Important: If you wish to submit samples from a Sophos UTM, refer to article 115670
Note: This article explains how to submit spam email samples to SophosLabs. For details on submitting malicious file samples see article 11490 or for website address (URL) reassessments see article 119440.
When sending email samples to SophosLabs - either spam that is not being detected or legitimate email that is incorrectly detected as spam - you should send the original email as an RFC-2822 attachment (i.e., the original email attached to a new email) to allow SophosLabs to fully analyze the sample.
Important: If you just forward the original email to SophosLabs content required for analysis will be lost.
This article explains how to submit your spam/not spam sample in the correct way.
RFC stands for 'Request for Comment' and is a publication of the Internet Engineering Task Force (IETF) and the Internet Society (official standards-setting bodies for the Internet). 2822 is the ID number for the RFC on Internet Message Format which documents the standards for how electronic messages are to be formatted.
Hence if you say the email sample is compliant with RFC-2882 then we know that all of the original information has been sent to us and we are able to carry out a full analysis.
Applies to the following Sophos product(s) and version(s)
Not product specific
We have provided steps for Outlook, Thunderbird, Mac Mail, and advice for Lotus Notes.
We cannot recommend a default method for attaching RFC-2822 messages in Lotus Notes but the following options are available.
In Lotus Notes v8.5.2 there is an option to save emails as .eml files. With the sample email message open, click File | Save As and select the .eml file extension. You can then attach the saved message and to a new message and send that to the correct address:
Version 8.5.1 (or lower):
With other email client use the option 'Forward As Attachment' when possible.
If you strongly believe that an item should be detected, open a ticket with our Technical Support team and attach the entire message source (text).
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.