When sending email samples to SophosLabs, either spam that is not being detected or legitimate email that is incorrectly detected as spam, send the original email as an RFC-2822 attachment. For example, the original email attached to a new email to allow SophosLabs to fully analyze the sample. If the original email was just forwarded to SophosLabs then content required for analysis will be lost.
Note: This article does not cover Sophos UTM product. For UTM submissions, refer to Sophos UTM: How to report false positive or false negative viruses and spam emails
The following sections are covered:
Applies to the following Sophos product(s) and version(s) Sophos Email AppliancePureMessage for Microsoft ExchangePureMessage for UnixSophos Anti-Spam Interface
RFC stands for Request for Comment and is a publication of the Internet Engineering Task Force (IETF) and the Internet Society which are the official standards-setting bodies for the Internet. 2822 is the ID number for the RFC on Internet Message Format which documents the standards on how electronic messages are to be formatted; hence, if you say the email sample is compliant with RFC-2822 then we know that all of the original information has been sent to us and we are able to carry out a full analysis.
Sophos has provided steps for Outlook, Thunderbird, Mac Mail, and advice for Lotus Notes.
Sophos cannot recommend a default method for attaching RFC-2822 messages in Lotus Notes but the following options are available:
In Lotus Notes v8.5.2 there is an option to save emails as .eml files. With the sample email message open, click File > Save As and select the .eml file extension. Attach the saved message and to a new message and send that to the correct address:
If you strongly believe that an item should be detected, open a ticket with our Technical Support team and attach the entire message source (text).
If you've spotted an error or would like to provide feedback on this article, please use the section below to rate and comment on the article. This is invaluable to us to ensure that we continually strive to give our customers the best information possible.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.