When sending email samples to SophosLabs, either spam that is not being detected or legitimate email that is incorrectly detected as spam, send the original email as an RFC-2822 attachment. For example, the original email attached to a new email to allow SophosLabs to fully analyze the sample. If the original email was just forwarded to SophosLabs then content required for analysis will be lost.
Note: This knowledge base article does not cover Sophos UTM product. For UTM submissions, refer to Sophos UTM: How to report false positive or false negative viruses and spam emails
The following sections are covered:
Applies to the following Sophos product(s) and version(s) Sophos Email AppliancePureMessage for Microsoft ExchangePureMessage for UnixSophos Anti-Spam InterfaceSophos Central Email
RFC stands for Request for Comment and is a publication of the Internet Engineering Task Force (IETF) and the Internet Society which are the official standards-setting bodies for the Internet. 2822 is the ID number for the RFC on Internet Message Format which documents the standards on how electronic messages are to be formatted; hence, if you say the email sample is compliant with RFC-2822 then we know that all of the original information has been sent to us and we are able to carry out a full analysis.
Sophos has provided steps for Outlook, Thunderbird, Mac Mail, and advice for Lotus Notes.
Note: If Gsuite blocks the outbound email as spam, open the mail in a new window/tab (being very careful not to click on any of the content) and select Download Message from the More menu in the top right. The downloaded .eml file can then be put into a password protected zip file and submitted as an attachment to the above addresses. Please enclose the password if submitting via this method.
Sophos cannot recommend a default method for attaching RFC-2822 messages in Lotus Notes but the following options are available:
In Lotus Notes v8.5.2 there is an option to save emails as .eml files. With the sample email message open, click File > Save As and select the .eml file extension. Attach the saved message and to a new message and send that to the correct address:
If you strongly believe that an item should be detected, open a ticket with our Technical Support team and attach the entire message source (text).
Sign up to the Sophos Support SMS Notification Service to get the latest product release information and critical issues.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.