Submitting a spam false positive for investigation when unable to use the Anti-Spam submission portal.
553 - Message Filtered
Track and Trace shows an email Action as Quarantined or Blocked or Redirected or Subject Tagged with the Service listed as "Anti-spam"
Solution. A false positive spam email is a legitimate email incorrectly given a verdict of spam. This email can be submitted to Symantec for analysis and filter review.
Indicators of a False Positive Spam Email
Sender of the email received a bounce back stating "553-Message filtered".
Track and Trace search result in the Symantec.cloud Portal displays "Anti-Spam" under the "Service" column and "Brightmail" or "spam detected heuristically" under the "Reason" column.
Format for sample submission if unable to use the submission portal:
As an "message/rfc822" email attachment
Emailed to CLOUDfeedback@feedback-87.brightmail.com
Only one email attachment per submission is preferred. However, multiple sample emails may be attached to one submission email provided the overall size does not exceed the hard limit of 2MB per submission, including attachments and email headers.
Do not provide a ".zip" file, only provide ".eml" or ".msg" file
Details of the false positive spam sample submission
"Sending" email address of submission
Subject of the email
Alternative submission process for large samples
If the total size of email submission exceeds 2 MB, email or upload the sample in a password-protected zip file to the applicable support case. Include the password to the zip file in a case note or separate email.
Frequently Asked Questions
What happens to false positive submissions?
Only the samples that meet the listed requirements are accepted for analysis. Samples that have a spam verdict are processed within 24 hours. Each false positive submission is examined individually to assess what caused the sample to be detected as spam and what corrective action to be taken, if needed. Note that Symantec does not guarantee that each submission results in an alteration of our filters.
Will I get feedback on false positive submissions?
Symantec does not acknowledge the samples that are submitted to the previously listed address or provide the results of the investigation automatically. Please ensure that you follow the procedure that is outlined previously to submit in a correct format. If after 24 hours it fails to resolve the matter, or if you require feedback regarding your submission, please contact Symantec support with details outlined in this article.
How can I verify if the email still triggers a spam verdict?
The original sender of the email should attempt to resend the email. While we strive to action submissions as quickly as possible, it may take up to 24 hours before detection is amended. After 24 hours from submission to the feedback address, if the email is still categorized as spam when resent or checked in the Spam Analysis Tool, then it is likely that amendment to the detection is not possible in this case.
Who needs to submit the sample?
Who submits depends on the action being applied to the false positive email based on your settings in the client portal.
Action: Append a header but allow the email through OR Tag the subject line but allow the email through
The recipient submits the sample.
Action: Quarantine the email
The recipient submits the sample.
Action: Append a header and redirect the email to a bulk mail address
The administrator of the bulk mail address submits the sample.
Action: Block and Delete
The original sender submits the sample.
The administrator can try adding the sender to the "Approved Senders" list in the client portal and have them resend the message. This addition may allow the recipient to receive and submit the sample. If the email is still blocked, the original sender needs to submit the sample.
Subscribing will provide email updates when this Article is updated. Login is required.