Spam / Phishing - Reporting Spam Malware and Phishing

Updated

This article contains information about submitting examples of spam, malware, phishing, and false positives to Mimecast for analysis, as well as FAQs and details on configurations like MTA-STS, TLS reporting, and management during customer mergers.

Mimecast encourages our customers to submit potential spam, malware, and phishing examples for review. Using these submissions, Mimecast's filtering system can learn from the analysis of these messages. This improves the level of virus and spam detection.

  • MEIR customers will get a response if the reported email is classified as malicious by the Mimecast Security team.
  • Specific issues or queries that require a response should be created using the Support Hub, for more information see the Raising a Case page.

Reporting Spam, Malware, and Phishing

Spam, malware, phishing, and false positives should be reported via the Mimecast Administration Console. This ensures the original email can be analyzed, with its full Internet message headers intact.

You can submit examples of spam, malware, phishing, and false positives to Mimecast, by using the following steps:

  1. Log in to the Mimecast Administration Console.
  2. Click on the Message Center menu item for the queue containing the email.
  3. Select Message Tracking.
  4. Search for the email by populating the fields and clicking the Search button.

  5. On the far right of the email, click on the three-dot menu selector Menu.JPG .
    The Message can be clicked to display the message details, where the the Report button can be clicked for the Reporting options:

  6. Click on one of the following menu items:
  • Report as Spam: The example is sent to the Mimecast spam mailbox for further analysis.
  • Report as Malware: The example is sent to the Mimecast virus mailbox, but a support case must also be raised.
  • Report as Phishing: The example is sent to the Mimecast phishing mailbox for further analysis.
  • Emails with a Bounced, Deferred, Pending Delivery, or Rejected status cannot be reported as spam, malware, or phishing.
  • When a message is reported as spam, malware, or phishing, a Blocked Sender entry is automatically created for the recipient in Managed Senders. To remove this entry, navigate to Email Delivery | Managed Senders in the Mimecast Administration Console.

A blocked senders policy can be used to block the sender should it be required. See the Configuring Blocked Sender Policies page for full details...

Submitting Spam Examples

The best way to manually submit a spam example is to report it, via the Mimecast Administration Console.

See Misreported Spam Messages, if you have incorrectly reported messages to Mimecast as spam.

Submitting Malware Examples

Files suspected to contain a malicious payload, or have wrongly been identified as malware can be submitted to Mimecast for analysis. All virus submissions must be compressed (or zipped) into an archive file, and password protected.

This should be sent to Virusreports@mimecast.org (and not attached to your support case).

The Messaging Security team will conduct an analysis of submitted examples in a sandbox environment, to determine whether any malicious payload is present.

Submitting Phishing Examples

The best way to manually submit a phishing example is to report it, via the Mimecast Administration Console.

Submitting False Positive Examples

A false positive email message is a legitimate message that has been incorrectly identified as spam.

Reporting a false positive message is done the same way as for a spam message, by reporting it via the Mimecast Administration Console. You will need to select the spam option, when reporting it.
The Messaging Security team will analyze submitted examples, to determine whether messages are legitimate.

  • A false positive message reported as Spam via the Mimecast Administration Console will create a Blocked Sender entry for the recipient under Managed Senders
    To ensure uninterrupted communication, remove the entry by navigating to Email and Delivery | Managed Senders. In the Managed Senders section, locate the Blocked Sender entry and delete it to restore normal message flow.
    Removing the Blocked Sender entry promptly helps maintain seamless communication with trusted contacts.
  • Administrators can trace reports from the Mimecast Administration Console, under Audit Logs. See Filtering Audit Logs for more information.

Filtering Process

On a daily basis, messages that are clearly not malware are filtered out of the mailbox. This includes emails such as newsletters and other mail that has been subscribed to. The next step is to filter through the examples to detect global trends across all customers. From experience, Mimecast analysts are easily able to identify the types of spam, malware, and phishing, and whether these are company specific or related to a global issue.

Regular reports are also run to monitor the number of examples submitted to the mailbox, and the customer accounts they are coming from. If higher volumes are coming from a particular customer, a security review is conducted on the customer's Mimecast account. If necessary, the Security Services team will contact the administrator to discuss certain recommendations that will help to reduce malware.

Mimecast will not respond to each example that has been submitted and does not provide customers with reports on their malware activity. This is because many examples submitted are not actually malware or the same example is submitted by different users. This would distort the results of a report based on the number of submissions. However, reports can be generated from your Mimecast account for all emails being sent from your end users to the mailbox email address.

Related to

Was this article helpful?
1 out of 8 found this helpful

Comments

4 comments
Date Votes

Please sign in to leave a comment.