How to report a false positive and/or false negative message scanned by Outbreak Protection
Time is of the essence with Outbreak Protection. Old messages are not able to be analyzed because spam characteristics are dynamically changed over a short period of time due to the nature of spam distribution methods. It is therefore highly important that you send reports about classification mistakes as soon as possible. As a rule of thumb, avoid reports that are more than one week old.
Send these messages along to us (forward as attachment) to the following addresses, depending on which error it is:
firstname.lastname@example.org - messages that should have been marked as Spam by Outbreak Protection and weren't
email@example.com - messages that shouldn't have been marked as Spam by Outbreak Protection and were
How does one tell if Outbreak Protection scored a message as spam or not? Look at the full message headers.
This will appear if OP marked it as spam in the X-MDOP-Ref header:
This will appear if OP didn't mark it as spam in the X-MDOP-Ref header:
Scores of 3 and 4 should be submitted as false positives if they are not spam.
Scores of 1 and 2 should be submitted as false negatives if they are spam.
Do not submit 3 or 4 scored-messages as false negatives, and do not submit scores of 1 or 2 as false positives.
If a message is improperly classified as a virus by Outbreak Protection, you can send it to firstname.lastname@example.org or email@example.com, whichever is appropriate.
If you are sending a report of a virus false negative the original email must be archived in a password protected ZIP File with a password of 'infected'. If you are just sending a report of a false positive you can either send the entire message or just the X-MDOP-RefID header, similar to the spam false positive procedure.