Skip Navigation

Reporting Spam and Suspicious Email

Reporting False Positives and Missed SPAM

It is possible that the anti-spam software will mark a legitimate email message as spam.  This is considered a “false positive”.  Users that have a "opt-in with digest" spam quarantine setting should review their daily spam digest to see if a false positive has been captured.  You can report a false positive message to our anti-spam vendor so that future messages, with similar characteristics as the false positive message, will not be identified as spam.  In order to report false positives to the vendor (IronPort), you must send a copy of your false positive email, as an attachment, to:

It is also possible that some spam email will not be detected by the anti-spam software. Some spam senders design messages in a manner that makes them less susceptible to anti-spam software.  Missed spam can be reported to Ironport by sending a copy of the missed spam email, as an attachment, to:

Reporting Phishing and Other Suspicious Email

It is common for email attackers/hackers to send messages, masquerading as a trustworthy entity, attempting to acquire information such as usernames, passwords, credit card details, and other personal information.  These type of messages are known as "Phishing" and should not be responded to in any way.  If you receive a phishing email, or any email you're unsure is legitimate, please send a copy of that email, as an attachment, to: or

Phishing emails are not always obvious to the end user and often contain URL links that have been masqueraded as a trusted source.  Our e-mail security systems provide a feature that can help the end user make more informed decisions about clicking URL links contained in potentially unsafe emails.  Emails that have been identified as suspicous, by our e-mail security devices, are prepended with a message subject containing "[SUSPICIOUS MESSAGE]".  The message body will contain a URL that has been rewritten to redirect the end user away from the potentially unsafe site, but instead to a Cisco site for analysis.  Once the analysis has been completed, the end user will have the opportunity to preview the potentially unsafe website before actually visiting it.  Please see screen shot below of Cisco analysis site:

After previewing the site, the end  user will have the option to trust or not trust the site.  At this point, it will be up to the end user to determine whether or not the site is where the end user intends to go. 

PLEASE NOTE:  If the suspicious message does NOT contain a prepended subject with "[SUSPICIOUS MESSAGE]", it means our security devices were unable to confirm the suspicion.  However, the message may still be a potential threat.  As mentioned previously, please send a copy of all suspicious emails, as an attachment, to or