This article contains information on how to Report and Dispute URL categorizations in Mimecast, including steps for reporting false positives or negatives, proposing new verdicts, and raising disputes via the Mimecast Support Hub.
Mimecast carefully considers any requested change, as URL categories are applied globally and affect all platform customers.
Reporting URLs
The reporting feature allows you to easily report false positives or negatives directly from the Mimecast Administration Console, eliminating the need for customer-created support tickets and improving time to resolution. The reports are investigated directly by the Messaging Security Team at Mimecast, and the reporting user is contacted via email with the investigation results.
You can report a URL for re-categorization using the Mimecast Administration Console, by using the following steps.
- Log in to the Mimecast Administration Console.
- Navigate to Email Security | URL Protection Logs or Email Security | URL Protection | Logs.
- Search for and select the URL log entry line.
- Select the Check URL tab on the pop-out panel, and click on Scan.
- Click on Report.
- Complete the Propose a new verdict section, selecting whether you believe the URL to be either Safe or Malicious, and optionally provide any additional details to our Messaging Security Team that may assist with the review.
7. Click on Report.
The report will now be submitted, and you will receive feedback from Mimecast when the URL has been investigated.
Currently, Managed URL entries cannot be reported. You may want to raise a case with Mimecast Support, who will forward your request to Messaging Security for further investigation.
What to Expect After Reporting
- An email acknowledging the reported URL.
- An email from an analyst with a categorization once the investigation is complete.
How to Dispute
You can raise a case via the Mimecast Support Hub to challenge a URL categorization assignment.
- You must provide your initial report's investigation ticket reference when raising a URL category dispute. Example: ID: 82b07405-76f9-40a1-8316-d864b00c0505, Case: 27.
- Mimecast carefully considers any requested change, as URL categories are applied globally and affect all platform customers.
To challenge the Messaging Security Teams' URL category decision, follow the steps below:
- First report as SPAM and then,
- Raise a case.
Report Email as SPAM
You can follow these steps to report the email containing the URL as SPAM:
- Log in to the Mimecast Administration Console.
- Navigate to Message Center | Message Tracking.
- Locate the email containing the URL by searching.
- Click on the email.
- Select Report on the top left corner | Select Spam.
False Positive Spam / Phishing (Hold) should be reported as Spam.
Raise a Case
- Log in to Mimecast Community Hub.
- Click on Mimecast Support | Raise a Support Case
- Complete the form as indicated in the table below:
| Option | Selection |
| Product Area | Email Security - MX |
| Case Reason | Security & Efficacy (MSOC Escalation) |
| Support Topic |
Choose the most appropriate option from the following selection:
|
| Case Type | Question |
| Subject |
Enter the Subject details in the following format: [CUSTOMER ACCOUNT CODE] - URL Dispute - ORIGINAL REPORT REFERENCE NO. e.g., CUSA012345 - URL Dispute - ID: 82b07405-76f9-40a1-8316-d864b00c0505, Case: 27 |
| Description | Explain why you feel the currently assigned category is incorrect. |
- Click on SUBMIT.
Additional Options for Managing URL Detections
If you're experiencing recurring false positive URL detections, you can also:
- Create URL Protection Bypass Policies for Trusted Senders.
- Add commonly used trusted sites to Managed URLs as Permitted.
- Enable TTP Device Enrollment, for more accurate click tracking.
- Temporarily allowlist a URL as a short-term solution, while investigating the classification.
Comments
Please sign in to leave a comment.