This article contains information on how to Report and Dispute URL categorizations in Mimecast, including steps for reporting false positives or negatives, proposing new verdicts, and raising disputes via the Support Hub.
Mimecast carefully considers any requested change, as URL categories are applied globally and affect all platform customers.
Reporting URLs
The reporting feature allows administrators to easily report false positives or negatives directly from the Administration Console, eliminating the need for customer-created support tickets and improving time to resolution. The reports are investigated directly by the Messaging Security Team at Mimecast, and the reporting user is contacted via email with the investigation results.
To report a URL for re-categorization using the Administration Console, perform the following steps.
- Log in to the Mimecast Administration Console.
- Navigate to Email Security | URL Protection Logs or Email Security | URL Protection | Logs.
- Search for and select the URL log entry line.
- Select the Check URL tab on the pop-out panel, and click Scan
- Click Report.
- Complete the Propose a new verdict section, selecting whether you believe the URL to be either Safe or Malicious, and optionally provide any additional details to our Messaging Security Team that may assist with the review.
7. Click Report - The report will now be submitted, and you will receive feedback from Mimecast when the URL has been investigated.
What to Expect After Reporting
- An email acknowledging the reported URL.
- An email from an analyst with a categorization once the investigation is complete.
How to Dispute
You can raise a case via the Support Hub to challenge a URL categorization assignment.
- You must provide your initial report's investigation ticket reference when raising a URL category dispute. Example: ID: 82b07405-76f9-40a1-8316-d864b00c0505, Case: 27.
- Mimecast carefully considers any requested change, as URL categories are applied globally and affect all platform customers.
To challenge the Messaging Security Teams' URL category decision, follow the steps below:
- First report as SPAM and then,
- Raise a case.
Report Email as SPAM
You can follow these steps to report the email containing the URL as SPAM:
- Login to the Administration Console.
- Navigate to Message Center | Message Tracking.
- Locate the email containing the URL by searching.
- Click on the email.
- Select Report on the top left corner | Select Spam.
Only false negatives need to be reported.
Raise a Case
- Log in to Mimecaster Central.
- Click on Support | Customer Care.
- Click on the Raise a Case button.
- Complete the form as indicated in the below options table.
| Option | Selection |
| Product Area | Email Security Cloud Gateway |
| Case Reason | Security & Efficacy (MSOC Escalation) |
| Support Topic |
Choose the most appropriate option from the following selection:
|
| Case Type | Question |
| Subject |
Enter the Subject details in the following format: [CUSTOMER ACCOUNT CODE] - URL Dispute - ORIGINAL REPORT REFERENCE NO. e.g., CUSA012345 - URL Dispute - ID: 82b07405-76f9-40a1-8316-d864b00c0505, Case: 27 |
| Description | Explain why you feel the currently assigned category is incorrect. |
- Click SUBMIT.
Additional Options for Managing URL Detections
If you're experiencing recurring false positive URL detections, you can also:
- Create URL Protection Bypass Policies for Trusted Senders.
- Add commonly used trusted sites to Managed URLs as Permitted.
- Enable TTP Device Enrollment, for more accurate click tracking.
- Temporarily allowlist a URL as a short-term solution, while investigating the classification.
Comments
Please sign in to leave a comment.