Rahul Sinha
SophosLabs Analysis Report

What’s new – Jun 10, 2025

Catching spam is not an exact science. Every antispam engine occasionally detects an email falsely as spam (false positive), or a spam message as not spam (false negative). We encourage customer admins and users to submit such misdetections for analysis. Collectively, these submissions improve the efficacy of antispam engine for all customers.

One of the requests from those reporting such messages has been to also provide verdicts for their submissions. With the launch of Sophos Labs Analysis Report, we have catered to the request. Apart from the verdict, the report will also provide in-depth view into submissions made by admins and users, from which a variety of insights can be drawn – ranging from the efficacy of a configuration in Sophos Email to behavior of users who if risky should be trained to prevent security breaches. 

Watch the video at the end of this post to familiarize yourself with this report.

Applies to the following Sophos products
Sophos Email


What’s in the report

As shown in the screenshot below, the Sophos Labs Analysis Report gives verdicts for both types of submissions – the messages reported as threat (false negative detection) and the messages reported as clean (false positive detection). For every submission an entry in the report shows the following details:

  1. The sender, the source IP address, the email server, and subject of the email
  2. The times when the email was received and reported
  3. What was the email originally categorized during scan by Sophos Email, before the submission
  4. The reporter and the recipients of the message
  5. The verdict from SophosLabs
    Note: Sophos Labs will need 3 to 5 business days to provide a verdict after an email is submitted, as the submission must be processed by the new antispam heuristic rules over a period so that it may result in a reclassification of the message submitted.

Apart from these details, there are many other aspects of interest in the report. Please watch the video at the end of this post to find out more.  Note: This report is available for a maximum of last 365 days. However, only the emails submitted after the report was released to your account will be shown in the report.
For more details, please refer the documentation linked here.

Watch the video