page.
  7. Check the box, allowing Proofpoint Essentials access to the message.
  8. Click Report.
  9. If you have multiple, please repeat the above.

Do not use "Classify as..."

In the drop down, in step 5 we indicate to use the 'Report as...'. This allows Proofpoint Essentials support to retrieve the message. If you use the 'Classify as' option, it will not allow us to retrieve the message.

Reporting Through Ticket

  1. Create or update a case through the ticketing system.
  2. From the previous process, provide the permalink(s) to message(s) being reported.
  3. Create/Upload the message(s) if being asked for this.

Update time

Our team that reviews the spam definitions processes these as they come in. It does take time to review all of these. Some are automated, some are manual. With the automation side, it can be a quick small update, or it could be a machine learning process where it has to go through several iterations of training. This process time can take a couple of days in some cases before an update is available. 

However, once a definition is ready, typically the servers all updates within an hour after they push the update.