Skip Navigation
Expand
Reporting spam or malware in incidents created by email
Answer ID 11721   |   Last Review Date 05/11/2023

How do I submit a report for spam, malware, or phishing?

Environment:

Email, malware, phishing, virus, spam

Solution:

An incident created by email that you suspect has mal-intent can be forwarded directly from your .NET or BUI console to our spam provider to assist in efficacy and scoring. Submitting spam is often a better option than adding individual email addresses to the blocklist as spam is often a single email sent from a unique address.

First, the original plain text email must be attached to the incident.  If EGW_SAVE_ORIG_MESSAGE is enabled there should be an attachment called raw_message.mht.  If the attachment is not present please work with your administrator to enable EGW_SAVE_ORIG_MESSAGE. Note that an email is added as an attachment only for the first email that creates the incident.  Unfortunately this process will not work for response emails.

Next forward the incident from the console to the following address with the raw_message.mht attachment.

  • For spam reports: Add [SUSPECTED SPAM] to the subject, mail to spam@access.ironport.com
  • For phishing reports or to report links:  Add [SUSPECTED SPAM] to the subject, phish@access.ironport.com
  • For malware or virus reports: Add [WARNING: VIRUS DETECTED] to the subject, virus@access.ironport.com
  • For spam false positive reports: Add [SUSPECTED HAM] to the subject, mail to ham@access.ironport.com
  1. Click Forward in the ribbon.
  2. Click the paper clip icon and select the raw_message.mht file.
  3. Enter an email address from above and modify the subject line as suggested.
  4. Click Send.

Unfortunately our provider does not provide a confirmation email or notice of receipt for email submissions.  Also we cannot confirm when a submission will be processed or provide the results of the submission.