Help! False Positives
Help! Spam Leakage
URGENT False Postives
Do not use this procedure for ordinary false positive reports. Use the ORDINARY False Positives procedure below. Only use this procedure for critical & urgent false positive cases. These are extremely rare, none the less we have built a solution into SNF so that you can get relief in these cases immediately and on your own!
If you have an urgent false positive issue such as a pattern rule that is capturing a large portion of your legitimate mail you can GAIN IMMEDIATE RELIEF:
- Identify the specific rule ID that is causing the problem. You should be able to find it in your SNF log file or in the X- headers of the FP messages depending upon how you have configured your system.
- Create a rule-panic entry in your configuration file for the offending rule ID. This will render the rule inert immediately without disrupting other spam filtering.
- Send a simple text email to email@example.com indicating that you have a critical false positive. DO NOT include an FP example. DO include the rule ID that is causing the problem.
- VERY IMPORTANT: After you have taken the above steps, follow the false positive handling process described below to resolve the false positive case correctly and completely.
ORDINARY False Positives
SEND ONLY FALSE POSITIVE REPORTS TO THE FALSE@ARMRESEARCH.COM ADDRESS!
- Please forward only one message at a time to the firstname.lastname@example.org address. Each message is processed by our tagging system separately. When messages are sent in large batches we must first manually split them up which takes a great deal of time.
- Please include your license ID in your message and send the messages from your registered email address. Email from non-registered email addresses and email having no license ID may be ignored. WE WILL BE RESPONDING TO YOUR MESSAGE!
- Please send false positive reports immediately as they occur if this is possible. It is common for a single adjustment to count for a great number of messages over time. By adjusting quickly we can eliminate many of the false positives for everyone and significantly reduce the work for everyone involved.
OFFICIAL POLICY IS TO IGNORE FALSE POSITIVE SUBMISSIONS FROM SYSTEMS WE CANNOT IDENTIFY IN ORDER TO PREVENT ABUSE. OUR AUTOMATED SYSTEMS MAY EVEN REJECT (SILENTLY) UNKNOWN SUBMISSIONS TO OUR SYSTEM FOR SECURITY REASONS
Step by Step Instructions for Sending a False Positive:
- Start a new message from your registered email address. Please include your license ID in subject line.
- Add any notes you'd like us to see about the problem.
- If possible, paste in the sniffer log entries from your system that match the message in question. This is particularly important if there are ERROR messages.
- Attach the message that was captured incorrectly.
- Send the message only to our email@example.com address.
- Our system will scan the message for any rules that can be matched.
- We will respond to you with an explanation and possibly recommendations for changes to your rulebase.
- You can respond back to authorize changes to your rule base based on our recommendations or based on your own insight.
- We will complete the changes and respond that we have done so.